forked from web-cyradm/web-cyradm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchangeadminpasswd.php
112 lines (105 loc) · 2.47 KB
/
changeadminpasswd.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
<?php
if (!defined('WC_BASE')) define('WC_BASE', dirname(__FILE__));
$ref=WC_BASE."/index.php";
if ($ref!=$_SERVER['SCRIPT_FILENAME']){
header("Location: index.php");
exit();
}
?>
<!-- #################### Start main #################### -->
<tr>
<td width="10"> </td>
<td valign="top">
<?php
if (!isset($_POST['confirmed'])){
?>
<h3>
<?php print _("Change password for account");?>
<span style="color: red;">
<?php print $_SESSION['user'];?>
</span>
</h3>
<form action="index.php" method="post">
<input type="hidden" name="action" value="changeadminpasswd">
<input type="hidden" name="confirmed" value="true">
<table>
<tr>
<td>
<?php print _("Old Password");?>
</td>
<td>
<input
class="inputfield"
type="password"
name="old_password"
onfocus="this.style.backgroundColor='#aaaaaa'"
>
</td>
</tr>
<tr>
<td>
<?php print _("New Password");?>
</td>
<td>
<input
class="inputfield"
type="password"
name="new_password"
onfocus="this.style.backgroundColor='#aaaaaa'"
>
</td>
</tr>
<tr>
<td>
<?php
print _("Confirm Password");
?>
</td>
<td>
<input
class="inputfield"
type="password"
name="confirm_password"
onfocus="this.style.backgroundColor='#aaaaaa'"
>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input
class="inputfield"
type="submit"
value="<?php print _("Submit"); ?>"
>
</td>
</tr>
</table>
</form>
</td>
</tr>
<?php
}
else { // if (!isset($_POST['confirmed']))
if ($authorized){
$pwd = new password;
$old_password = $pwd->encrypt($_POST['old_password'], $CRYPT);
$new_password = $pwd->encrypt($_POST['new_password'], $CRYPT);
# If the new_password field is not empty and the password matches, update the password
$query = "UPDATE adminuser SET password='".$new_password."' WHERE username='".$_SESSION['user']."' AND password='".$old_password."'";
$result =& $handle->query($query);
if (DB::isError($result) || $handle->affectedRows()==0) {
print _("Database error");
echo ". ";
print _("Password not changed");
} else {
print _("Password successfully changed");
}
}
else {
print "<h3>".$err_msg."</h3>";
}
echo "</td></tr>\n";
include WC_BASE . "/settings.php";
}
?>
<!-- #################### End main #################### -->