// Copyright (c) 2022 High5! // License Info: LICENSE.TXT // // File: password.php // // Template File: users_password.tpl // // Template Variables: // // tMessage // // Form POST \ GET Variables: // // fPassword_current // fPassword // fPassword2 // require("../session.inc.php"); require("../variables.inc.php"); require("../config.inc.php"); require("../functions.inc.php"); include("../languages/" . check_language() . ".lang"); $USERID_USERNAME = check_user_session(); $USERID_DOMAIN = substr(strrchr($USERID_USERNAME, "@"), 1); if ($_SERVER['REQUEST_METHOD'] == "POST") { $fPassword_current = escape_string($_POST['fPassword_current']); $fPassword = escape_string($_POST['fPassword']); $fPassword2 = escape_string($_POST['fPassword2']); $username = $USERID_USERNAME; $result = db_query("SELECT * FROM mailbox WHERE username='$username'"); if ($result['rows'] == 1) { $row = db_array($result['result']); if (!password_verify($fPassword_current, $row['password'])) { $error = 1; $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error']; } } else { $error = 1; $pPassword_email_text = $PALANG['pPassword_email_text_error']; } if (empty($fPassword) or ($fPassword != $fPassword2)) { $error = 1; $pPassword_password_text = $PALANG['pPassword_password_text_error']; } if ($error != 1) { $password = pacrypt($fPassword); $result = db_query("UPDATE mailbox SET password='$password',modified=NOW(),scheme='' WHERE username='$username'"); if ($result['rows'] == 1) { $tMessage = $PALANG['pPassword_result_succes']; db_log($USERID_USERNAME, $USERID_DOMAIN, "change password", "$USERID_USERNAME"); } else { $tMessage = $PALANG['pPassword_result_error']; } } } include("../templates/header.tpl"); include("../templates/users_menu.tpl"); include("../templates/users_password.tpl"); include("../templates/footer.tpl"); ?>