<?php
$_SESSION['account'] = isset( $_SESSION['account'] ) ? (int) $_SESSION['account'] : NULL;
if( $_SESSION['account'] === NULL )
{
redirect( gen_uri('index') );
}
if( !$sql->query("SELECT * FROM `" . CATALOGUE_SITES . "` WHERE `id` = " . $_SESSION['account'] . ";") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( $sql->num_rows() < 1 )
{
redirect( gen_uri('index', '', 'logout', VERSION) );
}
$account_data = $sql->fetch_assoc();
$template_vars['header'] = array(
'TITLE' => output( $lang['CHANGE_PASSWORD'] ),
'CSS' => $css
);
$template_vars['body'] = array();
$template->set_vars('header', $template_vars['header']);
$show_form = true;
if( empty($_POST) == false )
{
$old_passwd = isset( $_POST['old_passwd'] ) ? (string) $_POST['old_passwd'] : '';
$new_passwd = isset( $_POST['new_passwd'] ) ? (string) $_POST['new_passwd'] : '';
$rpasswd = isset( $_POST['rpasswd'] ) ? (string) $_POST['rpasswd'] : '';
if( get_magic_quotes_gpc() )
{
$old_passwd = stripslashes( $old_passwd );
$new_passwd = stripslashes( $new_passwd );
$rpasswd = stripslashes( $rpasswd );
}
if( $old_passwd == '' || $new_passwd == '' || $rpasswd == '' )
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_CH_PASSWORD_EMPTY_FIELDS']));
}
else if( md5($old_passwd) != $account_data['password'] )
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_CH_PASSWORD_INVALID_OLD']));
}
else if( $new_passwd != $rpasswd )
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_CH_PASSWORD_INVALID_RPASSWD']));
}
else
{
if( !$sql->query("UPDATE `" . CATALOGUE_SITES . "` SET `password` = '" . md5($new_passwd) . "' WHERE `id` = " . $_SESSION['account'] . ";") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
$template->load_template('templates/' . VERSION . '/message.tpl', 'body');
$template->set_vars('body', array('MESSAGE' => $lang['CH_PASSWORD_SUCCESS']));
$link = array(
array('HREF' => gen_uri('index'), 'NAME' => $lang['BACK'])
);
for($i = 0; $i < count($link); $i++)
{
$template->set_block_vars('body', 'link', $link[$i]);
}
$show_form = false;
}
}
if( $show_form )
{
$template_vars['body'] = array(
'OLD_PASSWD' => $lang['OLD_PASSWD'],
'NEW_PASSWD' => $lang['NEW_PASSWD'],
'RPASSWD' => $lang['RPASSWD'],
'SUBMIT' => $lang['SUBMIT'],
'PATH' => gen_uri($m, '', $nocache),
'LOGOUT_HREF' => gen_uri('index', '', 'logout', VERSION),
'LOGOUT' => sprintf($lang['LOGOUT'], output($account_data['site'])),
'BACK_HREF' => gen_uri('index'),
'BACK' => $lang['BACK'],
'NOCACHE' => $nocache
);
}
$template->set_vars('header', $template_vars['header']);
$template->set_vars('body', $template_vars['body']);
$template->set_vars('footer', array('SWITCH_VERSION' => switch_version($m, '', $nocache)));
?>