51ff3226 |
1 | <?php |
2 | function reset_password() { |
3 | global $db,$error; |
0f3e30ba |
4 | $login = mysql_real_escape_string($_POST['login']); |
5 | $login_type = mysql_real_escape_string($_POST['login_type']); |
6 | $vercode = mysql_real_escape_string($_POST['vercode']); |
7 | $password1 = mysql_real_escape_string($_POST['new_password1']); |
8 | $password2 = mysql_real_escape_string($_POST['new_password2']); |
51ff3226 |
9 | |
10 | if ($login == '') { |
11 | $error="Please enter name or id"; |
12 | return false; |
13 | } |
14 | |
15 | if ($password1 == '' || $password2 == '') { |
16 | $error="Please enter password"; |
17 | return false; |
18 | } |
19 | |
20 | if ($password1 != $password2) { |
21 | $error = "The two passwords that you entered do not match."; |
22 | return false; |
23 | } |
24 | |
25 | switch ($login_type) { |
26 | case "name": |
27 | $set=$db->query("select * from users where login='$login'"); |
28 | $set->next(); |
29 | $user_name=$set->getString('login'); |
30 | $user_id=$set->getString('user_id'); |
31 | $hash=$set->getString('hash'); |
32 | break; |
33 | case "id": |
34 | $set=$db->query("select * from users where user_id='$login'"); |
35 | $set->next(); |
36 | $user_name=$set->getString('login'); |
37 | $user_id=$set->getString('user_id'); |
38 | $hash=$set->getString('hash'); |
39 | break; |
40 | } |
41 | |
42 | if ($hash != $vercode) { |
43 | $error="Bad verification code!"; |
44 | return false; |
45 | } |
46 | |
0f3e30ba |
47 | // XXX fix |
51ff3226 |
48 | $password = md5($password1); |
49 | $q="update users set password='$password' where user_id='$user_id'"; |
50 | $db->query($q); |
51 | |
0f3e30ba |
52 | // require(INCLUDE_DIR.'ldap.inc'); |
53 | // LDAPuser::change_pass_forced($user_id,$password1); |
51ff3226 |
54 | |
55 | $error="Password changed. Now you can login with your new password."; |
56 | return false; |
57 | } |
e909f81b |
58 | ?> |