10 } |
10 } |
11 **!*/ |
11 **!*/ |
12 |
12 |
13 /* |
13 /* |
14 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
14 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
15 * Version 1.1.5 (Caoineag alpha 5) |
15 * Version 1.1.6 (Caoineag beta 1) |
16 * Copyright (C) 2006-2008 Dan Fuhry |
16 * Copyright (C) 2006-2008 Dan Fuhry |
17 * |
17 * |
18 * This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License |
18 * This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License |
19 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
19 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
20 * |
20 * |
224 die_friendly($lang->get('usercp_emailpassword_err_title'), $message); |
224 die_friendly($lang->get('usercp_emailpassword_err_title'), $message); |
225 } |
225 } |
226 $email_changed = true; |
226 $email_changed = true; |
227 } |
227 } |
228 // Obtain password |
228 // Obtain password |
229 if ( $_POST['use_crypt'] == 'yes' && !empty($_POST['crypt_data']) ) |
229 if ( !empty($_POST['crypt_data']) || !empty($_POST['newpass']) ) |
230 { |
230 { |
231 $key = $session->fetch_public_key($_POST['crypt_key']); |
231 $newpass = $session->get_aes_post('newpass'); |
232 if ( !$key ) |
|
233 die('Can\'t lookup key'); |
|
234 $key = hexdecode($key); |
|
235 $newpass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX); |
|
236 // At this point we know if we _want_ to change the password... |
232 // At this point we know if we _want_ to change the password... |
237 |
233 |
238 // We can't check the password to see if it matches the confirmation |
234 // We can't check the password to see if it matches the confirmation |
239 // because the confirmation was destroyed during the encryption. I figured |
235 // because the confirmation was destroyed during the encryption. I figured |
240 // this wasn't a big deal because if the encryption worked, then either |
236 // this wasn't a big deal because if the encryption worked, then either |
253 { |
249 { |
254 $score_inp = password_score($newpass); |
250 $score_inp = password_score($newpass); |
255 if ( $score_inp < $score_min ) |
251 if ( $score_inp < $score_min ) |
256 $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '</div>'; |
252 $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '</div>'; |
257 } |
253 } |
|
254 if ( $_POST['use_crypt'] == 'no' && $newpass != $_POST['newpass_confirm'] ) |
|
255 { |
|
256 $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_password_no_match') . '</div>'; |
|
257 } |
258 // Encrypt new password |
258 // Encrypt new password |
259 if ( empty($errors) ) |
259 if ( empty($errors) ) |
260 { |
260 { |
261 $newpass_enc = $session->pk_encrypt($newpass, ENC_HEX); |
|
262 // Perform the swap |
261 // Perform the swap |
263 $q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $newpass_enc . '\' WHERE user_id=' . $session->user_id . ';'); |
262 $session->set_password($session->username, $newpass); |
264 if ( !$q ) |
|
265 $db->_die(); |
|
266 // Log out and back in |
263 // Log out and back in |
267 $username = $session->username; |
264 $username = $session->username; |
268 $session->logout(); |
265 $session->logout(); |
269 if ( $email_changed ) |
266 if ( $email_changed ) |
270 { |
267 { |
280 $session->login_without_crypto($session->username, $newpass); |
277 $session->login_without_crypto($session->username, $newpass); |
281 redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5); |
278 redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5); |
282 } |
279 } |
283 } |
280 } |
284 } |
281 } |
285 else |
|
286 { |
|
287 switch('foo') // allow breaking out of our section...i can't wait until PHP6 (goto support!) |
|
288 { |
|
289 case 'foo': |
|
290 $pass = $_POST['newpass']; |
|
291 if ( $pass != $_POST['newpass_conf'] ) |
|
292 { |
|
293 $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_password_no_match') . '</div>'; |
|
294 break; |
|
295 } |
|
296 |
|
297 $session->logout(); |
|
298 if ( $email_changed ) |
|
299 { |
|
300 if ( getConfig('account_activation') == 'user' ) |
|
301 { |
|
302 redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20); |
|
303 } |
|
304 else if ( getConfig('account_activation') == 'admin' ) |
|
305 { |
|
306 redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20); |
|
307 } |
|
308 } |
|
309 else |
|
310 { |
|
311 $session->login_without_crypto($session->username, $newpass); |
|
312 redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5); |
|
313 } |
|
314 |
|
315 return; |
|
316 } |
|
317 } |
|
318 } |
282 } |
319 $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title'); |
283 $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title'); |
320 break; |
284 break; |
321 case 'Signature': |
285 case 'Signature': |
322 $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title'); |
286 $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title'); |
357 } |
321 } |
358 |
322 |
359 echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >'; |
323 echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >'; |
360 |
324 |
361 // Password change form |
325 // Password change form |
362 $pubkey = $session->rijndael_genkey(); |
|
363 |
|
364 echo '<fieldset> |
326 echo '<fieldset> |
365 <legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend> |
327 <legend>' . $lang->get('usercp_emailpassword_grp_chpasswd') . '</legend> |
366 ' . $lang->get('usercp_emailpassword_field_newpass') . '<br /> |
328 ' . $lang->get('usercp_emailpassword_field_newpass') . '<br /> |
367 <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . ' |
329 <input type="password" name="newpass" size="30" tabindex="1" ' . ( getConfig('pw_strength_enable') == '1' ? 'onkeyup="password_score_field(this);" ' : '' ) . '/>' . ( getConfig('pw_strength_enable') == '1' ? '<span class="password-checker" style="font-weight: bold; color: #aaaaaa;"> Loading...</span>' : '' ) . ' |
368 <br /> |
330 <br /> |
369 <br /> |
331 <br /> |
370 ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br /> |
332 ' . $lang->get('usercp_emailpassword_field_newpass_confirm') . '<br /> |
371 <input type="password" name="newpass_conf" size="30" tabindex="2" /> |
333 <input type="password" name="newpass_confirm" size="30" tabindex="2" /> |
372 ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div> |
334 ' . ( getConfig('pw_strength_enable') == '1' ? '<br /><br /><div id="pwmeter"></div> |
373 <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' ) . ' |
335 <small>' . $lang->get('usercp_emailpassword_msg_password_min_score') . '</small>' : '' ) . ' |
374 </fieldset><br /> |
336 </fieldset><br /> |
375 <fieldset> |
337 <fieldset> |
376 <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend> |
338 <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend> |
379 <br /> |
341 <br /> |
380 <br /> |
342 <br /> |
381 ' . $lang->get('usercp_emailpassword_field_newemail_confirm') . '<br /> |
343 ' . $lang->get('usercp_emailpassword_field_newemail_confirm') . '<br /> |
382 <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" /> |
344 <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" /> |
383 </fieldset> |
345 </fieldset> |
384 <input type="hidden" name="use_crypt" value="no" /> |
|
385 <input type="hidden" name="crypt_key" value="' . $pubkey . '" /> |
|
386 <input type="hidden" name="crypt_data" value="" /> |
|
387 <br /> |
346 <br /> |
388 <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>'; |
347 <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>'; |
389 |
348 |
|
349 echo $session->generate_aes_form(); |
390 echo '</form>'; |
350 echo '</form>'; |
391 |
351 |
392 // ENCRYPTION CODE |
352 // ENCRYPTION CODE |
393 ?> |
353 ?> |
|
354 <?php if ( getConfig('pw_strength_enable') == '1' ): ?> |
394 <script type="text/javascript"> |
355 <script type="text/javascript"> |
395 <?php if ( getConfig('pw_strength_enable') == '1' ): ?> |
|
396 addOnloadHook(function() |
356 addOnloadHook(function() |
397 { |
357 { |
398 password_score_field(document.forms.empwform.newpass); |
358 password_score_field(document.forms.empwform.newpass); |
399 }); |
359 }); |
|
360 </script> |
400 <?php endif; ?> |
361 <?php endif; ?> |
401 |
|
402 function runEncryption() |
|
403 { |
|
404 load_component('crypto'); |
|
405 var aes_testpassed = aes_self_test(); |
|
406 |
|
407 var frm = document.forms.empwform; |
|
408 if ( frm.newpass.value.length < 1 ) |
|
409 return true; |
|
410 |
|
411 pass1 = frm.newpass.value; |
|
412 pass2 = frm.newpass_conf.value; |
|
413 if ( pass1 != pass2 ) |
|
414 { |
|
415 alert($lang.get('usercp_emailpassword_err_password_no_match')); |
|
416 return false; |
|
417 } |
|
418 if ( pass1.length < 6 && pass1.length > 0 ) |
|
419 { |
|
420 alert($lang.get('usercp_emailpassword_err_password_too_short')); |
|
421 return false; |
|
422 } |
|
423 |
|
424 if(aes_testpassed) |
|
425 { |
|
426 frm.use_crypt.value = 'yes'; |
|
427 var cryptkey = frm.crypt_key.value; |
|
428 frm.crypt_key.value = hex_md5(cryptkey); |
|
429 cryptkey = hexToByteArray(cryptkey); |
|
430 if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 ) |
|
431 { |
|
432 frm.submit.disabled = true; |
|
433 len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : ''; |
|
434 alert('The key is messed up\nType: '+typeof(cryptkey)+len); |
|
435 } |
|
436 pass = frm.newpass.value; |
|
437 pass = stringToByteArray(pass); |
|
438 cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB'); |
|
439 if(!cryptstring) |
|
440 { |
|
441 return false; |
|
442 } |
|
443 cryptstring = byteArrayToHex(cryptstring); |
|
444 frm.crypt_data.value = cryptstring; |
|
445 frm.newpass.value = ""; |
|
446 frm.newpass_conf.value = ""; |
|
447 } |
|
448 return true; |
|
449 } |
|
450 </script> |
|
451 <?php |
362 <?php |
452 |
363 echo $session->aes_javascript('empwform', 'newpass'); |
453 break; |
364 break; |
454 case 'Signature': |
365 case 'Signature': |
455 if ( isset($_POST['new_sig']) ) |
366 if ( isset($_POST['new_sig']) ) |
456 { |
367 { |
457 $sig = $_POST['new_sig']; |
368 $sig = $_POST['new_sig']; |