<?php
/* This program is free software. It comes without any warranty, to
 * the extent permitted by applicable law. You can redistribute it
 * and/or modify it under the terms of the Do What The Fuck You Want
 * To Public License, Version 2, as published by Sam Hocevar. See
 * http://sam.zoy.org/wtfpl/COPYING for more details. */


function set_password() {
	global $db,$error,$error_messages;
	$old_password=$_POST['old_password'];
	$new_password1=$_POST['new_password1'];
	$new_password2=$_POST['new_password2'];

	if ($new_password1!=$new_password2) {
		$error=$error_messages['NEW_PASSWORD_MISMATCH'];
		return false;
	}
	$user_id=$_SESSION['user_id'];
	$login=$_SESSION['user_name'];
	if (!$user_id) {
		return false;
	}

	//old password check

        $q="select * from users where login='$login'";
        $set=$db->query($q);
        $set->next();
        if ($set->getString('password')!=md5($old_password)) {
                $error="bad password";
		return false;
	}

	//changing in LDAP
        require(SYSTEM_ROOT.'/inc/ldap.inc');
	LDAPuser::change_pass($user_id,$old_password,$new_password1);

	//changing in MySQL
	$password=md5($new_password1);
	$db->query("update users set password='$password' where user_id='$user_id'");
}

?>