bludit/bl-kernel/admin/controllers/user-password.php
2017-07-05 23:42:28 +02:00

80 lines
2.2 KiB
PHP

<?php defined('BLUDIT') or die('Bludit CMS.');
// ============================================================================
// Functions
// ============================================================================
function setPassword($username, $new_password, $confirm_password)
{
global $dbUsers;
global $Language;
global $Syslog;
// Password length
if( strlen($new_password) < 6 )
{
Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
return false;
}
if($new_password===$confirm_password)
{
if( $dbUsers->setPassword($username, $new_password) ) {
Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
// Add to syslog
$Syslog->add(array(
'dictionaryKey'=>'user-password-changed',
'notes'=>$username
));
return true;
}
else {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
return false;
}
}
else {
Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
return false;
}
}
// ============================================================================
// Main before POST
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
// Prevent editors to administrate other users.
if($Login->role()!=='admin')
{
$_POST['username'] = $Login->username();
unset($_POST['role']);
}
if( setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password']) ) {
Redirect::page('users');
}
}
// ============================================================================
// Main after POST
// ============================================================================
if($Login->role()!=='admin') {
$layout['parameters'] = $Login->username();
}
$_user = $dbUsers->getDb($layout['parameters']);
// If the user doesn't exist, redirect to the users list.
if($_user===false) {
Redirect::page('users');
}
$_user['username'] = $layout['parameters'];