X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fpassword.php;h=23b95f7b68f4be6c4e600787e6a2ea53f9f6be38;hb=4272da4e9e2ab9c99b4b9897f04c92cd7987cb8b;hp=c9869f1778dd2111b6f7569b333dfaa442d9bd4f;hpb=1a15570339fa7ae5e33a98a7fe6a8645e3d3af72;p=quix0rs-gnu-social.git diff --git a/actions/password.php b/actions/password.php index c9869f1778..23b95f7b68 100644 --- a/actions/password.php +++ b/actions/password.php @@ -1,76 +1,97 @@ . */ if (!defined('LACONICA')) { exit(1); } +require_once(INSTALLDIR.'/lib/settingsaction.php'); + class PasswordAction extends SettingsAction { - + + function get_instructions() { + return _('You can change your password here. Choose a good one!'); + } + function show_form($msg=NULL, $success=false) { - common_show_header(_t('Change password')); - $this->settings_menu(); - $this->message($msg, $success); - common_element_start('form', array('method' => 'POST', + $user = common_current_user(); + $this->form_header(_('Change password'), $msg, $success); + $token = common_session_token(); + common_element_start('form', array('method' => 'post', 'id' => 'password', - 'action' => + 'action' => common_local_url('password'))); - common_password('oldpassword', _t('Old password')); - common_password('newpassword', _t('New password')); - common_password('confirm', _t('Confirm')); - common_element('input', array('name' => 'submit', - 'type' => 'submit', - 'id' => 'submit'), - _t('Login')); - common_element('input', array('name' => 'cancel', - 'type' => 'button', - 'id' => 'cancel'), - _t('Cancel')); + common_hidden('token', $token); + # Users who logged in with OpenID won't have a pwd + if ($user->password) { + common_password('oldpassword', _('Old password')); + } + common_password('newpassword', _('New password'), + _('6 or more characters')); + common_password('confirm', _('Confirm'), + _('same as password above')); + common_submit('submit', _('Change')); common_element_end('form'); + common_show_footer(); } - + function handle_post() { $user = common_current_user(); assert(!is_null($user)); # should already be checked - + # FIXME: scrub input - $oldpassword = $this->arg('oldpassword'); $newpassword = $this->arg('newpassword'); $confirm = $this->arg('confirm'); + $token = $this->arg('token'); - if (0 != strcmp($newpassword, $confirm)) { - $this->show_form(_t('Passwords don\'t match')); + if (!$token || $token != common_session_token()) { + $this->show_form(_('There was a problem with your session token. Try again, please.')); + return; + } else if (0 != strcmp($newpassword, $confirm)) { + $this->show_form(_('Passwords don\'t match.')); return; } - if (!common_check_user($user->nickname, $oldpassword)) { - $this->show_form(_t('Incorrect old password')); - return; + if ($user->password) { + $oldpassword = $this->arg('oldpassword'); + + if (!common_check_user($user->nickname, $oldpassword)) { + $this->show_form(_('Incorrect old password')); + return; + } } - + + $original = clone($user); + $user->password = common_munge_password($newpassword, $user->id); - - if (!$user->update()) { - common_server_error(_t('Can\'t save new password.')); + + $val = $user->validate(); + if ($val !== TRUE) { + $this->show_form(_('Error saving user; invalid.')); return; } - - $this->show_form(_t('Password saved'), true); + + if (!$user->update($original)) { + common_server_error(_('Can\'t save new password.')); + return; + } + + $this->show_form(_('Password saved.'), true); } -} \ No newline at end of file +}