Change Password

1. <?php require_once 'engine/init.php';
2. protect_page();
3.  
4. if (empty($_POST) === false) {
5.     /* Token used for cross site scripting security */
6.     if (!Token::isValid($_POST['token'])) {
7.         $errors[] = 'Token is invalid.';
8.     }
9.    
10.     $required_fields = array('current_password', 'new_password', 'new_password_again');
11.    
12.     foreach($_POST as $key=>$value) {
13.         if (empty($value) && in_array($key, $required_fields) === true) {
14.             $errors[] = 'You need to fill in all fields.';
15.             break 1;
16.         }
17.     }
18.    
19.     $pass_data = user_data($session_user_id, 'password');
20.     //$pass_data['password'];
21.     // $_POST['']
22.    
23.     // .3 compatibility
24.     if ($config['ServerEngine'] == 'TFS_03' && $config['salt'] === true) {
25.         $salt = user_data($session_user_id, 'salt');
26.     }
27.     if (sha1($_POST['current_password']) === $pass_data['password'] || $config['ServerEngine'] == 'TFS_03' && $config['salt'] === true && sha1($salt['salt'].$_POST['current_password']) === $pass_data['password']) {
28.         if (trim($_POST['new_password']) !== trim($_POST['new_password_again'])) {
29.             $errors[] = 'Your new passwords do not match.';
30.         } else if (strlen($_POST['new_password']) < 6) {
31.             $errors[] = 'Your new passwords must be at least 6 characters.';
32.         } else if (strlen($_POST['new_password']) > 100) {
33.             $errors[] = 'Your new passwords must be less than 100 characters.';
34.         }
35.     } else {
36.         $errors[] = 'Your current password is incorrect.';
37.     }
38. }
39.  
40. ?>
41.  
42. <h1 class="text-white">Alterar senha</h1>
43.  
44. <?php
45. if (isset($_GET['success']) && empty($_GET['success'])) {
46.     echo 'Your password has been changed.<br>You will need to login again with the new password.';
47.     session_destroy();
48.     header("refresh:2;url=index.php");
49.     exit();
50. } else {
51.     if (empty($_POST) === false && empty($errors) === true) {
52.         //Posted the form without errors
53.         if ($config['ServerEngine'] == 'TFS_02' || $config['ServerEngine'] == 'TFS_10' || $config['ServerEngine'] == 'OTHIRE') {
54.             user_change_password($session_user_id, $_POST['new_password']);
55.         } else if ($config['ServerEngine'] == 'TFS_03') {
56.             user_change_password03($session_user_id, $_POST['new_password']);
57.         }
58.         header('Location: changepassword.php?success');
59.     } else if (empty($errors) === false){
60.        
61.         echo '<font color="red"><b>';
62.         echo output_errors($errors);
63.         echo '</b></font>';
64.     }
65.     ?>
66.  
67.     <form action="" method="post">
68.         <ul>
69.         <center>
70.         <li class="text-white" style="list-style-type: none;">
71.                 <h5>Senha atual</h5>
72.                 <input type="password" name="current_password">
73.             </li>
74.             <li class="text-white" style="list-style-type: none;">
75.                 <h5>Nova senha</h5>
76.                 <input type="password" name="new_password">
77.             </li>
78.             <li class="text-white" style="list-style-type: none;">
79.                 <h5>Nova senha</h5>
80.                 <input type="password" name="new_password_again">
81.             </li>
82.         </center>
83.    
84.             <?php
85.                 /* Form file */
86.                 Token::create();
87.             ?><br>
88.             <center>
89.                 <input type="submit" value="Confirmar a nova senha" class="btn text-white UI hr"><br>
90.             </center>
91.         </ul>
92.     </form>
93. <?php
94. }
95. ?>
96. <style>
97.     li{
98.         list-style-type: none;
99.     }
100. </style>