X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fpassword.php;h=23b95f7b68f4be6c4e600787e6a2ea53f9f6be38;hb=4272da4e9e2ab9c99b4b9897f04c92cd7987cb8b;hp=63b99c6239aaf08705b3794972adaa0f76575bf1;hpb=3a2d17f9f64ef7b48f2c32e144c1eb5e000f7313;p=quix0rs-gnu-social.git

diff --git a/actions/password.php b/actions/password.php
index 63b99c6239..23b95f7b68 100644
--- a/actions/password.php
+++ b/actions/password.php
@@ -23,26 +23,30 @@ require_once(INSTALLDIR.'/lib/settingsaction.php');
 
 class PasswordAction extends SettingsAction {
 
+	function get_instructions() {
+		return _('You can change your password here. Choose a good one!');
+	}
+
 	function show_form($msg=NULL, $success=false) {
-		common_show_header(_t('Change password'));
-		$this->settings_menu();
-		$this->message($msg, $success);
-		common_element_start('form', array('method' => 'POST',
+		$user = common_current_user();
+		$this->form_header(_('Change password'), $msg, $success);
+		$token = common_session_token();
+		common_element_start('form', array('method' => 'post',
 										   'id' => 'password',
 										   'action' =>
 										   common_local_url('password')));
-		common_password('oldpassword', _t('Old password'));
-		common_password('newpassword', _t('New password'));
-		common_password('confirm', _t('Confirm'));
-		common_element('input', array('name' => 'submit',
-									  'type' => 'submit',
-									  'id' => 'submit'),
-					   _t('Login'));
-		common_element('input', array('name' => 'cancel',
-									  'type' => 'button',
-									  'id' => 'cancel'),
-					   _t('Cancel'));
+		common_hidden('token', $token);
+		# Users who logged in with OpenID won't have a pwd
+		if ($user->password) {
+			common_password('oldpassword', _('Old password'));
+		}
+		common_password('newpassword', _('New password'),
+						_('6 or more characters'));
+		common_password('confirm', _('Confirm'),
+						_('same as password above'));
+		common_submit('submit', _('Change'));
 		common_element_end('form');
+		common_show_footer();
 	}
 
 	function handle_post() {
@@ -52,29 +56,42 @@ class PasswordAction extends SettingsAction {
 
 		# FIXME: scrub input
 
-		$oldpassword = $this->arg('oldpassword');
 		$newpassword = $this->arg('newpassword');
 		$confirm = $this->arg('confirm');
-
-		if (0 != strcmp($newpassword, $confirm)) {
-			$this->show_form(_t('Passwords don\'t match'));
+		$token = $this->arg('token');
+		
+		if (!$token || $token != common_session_token()) {
+			$this->show_form(_('There was a problem with your session token. Try again, please.'));
+			return;
+		} else if (0 != strcmp($newpassword, $confirm)) {
+			$this->show_form(_('Passwords don\'t match.'));
 			return;
 		}
 
-		if (!common_check_user($user->nickname, $oldpassword)) {
-			$this->show_form(_t('Incorrect old password'));
-			return;
+		if ($user->password) {
+			$oldpassword = $this->arg('oldpassword');
+
+			if (!common_check_user($user->nickname, $oldpassword)) {
+				$this->show_form(_('Incorrect old password'));
+				return;
+			}
 		}
 
 		$original = clone($user);
 
 		$user->password = common_munge_password($newpassword, $user->id);
 
+		$val = $user->validate();
+		if ($val !== TRUE) {
+			$this->show_form(_('Error saving user; invalid.'));
+			return;
+		}
+
 		if (!$user->update($original)) {
-			common_server_error(_t('Can\'t save new password.'));
+			common_server_error(_('Can\'t save new password.'));
 			return;
 		}
 
-		$this->show_form(_t('Password saved'), true);
+		$this->show_form(_('Password saved.'), true);
 	}
-}
\ No newline at end of file
+}