| 1 | <?php |
| 2 | function reset_password() { |
| 3 | global $db,$error; |
| 4 | $login = db_escape_string($_POST['login']); |
| 5 | $login_type = db_escape_string($_POST['login_type']); |
| 6 | $vercode = db_escape_string($_POST['vercode']); |
| 7 | $password1 = db_escape_string($_POST['new_password1']); |
| 8 | $password2 = db_escape_string($_POST['new_password2']); |
| 9 | |
| 10 | if ($login == '') { |
| 11 | $error="Please enter name or id"; |
| 12 | return false; |
| 13 | } |
| 14 | |
| 15 | if ($password1 == '' || $password2 == '') { |
| 16 | $error="Please enter password"; |
| 17 | return false; |
| 18 | } |
| 19 | |
| 20 | if ($password1 != $password2) { |
| 21 | $error = "The two passwords that you entered do not match."; |
| 22 | return false; |
| 23 | } |
| 24 | |
| 25 | switch ($login_type) { |
| 26 | case "name": |
| 27 | $set=$db->query("select * from users where login='$login'"); |
| 28 | $set->next(); |
| 29 | $user_name=$set->getString('login'); |
| 30 | $user_id=$set->getString('user_id'); |
| 31 | $hash=$set->getString('hash'); |
| 32 | break; |
| 33 | case "id": |
| 34 | $set=$db->query("select * from users where user_id='$login'"); |
| 35 | $set->next(); |
| 36 | $user_name=$set->getString('login'); |
| 37 | $user_id=$set->getString('user_id'); |
| 38 | $hash=$set->getString('hash'); |
| 39 | break; |
| 40 | } |
| 41 | |
| 42 | if ($hash != $vercode) { |
| 43 | $error="Bad verification code!"; |
| 44 | return false; |
| 45 | } |
| 46 | |
| 47 | // XXX fix |
| 48 | $password = md5($password1); |
| 49 | $q="update users set password='$password' where user_id='$user_id'"; |
| 50 | $db->query($q); |
| 51 | |
| 52 | // require(INCLUDE_DIR.'ldap.inc'); |
| 53 | // LDAPuser::change_pass_forced($user_id,$password1); |
| 54 | |
| 55 | $error="Password changed. Now you can login with your new password."; |
| 56 | return false; |
| 57 | } |
| 58 | ?> |