102 lines
4.2 KiB
PHP
102 lines
4.2 KiB
PHP
<?php
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// NagiosQL
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// (c) 2005-2017 by Martin Willisegger
|
|
//
|
|
// Project : NagiosQL
|
|
// Component : Password administration
|
|
// Website : http://www.nagiosql.org
|
|
// Date : $LastChangedDate: 2017-06-22 09:29:35 +0200 (Thu, 22 Jun 2017) $
|
|
// Author : $LastChangedBy: martin $
|
|
// Version : 3.3.0
|
|
// Revision : $LastChangedRevision: 2 $
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Define common variables
|
|
// =======================
|
|
$prePageId = 31;
|
|
$preContent = "admin/admin_master.tpl.htm";
|
|
$preAccess = 1;
|
|
$preFieldvars = 1;
|
|
$preShowHeader = 0;
|
|
//
|
|
// Include preprocessing files
|
|
// ===========================
|
|
require("../functions/prepend_adm.php");
|
|
require("../functions/prepend_content.php");
|
|
//
|
|
// Change password
|
|
// =======================
|
|
if (($chkTfValue1 != "") && ($chkTfValue2 != "")) {
|
|
// Check old password
|
|
$strSQL = "SELECT * FROM `tbl_user` WHERE `username`='".$_SESSION['username']."' AND `password`=MD5('$chkTfValue1')";
|
|
$booReturn = $myDBClass->getDataArray($strSQL,$arrDataLines,$intDataCount);
|
|
if ($booReturn == false) {
|
|
$myVisClass->processMessage(translate('Error while selecting data from database:'),$strErrorMessage);
|
|
$myVisClass->processMessage($myDBClass->strErrorMessage,$strErrorMessage);
|
|
} else if ($intDataCount == 1) {
|
|
// Check equality and password length
|
|
if (($chkTfValue2 === $chkTfValue3) && (strlen($chkTfValue2) >=5)) {
|
|
// Update database
|
|
$strSQLUpdate = "UPDATE `tbl_user` SET `password`=MD5('$chkTfValue2'),
|
|
`last_login`=NOW() WHERE `username`='".$_SESSION['username']."'";
|
|
$booReturn = $myDBClass->insertData($strSQLUpdate);
|
|
if ($booReturn == true) {
|
|
$myDataClass->writeLog(translate('Password successfully modified'));
|
|
// Force new login
|
|
$_SESSION['logged_in'] = 0;
|
|
$_SESSION['username'] = "";
|
|
$_SESSION['userid'] = 0;
|
|
$_SESSION['groupadm'] = 0;
|
|
$_SESSION['domain'] = 0;
|
|
header("Location: ".$SETS['path']['protocol']."://".$_SERVER['HTTP_HOST'].$_SESSION['SETS']['path']['base_url']."index.php");
|
|
} else {
|
|
$myVisClass->processMessage(translate('Error while selecting data from database:'),$strErrorMessage);
|
|
$myVisClass->processMessage($myDBClass->strErrorMessage,$strErrorMessage);
|
|
}
|
|
} else {
|
|
// New password wrong
|
|
$myVisClass->processMessage(translate('Password too short or password fields unequally!'),$strErrorMessage);
|
|
}
|
|
} else {
|
|
// Old password wrong
|
|
$myVisClass->processMessage(translate('Old password is wrong'),$strErrorMessage);
|
|
}
|
|
} else if (isset($_POST['submit'])) {
|
|
// Wrong data
|
|
$myVisClass->processMessage(translate('Database entry failed! Not all necessary data filled in!'),$strErrorMessage);
|
|
}
|
|
//
|
|
// Output header variable
|
|
// ======================
|
|
echo $tplHeaderVar;
|
|
//
|
|
// Include content
|
|
// ===============
|
|
foreach($arrDescription AS $elem) {
|
|
$conttp->setVariable($elem['name'],$elem['string']);
|
|
}
|
|
$conttp->setVariable("LANG_SAVE",translate('Save'));
|
|
$conttp->setVariable("LANG_ABORT",translate('Abort'));
|
|
$conttp->setVariable("FILL_ALLFIELDS",translate('Please fill in all fields marked with an *'));
|
|
$conttp->setVariable("FILL_NEW_PASSWD_NOT_EQUAL",translate('The new passwords are not equal!'));
|
|
$conttp->setVariable("FILL_NEW_PWDSHORT",translate('The new password is too short - use at least 6 characters!'));
|
|
if ($strErrorMessage != "") $conttp->setVariable("ERRORMESSAGE",$strErrorMessage);
|
|
$conttp->setVariable("ACTION_INSERT",filter_var($_SERVER['PHP_SELF'], FILTER_SANITIZE_STRING));
|
|
$conttp->setVariable("IMAGE_PATH",$_SESSION['SETS']['path']['base_url']."images/");
|
|
// Check access rights for adding new objects
|
|
if ($myVisClass->checkAccGroup($prePageKey,'write') != 0) $conttp->setVariable("ADD_CONTROL","disabled=\"disabled\"");
|
|
$conttp->parse("passwordsite");
|
|
$conttp->show("passwordsite");
|
|
//
|
|
// Include footer
|
|
// ==============
|
|
$maintp->setVariable("VERSION_INFO","<a href='http://www.nagiosql.org' target='_blank'>NagiosQL</a> $setFileVersion");
|
|
$maintp->parse("footer");
|
|
$maintp->show("footer");
|
|
?>
|