View file includes/modules/password.php

File size: 2.94Kb
<?php
$_SESSION['account'] = isset( $_SESSION['account'] ) ? (int) $_SESSION['account'] : NULL;

if( $_SESSION['account'] === NULL )
{
	redirect( gen_uri('index') );
}

if( !$sql->query("SELECT * FROM `" . CATALOGUE_SITES . "` WHERE `id` = " . $_SESSION['account'] . ";") )
{
	put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}

if( $sql->num_rows() < 1 )
{
	redirect( gen_uri('index', '', 'logout', VERSION) );
}

$account_data = $sql->fetch_assoc();

$template_vars['header'] = array(
'TITLE' => output( $lang['CHANGE_PASSWORD'] ),
'CSS' => $css
);

$template_vars['body'] = array();

$template->set_vars('header', $template_vars['header']);

$show_form = true;

if( empty($_POST) == false )
{
	$old_passwd = isset( $_POST['old_passwd'] ) ? (string) $_POST['old_passwd'] : '';
	$new_passwd = isset( $_POST['new_passwd'] ) ? (string) $_POST['new_passwd'] : '';
	$rpasswd = isset( $_POST['rpasswd'] ) ? (string) $_POST['rpasswd'] : '';

	if( get_magic_quotes_gpc() )
	{
		$old_passwd = stripslashes( $old_passwd );
		$new_passwd = stripslashes( $new_passwd );
		$rpasswd = stripslashes( $rpasswd );
	}

	if( $old_passwd == '' || $new_passwd == '' || $rpasswd == '' )
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_CH_PASSWORD_EMPTY_FIELDS']));
	}
	else if( md5($old_passwd) != $account_data['password'] ) 
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_CH_PASSWORD_INVALID_OLD']));
	}
	else if( $new_passwd != $rpasswd ) 
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_CH_PASSWORD_INVALID_RPASSWD']));
	}
	else
	{
		if( !$sql->query("UPDATE `" . CATALOGUE_SITES . "` SET `password` = '" . md5($new_passwd) . "' WHERE `id` = " . $_SESSION['account'] . ";") )
		{
			put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
		}

		$template->load_template('templates/' . VERSION . '/message.tpl', 'body');
		$template->set_vars('body', array('MESSAGE' => $lang['CH_PASSWORD_SUCCESS']));

		$link = array(
		array('HREF' => gen_uri('index'), 'NAME' => $lang['BACK'])
		);

		for($i = 0; $i < count($link); $i++)
		{
			$template->set_block_vars('body', 'link', $link[$i]);
		}

		$show_form = false;
	}
}

if( $show_form )
{
	$template_vars['body'] = array(
	'OLD_PASSWD' => $lang['OLD_PASSWD'],
	'NEW_PASSWD' => $lang['NEW_PASSWD'],
	'RPASSWD' => $lang['RPASSWD'],
	'SUBMIT' => $lang['SUBMIT'],
	'PATH' => gen_uri($m, '', $nocache),
	'LOGOUT_HREF' => gen_uri('index', '', 'logout', VERSION),
	'LOGOUT' => sprintf($lang['LOGOUT'], output($account_data['site'])),
	'BACK_HREF' => gen_uri('index'),
	'BACK' => $lang['BACK'],
	'NOCACHE' => $nocache
	);
}

$template->set_vars('header', $template_vars['header']);
$template->set_vars('body', $template_vars['body']);
$template->set_vars('footer', array('SWITCH_VERSION' => switch_version($m, '', $nocache)));
?>