creylopez
/
k8s-cluster-projects
1
1
Fork 0
Code Issues 1 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 Commits
1 Branch
422 MiB
 
 
 
 
 
 
Tree: b3d1466eee
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b3d1466eee'
${ noResults }
k8s-cluster-projects/PHP-Tikiwiki/tiki-master/tiki-change_password.php

142 lines
5.3 KiB
Raw Blame History

<?php
/**
* @package tikiwiki
*/
// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id$
$inputConfiguration = [
[ 'staticKeyFilters' => [
'user' => 'text',
'username' => 'text',
'pass' => 'none',
'passAgain' => 'none',
'oldpass' => 'none',
] ]
];
require_once('tiki-setup.php');
if (Language::isRTL()) {
TikiLib::lib('header')->add_cssfile('vendor_bundled/vendor/hesammousavi/bootstrap-v4-rtl/bootstrap-rtl.min.css', 99); // 99 is high rank order as it should load after all other css files
}
$access->check_feature('change_password');
if (empty($_REQUEST['user']) || ! $userlib->user_exists($_REQUEST['user'])) {
$smarty->assign('msg', tra('Invalid username'));
$smarty->assign('errortype', 'login');
$smarty->display("error.tpl");
die;
}
if (! isset($_REQUEST["oldpass"])) {
$_REQUEST["oldpass"] = '';
}
if (isset($_REQUEST["newuser"]) && $_REQUEST["newuser"] == 'y') {
$smarty->assign('new_user_validation', 'y');
}
$smarty->assign('userlogin', $_REQUEST["user"]);
$smarty->assign('oldpass', $_REQUEST["oldpass"]);
if (isset($_REQUEST["change"])) {
check_ticket('change-password');
// Check that pass and passAgain match, otherwise display error and exit
if ($_REQUEST["pass"] != $_REQUEST["passAgain"]) {
$smarty->assign('msg', tra("The passwords do not match"));
$smarty->assign('errortype', 'no_redirect_login');
$smarty->display("error.tpl");
die;
}
// Check that new password is different from old password, otherwise display error and exit
if ($_REQUEST["pass"] == $_REQUEST["oldpass"]) {
$smarty->assign('msg', tra("You can not use the same password again"));
$smarty->assign('errortype', 'no_redirect_login');
$smarty->display("error.tpl");
die;
}
$polerr = $userlib->check_password_policy($_REQUEST["pass"]);
if (strlen($polerr) > 0) {
$smarty->assign('msg', $polerr);
$smarty->assign('errortype', 'no_redirect_login');
$smarty->display("error.tpl");
die;
}
if (empty($_REQUEST['oldpass']) && ! empty($_REQUEST['actpass'])) {
$_REQUEST['oldpass'] = $userlib->activate_password($_REQUEST['user'], $_REQUEST['actpass']);
if (empty($_REQUEST['oldpass'])) {
$smarty->assign('msg', tra('Invalid username or activation code. Maybe this code has already been used.'));
$smarty->assign('errortype', 'no_redirect_login');
$smarty->display('error.tpl');
die;
}
}
// Check that provided user name could log in with old password, otherwise display error and exit
list($isvalid, $_REQUEST["user"], $error) = $userlib->validate_user($_REQUEST["user"], $_REQUEST["oldpass"]);
if (! $isvalid) {
$smarty->assign('msg', tra("Invalid old password"));
$smarty->assign('errortype', 'no_redirect_login');
$smarty->display("error.tpl");
die;
}
if (isset($_REQUEST['email'])) {
if (empty($_REQUEST['email']) || ! validate_email($_REQUEST['email'], $prefs['validateEmail'])) {
$smarty->assign('msg', tra('Your email could not be validated; make sure your email is correct'));
$smarty->assign('errortype', 'no_redirect_login');
$smarty->display("error.tpl");
die;
}
$userlib->change_user_email_only($_REQUEST['user'], $_REQUEST['email']);
}
$userlib->change_user_password($_REQUEST["user"], $_REQUEST["pass"]);
// Login the user and display Home page
$_SESSION["$user_cookie_site"] = $_REQUEST["user"];
$user = $_REQUEST["user"];
$logslib->add_log('login', 'logged from change_password', $_REQUEST['user'], '', '', $tikilib->now);
if ($prefs['feature_user_encryption'] === 'y') {
// Notify CryptLib about the password change
$cryptlib = TikiLib::lib('crypt');
$cryptlib->onChangeUserPassword($_REQUEST["oldpass"], $_REQUEST["pass"]);
}
// re-evaluate homepage since we just login the user
include TIKI_PATH . '/lib/setup/default_homepage.php';
$homePageUrl = $prefs['tikiIndex']; // set up in lib/setup/default_homepage.php
// Check if a wizard should be run.
// If a wizard is run, it will return to the $url location when it has completed. Thus no code after $wizardlib->onLogin will be executed
$wizardlib = TikiLib::lib('wizard');
$force = $_REQUEST["user"] == 'admin';
$wizardlib->onLogin($user, $homePageUrl, $force);
// Go to homepage or url_after_validation
$accesslib = TikiLib::lib('access');
if (! empty($prefs['url_after_validation']) && ! empty($_REQUEST['new_user_validation'])) {
$access->redirect($prefs['url_after_validation']);
} else {
$accesslib->redirect($homePageUrl);
}
}
ask_ticket('change-password');
// Display the template
global $prefs;
$prefs['language'] = $tikilib->get_user_preference($_REQUEST['user'], 'language', $prefs['site_language']);
$smarty->assign('email', $userlib->get_user_email($_REQUEST['user']));
// disallow robots to index page:
$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW');
$smarty->assign('mid', 'tiki-change_password.tpl');
$smarty->display("tiki.tpl");