root/wifidog/wifidog-auth/wifidog/change_password.php

Revision 395, 6.5 kB (checked in by syrus, 1 year ago)

Version Prod 20071208

Line 
1 <?php
2
3 /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
4
5 // +-------------------------------------------------------------------+
6 // | WiFiDog Authentication Server                                     |
7 // | =============================                                     |
8 // |                                                                   |
9 // | The WiFiDog Authentication Server is part of the WiFiDog captive  |
10 // | portal suite.                                                     |
11 // +-------------------------------------------------------------------+
12 // | PHP version 5 required.                                           |
13 // +-------------------------------------------------------------------+
14 // | Homepage:     http://www.wifidog.org/                             |
15 // | Source Forge: http://sourceforge.net/projects/wifidog/            |
16 // +-------------------------------------------------------------------+
17 // | This program is free software; you can redistribute it and/or     |
18 // | modify it under the terms of the GNU General Public License as    |
19 // | published by the Free Software Foundation; either version 2 of    |
20 // | the License, or (at your option) any later version.               |
21 // |                                                                   |
22 // | This program is distributed in the hope that it will be useful,   |
23 // | but WITHOUT ANY WARRANTY; without even the implied warranty of    |
24 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the     |
25 // | GNU General Public License for more details.                      |
26 // |                                                                   |
27 // | You should have received a copy of the GNU General Public License |
28 // | along with this program; if not, contact:                         |
29 // |                                                                   |
30 // | Free Software Foundation           Voice:  +1-617-542-5942        |
31 // | 59 Temple Place - Suite 330        Fax:    +1-617-542-2652        |
32 // | Boston, MA  02111-1307,  USA       gnu@gnu.org                    |
33 // |                                                                   |
34 // +-------------------------------------------------------------------+
35
36 /**
37  * Changes password of user
38  *
39  * @package    WiFiDogAuthServer
40  * @author     Philippe April
41  * @author     Benoit Grégoire <bock@step.polymtl.ca>
42  * @copyright  2004-2006 Philippe April
43  * @copyright  2004-2006 Benoit Grégoire, Technologies Coeus inc.
44  * @version    Subversion $Id: change_password.php 1031 2006-05-10 18:56:02Z benoitg $
45  * @link       http://www.wifidog.org/
46  */
47
48 /**
49  * Load common include file
50  */
51 require_once(dirname(__FILE__) . '/include/common.php');
52
53 require_once('classes/MainUI.php');
54 require_once('include/common_interface.php');
55 require_once('classes/User.php');
56
57 $smarty->assign('error', '');
58
59 $smarty->assign('username', '');
60 $smarty->assign('oldpassword', '');
61 $smarty->assign('newpassword', '');
62 $smarty->assign('newpassword_again', '');
63
64 $user = User::getCurrentUser();
65 if ($user) {
66     User::assignSmartyValues($smarty, $user);
67
68     if ($user->isSuperAdmin() && isset($_REQUEST['username'])) {
69         $smarty->assign('username', $_REQUEST['username']);
70         $username = $_REQUEST['username'];
71     }
72     else
73         $username = $user->getUsername();
74
75     // $user->getEmail();
76     // $user->getRealName();
77     // $user->getWebsiteURL();
78     // $user->isSuperAdmin();
79     // $user->isOwner();
80 }
81 else {
82     $smarty->assign('error', _("You must login before you can change your password."));
83 }
84
85 if ($user && isset($_REQUEST["form_request"])) {
86     try {
87         // If the source is present and that it's in our, save it to a var for later use
88         $account_origin = Network::getObject($_REQUEST['auth_source']);
89
90         if (!$account_origin || !$_REQUEST["username"] || !$_REQUEST["oldpassword"] || !$_REQUEST["newpassword"] || !$_REQUEST["newpassword_again"])
91             throw new Exception(_('You MUST fill in all the fields.'));
92
93         $current_password = $db->escapeString(trim($_REQUEST['oldpassword']));
94         $new_password = $db->escapeString(trim($_REQUEST['newpassword']));
95
96         if(empty($account_origin))
97             throw new Exception(_("Sorry, this network does not exist !"));
98
99         if ($_REQUEST["newpassword"] != $_REQUEST["newpassword_again"])
100             throw new Exception(_("Passwords do not match."));
101
102         // Warning for now, password change only works for local users, registered through our signup process.
103         if ($username == $user->getUsername()) {
104             $victim = $user;
105
106             if ($victim->getPasswordHash() != User::passwordHash($current_password))
107                 throw new Exception(_("Wrong password."));
108
109             $victim->setPassword($new_password);
110             $smarty->assign("message", _("Your password has been changed succesfully."));
111         }
112         else {
113             if ($user->isSuperAdmin()) {
114                 $username $db->escapeString(trim($_REQUEST['username']));
115                 $victim = User::getUserByUsernameAndOrigin($username, $account_origin);
116
117                 if (!$victim)
118                     throw new Exception(sprintf(_('Sorry, user %s does not exist !'), $username));
119
120                 if ($victim->getPasswordHash() != User::passwordHash($current_password)
121                     && $user->getPasswordHash() != User::passwordHash($current_password))
122                     throw new Exception(_("Wrong password."));
123
124                 $victim->setPassword($new_password);
125                 $smarty->assign("message", sprintf(_('The password for %s has been successfully changed.'), $username));
126             }
127             else {
128                 throw new Exception(_('Sorry, invalid change password request !'));
129             }
130         }
131
132         $ui = new MainUI();
133         $ui->addContent('main_area_middle', $smarty->fetch("templates/sites/validate.tpl"));
134         $ui->display();
135
136         exit;
137     } catch (Exception $e) {
138         $smarty->assign("error", $e->getMessage());
139     }
140 }
141
142 // Add the auth servers list to smarty variables
143 $sources = array ();
144 // Preserve keys
145 $network_array=Network::getAllNetworks();
146 foreach ($network_array as $network)
147     if ($network->getAuthenticator()->isRegistrationPermitted())
148         $sources[$network->getId()] = $network->getName();
149
150 isset ($sources) && $smarty->assign('auth_sources', $sources);
151 // Pass the account_origin along, if it's set
152 isset ($_REQUEST["auth_source"]) && $smarty->assign('selected_auth_source', $_REQUEST["auth_source"]);
153
154 $ui = new MainUI();
155 $smarty->assign('SelectNetworkUI', Network::getSelectNetworkUI('auth_source'));
156 $ui->addContent('main_area_middle', $smarty->fetch("templates/change_password.html"));
157 $ui->display();
158
159 /*
160  * Local variables:
161  * tab-width: 4
162  * c-basic-offset: 4
163  * c-hanging-comment-ender-p: nil
164  * End:
165  */
166
167 ?>
168
Note: See TracBrowser for help on using the browser.