setpw.php File Reference

Change password of a user. More...

Go to the source code of this file.

Functions

 setpw ($smarty, $INPUT, $db)
 Change password.
 send_reminder ($smarty, $INPUT, $db)
 Send a password reminder.

Detailed Description

Change password of a user.

Definition in file setpw.php.

Function Documentation

send_reminder ( smarty,
INPUT,
db 
)

Send a password reminder.

This function is called by action.php. The forgetful user is sent a password reminder.

Note:
The user is assigned a new password. This is unavoidable because for security reasons, the password is not stored in the database as cleartext, but only as a (one-way) cryptographic hash value. Therefore, the original password cannot be retrieved from the data base.

Definition at line 137 of file setpw.php.

References do_template(), get_item_owner(), send_email(), set_random_pw(), and sql_query().

00137                                              {
00138 
00139         $p = array('email' => trim($INPUT['email']));
00140         $ans = sql_query('get_uid', $p, $db);
00141 
00142         if(empty($ans)) {
00143                 $tpl_var = array();
00144                 $tpl_var['errors_info'] = array('email');
00145 
00146                 do_template($smarty,'login.tpl', $tpl_var);
00147                 exit(0);
00148         }
00149 
00150         foreach ($ans as $u) {
00151 
00152                 $uid = $u['id'];
00153 
00154                 # create random password and mail it to the user
00155  
00156                 $passwd = set_random_pw($uid, $db);
00157 
00158                 $user = get_item_owner("user", $uid, $db);
00159         
00160                 $email_to = $user['degree_name'] . " ";
00161                 $email_to .= $user['forename'] . " ";
00162                 $email_to .= $user['surname'] . " ";
00163                 $email_to .= "<" . $user['email'] . ">";
00164 
00165                 $tpl_vars = array();
00166                 $tpl_vars['user_info'] = $user; 
00167                 $tpl_vars['user_info']['password'] = $passwd;   
00168 
00169                 send_email($smarty,'msg_reminder.tpl',$tpl_vars, $email_to);
00170         }
00171 
00172         do_template($smarty,'reminder.tpl', $tpl_var);
00173         exit(0);
00174 }

Here is the call graph for this function:

setpw ( smarty,
INPUT,
db 
)

Change password.

This function is called by action.php, and allows the user to change his/her password.

Note:
For security reasons, the password is not stored "in the clear" in the database. Instead, a "checksum" is calculated from the password, (using the cryptographic SHA-1 algorithm), and only the checksum is stored in the database.

It is considered computationally infeasible to calculate a password from a given SHA-1 checksum. However, it is very easy to check whether the user has provided the correct password - you just have to calculate it's SHA-1 checksum and compare it with the value stored in the database.

Definition at line 30 of file setpw.php.

References check_input(), do_template(), sql_exit(), and sql_query().

00030                                      {
00031 global $_SESSION, $debug_level;
00032 
00033 $valid_input = array(
00034         "pw1"       => "/^.....+$/",
00035 );      
00036 
00037 ## check user input 
00038 
00039 # $INPUT = array_merge($_GET, $_POST);
00040 # $errors = check_input($INPUT, $validation_info); 
00041 
00042 if ($debug_level > 10) {
00043         print "<hr><pre>Input: ";
00044         print_r($INPUT);
00045         print "</pre><hr>";
00046 }
00047 
00048 #if (!empty($errors)) {
00049 #       user_error("Missing or malformed input parameter(s): " . join($errors, ", "),
00050 #               E_USER_ERROR); 
00051 #}
00052 
00053 ## process buttons
00054 
00055 # "OK" button pressed? 
00056 
00057 $display_html_form = (isset($INPUT['b_ok'])) ? FALSE : TRUE;
00058 
00059 
00060 # "Cancel" button pressed?
00061 
00062 if (isset($INPUT['b_cancel'])) {
00063         return;
00064 }
00065 
00066 
00067 # stricter checks for user input (per item)
00068 
00069 if (!$display_html_form) {
00070 
00071         $errors = check_input($INPUT, $valid_input, FALSE); 
00072 
00073         if ($INPUT['pw1'] != $INPUT['pw2']) {
00074                 $errors[] = 'pw_mismatch';
00075         }
00076 
00077         if (!empty($errors)) {
00078                 # user input was invalid, user must correct it
00079                 $display_html_form = TRUE;
00080         } 
00081 }
00082 
00083 if ($display_html_form) {
00084 
00085         ## (re-)display the input form
00086 
00087         $tpl_vars = $INPUT;
00088         $tpl_vars['errors_info'] = $errors;
00089         do_template($smarty, 'setpw.tpl' , $tpl_vars);
00090         exit(0);
00091 
00092 } else  {
00093 
00094 
00095         $param = array(
00096                 "table" => "user",
00097                 "tables" => "user",
00098                 "login" => $_SESSION['user']['login'],
00099                 "password" => "{SHA1}" . sha1($INPUT['password']),
00100                 "data" => array (
00101                         "password" => "{SHA1}" .  sha1($INPUT['pw1'])
00102                         ),
00103                 "cond" => "id = ". $_SESSION['user']['id'],
00104         );
00105 
00106         $ans = sql_query('check_pw', $param, $db);
00107         sleep(2);
00108 
00109         if (empty($ans)) {
00110                 # wrong login / password, re-display HTML form
00111 
00112                 $tpl_vars = $INPUT;
00113                 $tpl_vars['errors_info'] = $errors;
00114                 $tpl_vars['errors_info'][] = 'password';
00115 
00116                 do_template($smarty, 'setpw.tpl' , $tpl_vars);
00117                 sql_exit($db);
00118                 exit(0);
00119         } else {
00120                 sql_query('update', $param, $db);
00121         }
00122 }
00123 
00124 }

Here is the call graph for this function:

Generated on Fri Jul 14 17:38:59 2006 for semapp by  doxygen 1.4.7