diff options
Diffstat (limited to 'actions/passwordsettings.php')
-rw-r--r-- | actions/passwordsettings.php | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/actions/passwordsettings.php b/actions/passwordsettings.php new file mode 100644 index 000000000..17b2de4e8 --- /dev/null +++ b/actions/passwordsettings.php @@ -0,0 +1,175 @@ +<?php +/** + * Laconica, the distributed open-source microblogging tool + * + * Change user password + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Settings + * @package Laconica + * @author Evan Prodromou <evan@controlyourself.ca> + * @author Zach Copley <zach@controlyourself.ca> + * @copyright 2008-2009 Control Yourself, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +if (!defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/lib/accountsettingsaction.php'; + +/** + * Change password + * + * @category Settings + * @package Laconica + * @author Evan Prodromou <evan@controlyourself.ca> + * @author Zach Copley <zach@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://laconi.ca/ + */ + +class PasswordsettingsAction extends AccountSettingsAction +{ + /** + * Title of the page + * + * @return string Title of the page + */ + + function title() + { + return _('Change password'); + } + + /** + * Instructions for use + * + * @return instructions for use + */ + + function getInstructions() + { + return _('Change your password.'); + } + + /** + * Content area of the page + * + * Shows a form for changing the password + * + * @return void + */ + + function showContent() + { + $user = common_current_user(); + $this->elementStart('form', array('method' => 'POST', + 'id' => 'form_password', + 'class' => 'form_settings', + 'action' => + common_local_url('profilesettings'))); + $this->elementStart('fieldset'); + $this->element('legend', null, _('Password change')); + $this->hidden('token', common_session_token()); + + + $this->elementStart('ul', 'form_data'); + // Users who logged in with OpenID won't have a pwd + if ($user->password) { + $this->elementStart('li'); + $this->password('oldpassword', _('Old password')); + $this->elementEnd('li'); + } + $this->elementStart('li'); + $this->password('newpassword', _('New password'), + _('6 or more characters')); + $this->elementEnd('li'); + $this->elementStart('li'); + $this->password('confirm', _('Confirm'), + _('same as password above')); + $this->elementEnd('li'); + $this->elementEnd('ul'); + + $this->submit('changepass', _('Change')); + + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + /** + * Handle a post + * + * Validate input and save changes. Reload the form with a success + * or error message. + * + * @return void + */ + + function handlePost() + { + // CSRF protection + + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->showForm(_('There was a problem with your session token. '. + 'Try again, please.')); + return; + } + + $user = common_current_user(); + assert(!is_null($user)); // should already be checked + + // FIXME: scrub input + + $newpassword = $this->arg('newpassword'); + $confirm = $this->arg('confirm'); + + if (0 != strcmp($newpassword, $confirm)) { + $this->showForm(_('Passwords don\'t match.')); + return; + } + + if ($user->password) { + $oldpassword = $this->arg('oldpassword'); + + if (!common_check_user($user->nickname, $oldpassword)) { + $this->showForm(_('Incorrect old password')); + return; + } + } + + $original = clone($user); + + $user->password = common_munge_password($newpassword, $user->id); + + $val = $user->validate(); + if ($val !== true) { + $this->showForm(_('Error saving user; invalid.')); + return; + } + + if (!$user->update($original)) { + $this->serverError(_('Can\'t save new password.')); + return; + } + + $this->showForm(_('Password saved.'), true); + } +} |