210 $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';'); |
210 $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';'); |
211 if ( !$q ) |
211 if ( !$q ) |
212 $db->_die(); |
212 $db->_die(); |
213 $row = $db->fetchrow(); |
213 $row = $db->fetchrow(); |
214 $db->free_result(); |
214 $db->free_result(); |
215 $old_pass = $session->pk_decrypt($row['password'], ENC_HEX); |
|
216 |
215 |
217 $new_email = $_POST['newemail']; |
216 $new_email = $_POST['newemail']; |
218 |
217 |
219 $result = $session->update_user($session->user_id, false, $old_pass, false, $new_email); |
218 $result = $session->change_email($session->user_id, $new_email); |
220 if ( $result != 'success' ) |
219 if ( $result != 'success' ) |
221 { |
220 { |
222 $message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>'; |
221 $message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>'; |
223 $message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>'; |
222 $message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>'; |
224 die_friendly($lang->get('usercp_emailpassword_err_title'), $message); |
223 die_friendly($lang->get('usercp_emailpassword_err_title'), $message); |
225 } |
224 } |
226 $email_changed = true; |
225 $email_changed = true; |
227 } |
226 } |
228 // Obtain password |
227 // Obtain password |
229 if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) ) |
228 if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) || $session->password_change_disabled ) |
230 { |
229 { |
231 $newpass = $session->get_aes_post('newpass'); |
230 $newpass = $session->password_change_disabled ? '' : $session->get_aes_post('newpass'); |
232 // At this point we know if we _want_ to change the password... |
231 // At this point we know if we _want_ to change the password... |
233 |
232 |
234 // We can't check the password to see if it matches the confirmation |
233 // We can't check the password to see if it matches the confirmation |
235 // because the confirmation was destroyed during the encryption. I figured |
234 // because the confirmation was destroyed during the encryption. I figured |
236 // this wasn't a big deal because if the encryption worked, then either |
235 // this wasn't a big deal because if the encryption worked, then either |
272 else if ( getConfig('account_activation') == 'admin' ) |
271 else if ( getConfig('account_activation') == 'admin' ) |
273 { |
272 { |
274 redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20); |
273 redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20); |
275 } |
274 } |
276 } |
275 } |
277 $session->login_without_crypto($session->username, $newpass); |
276 $session->login_without_crypto($username, $newpass); |
278 redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5); |
277 redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5); |
279 } |
278 } |
|
279 } |
|
280 else if ( $email_changed ) |
|
281 { |
|
282 $session->logout(USER_LEVEL_CHPREF); |
|
283 $activation = $session->user_level >= USER_LEVEL_MOD ? 'none' : getConfig('account_activation', 'none'); |
|
284 switch($activation) |
|
285 { |
|
286 default: |
|
287 $message_body = $lang->get('usercp_emailpassword_msg_password_changed'); |
|
288 $timeout = 5; |
|
289 break; |
|
290 case 'admin': |
|
291 $message_body = $lang->get('usercp_emailpassword_msg_need_activ_user'); |
|
292 $timeout = 20; |
|
293 break; |
|
294 case 'user': |
|
295 $message_body = $lang->get('usercp_emailpassword_msg_need_activ_admin'); |
|
296 $timeout = 20; |
|
297 break; |
|
298 } |
|
299 redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_email_success'), $message_body, $timeout); |
280 } |
300 } |
281 } |
301 } |
282 } |
302 } |
283 $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title'); |
303 $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title'); |
284 break; |
304 break; |
306 { |
326 { |
307 echo $errors; |
327 echo $errors; |
308 } |
328 } |
309 |
329 |
310 echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >'; |
330 echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >'; |
|
331 echo '<fieldset>'; |
|
332 echo '<legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend>'; |
311 |
333 |
312 // Password change form |
334 // Password change form |
|
335 if ( $session->password_change_disabled ) |
|
336 { |
|
337 echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled') . '</p>'; |
|
338 if ( $session->password_change_dest['url'] ) |
|
339 { |
|
340 echo '<p>' . $lang->get('usercp_emailpassword_msg_change_disabled_url') . ' |
|
341 <a onclick="window.open(this.href); return false;" href="' . htmlspecialchars($session->password_change_dest['url']) . '">' . htmlspecialchars($session->password_change_dest['title']) . '</a></p>'; |
|
342 } |
|
343 } |
|
344 else |
|
345 { |
|
346 echo $lang->get('usercp_emailpassword_field_newpass') . '<br /> |
|
347 <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . ' |
|
348 <br /> |
|
349 <br /> |
|
350 ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br /> |
|
351 <input type="password" name="newpass_confirm" size="30" tabindex="2" /> |
|
352 ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div> |
|
353 <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' ); |
|
354 } |
|
355 echo '</fieldset><br />'; |
313 echo '<fieldset> |
356 echo '<fieldset> |
314 <legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend> |
|
315 ' . $lang->get('usercp_emailpassword_field_newpass') . '<br /> |
|
316 <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . ' |
|
317 <br /> |
|
318 <br /> |
|
319 ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br /> |
|
320 <input type="password" name="newpass_confirm" size="30" tabindex="2" /> |
|
321 ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div> |
|
322 <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' ) . ' |
|
323 </fieldset><br /> |
|
324 <fieldset> |
|
325 <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend> |
357 <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend> |
326 ' . $lang->get('usercp_emailpassword_field_newemail') . '<br /> |
358 ' . $lang->get('usercp_emailpassword_field_newemail') . '<br /> |
327 <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" /> |
359 <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" /> |
328 <br /> |
360 <br /> |
329 <br /> |
361 <br /> |
331 <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" /> |
363 <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" /> |
332 </fieldset> |
364 </fieldset> |
333 <br /> |
365 <br /> |
334 <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>'; |
366 <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>'; |
335 |
367 |
336 echo $session->generate_aes_form(); |
368 if ( !$session->password_change_disabled ) |
|
369 echo $session->generate_aes_form(); |
|
370 |
337 echo '</form>'; |
371 echo '</form>'; |
338 |
372 |
339 // ENCRYPTION CODE |
373 // ENCRYPTION CODE |
340 ?> |
374 ?> |
341 <?php if ( getConfig('pw_strength_enable') == '1' ): ?> |
375 <?php if ( !$session->password_change_disabled && getConfig('pw_strength_enable') == '1' ): ?> |
342 <script type="text/javascript"> |
376 <script type="text/javascript"> |
343 addOnloadHook(function() |
377 addOnloadHook(function() |
344 { |
378 { |
345 password_score_field(document.forms.empwform.newpass); |
379 password_score_field(document.forms.empwform.newpass); |
346 }); |
380 }); |