inc/eventz/set_password.inc

   1 <?php
   2 /* This program is free software. It comes without any warranty, to
   3  * the extent permitted by applicable law. You can redistribute it
   4  * and/or modify it under the terms of the Do What The Fuck You Want
   5  * To Public License, Version 2, as published by Sam Hocevar. See
   6  * http://sam.zoy.org/wtfpl/COPYING for more details. */
   7
   8
   9 function set_password() {
  10         global $db,$error,$error_messages;
  11         $old_password=$_POST['old_password'];
  12         $new_password1=$_POST['new_password1'];
  13         $new_password2=$_POST['new_password2'];
  14
  15         if ($new_password1!=$new_password2) {
  16                 $error=$error_messages['NEW_PASSWORD_MISMATCH'];
  17                 return false;
  18         }
  19         $user_id=$_SESSION['user_id'];
  20         $login=$_SESSION['user_name'];
  21         if (!$user_id) {
  22                 return false;
  23         }
  24
  25         //old password check
  26
  27         $q="select * from users where login='$login'";
  28         $set=$db->query($q);
  29         $set->next();
  30         if ($set->getString('password')!=md5($old_password)) {
  31                 $error="bad password";
  32                 return false;
  33         }
  34
  35         //changing in LDAP
  36         require(SYSTEM_ROOT.'/inc/ldap.inc');
  37         LDAPuser::change_pass($user_id,$old_password,$new_password1);
  38
  39         //changing in MySQL
  40         $password=md5($new_password1);
  41         $db->query("update users set password='$password' where user_id='$user_id'");
  42 }
  43
  44 ?>