MonPass_8prg_source.html

 <?php
   $monLibrary= dirname(__FILE__) . "/../library";
   $sharedLibrary= dirname(__FILE__) . "/../../shared/library";
   require_once("$monLibrary/cu_top.i");
   require_once("$monLibrary/ck_hticket.i");
   require_once("$monLibrary/cu_pass.i");
   require_once("$sharedLibrary/errormail.i"); // Be sure errormail is included

   if (!CheckPerm($link, $Hu, basename($_SERVER['SCRIPT_NAME']), $_SERVER['REMOTE_ADDR'])) {
     // ** Permissions failed
     // ** redirect to new page
     header("Location: /hcuadm/hcu_noperm.prg");
     exit;
   }

 $dms_ok=array('action'=>'string','new1'=>'string','new2'=>'string','rowid'=>'string');

 dms_import($dms_ok);

 $self = $_SERVER['PHP_SELF'];

 if (isset($action)) {
   $msg="";
   if ($new1 != $new2) {$msg .= "New Passwords Don't Match.<br>"; }
   if (preg_match("/['\"]/",$new1)){$msg .= "Invalid Characters in New Password.<br>";}
   if (strlen($new1) < 4) {$msg .= "Password must be at least 4 characters.<br>";}
   if (strlen($new1) > 0 && !(preg_match("/\d/",$new1) && preg_match("/\D/",$new1))) {
     $msg .= "Password must contain both number and letter characters!\n";}

     $dbh = $link;

   if (empty($msg)){
     $salt = compute_salt(0);
     $hash = password_hash($new1, PASSWORD_DEFAULT);
     $sql= "update cuadminusers set passwd='$hash', forcechange='N',
            pwchange=now(), failedremain=5
            where  user_name='$rowid'";
     $sth = db_query($sql,$dbh);
     if (!$sth) {
       $msg= "Unable to update password";
       $notify = new ErrorMail;
       $notify->mailto='miki@homecu.net';
       $notify->replyto='miki@homecu.net';
       $notify->subject='hcuadm/MonPass encountered Error updating password';
       $notify->msgbody =  "\tMonPass Unable to update Master Password\n\n";
       $notify->msgbody .= "Cu:   $rowid\n";
       $notify->msgbody .= $sql;
       $notify->file = __FILE__;
       $notify->cu = $rowid;
       $notify->SendMail();

     } else {
       db_free_result($sth);

             cu_header("Password Updated");
       cu_message("Succeeded<br>Password successfully updated");
             cu_footer();
     exit;

       }
   }
 }
 cu_header("Password Change");
 print <<<EOF
 <script>
 function validate()
 {
     var strNew1 = document.forms[0].new1.value;
     var strNew2 = document.forms[0].new2.value;
     var strMessage = "";

     // validate user entries

   if (strNew1.length < 4 || strNew1.length > 8)
         { strMessage += 'New password must be from 4 to 8 characters long.\\n';}
   if (strNew1 != strNew2)
         { strMessage += "New passwords do not match.\\n";}
   if (strNew1.indexOf("'") != -1  || strNew1.indexOf('"') != -1)
         { strMessage += "Invalid Characters in New password.\\n";}
   var boolHasDigit = false;
   var boolHasChar = false;
  for (i=0; i < strNew1.length; i++)
         {
          ch = strNew1.charAt(i);
          if (ch >= '0' && ch <= '9')
             { boolHasDigit = true; }
          if ((ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <='z'))
             { boolHasChar = true; }
         }
   if ((boolHasDigit == false) || (boolHasChar == false))
         { strMessage += "Password must contain both number and letter characters.\\n";}

   if (strMessage.length > 0)
     {
         alert(strMessage);
         return false;
     }


     document.forms[0].submit();
     return true;

 }
 </script>
 EOF;

 print <<<EOF
 <CENTER>
       <FORM NAME=login ACTION="${self}" METHOD=post>
       <TABLE BORDER=0 width="90%" cellpadding=3 cellspacing=0 class='dmsbg'><tr><td>
       <TABLE BORDER=0 width="100%" cellpadding=2 cellspacing=0 bgcolor=white>
       <TR><TD CLASS="bar" align="center" colspan=3>Password Change</TD></TR>
       <TR>
       <TD CLASS="hdr" align="right">Master Password:</TD>
       <TD CLASS="dtl"><INPUT NAME="new1" TYPE="password" SIZE="10" MAXLENGTH="8"
 ></TD>
       <TD CLASS="dtl">Password must be from 4 to 8 characters long and contain a
  combination of numbers and letters</TD>
       </TR>
       <TR>
       <TD CLASS="hdr" align="right">Confirm Master Password:</TD>
       <TD CLASS="dtl"><INPUT NAME="new2" TYPE="password" SIZE="10" MAXLENGTH="8"
 ></TD>
       <TD CLASS="dtl">Enter new password again to confirm</TD>
       </TR>
       <TR>
             <td class='dtl'>&nbsp;</td>
       <TD CLASS="dtl" colspan=2>
       <input type=hidden name="action" value="Change Password">
       <input type=hidden name="rowid" value="$rowid">
       <INPUT TYPE="button" NAME="BtnSubmit" VALUE=" Change Password " onClick="validate()"></TD></TR>
      </table>
          </td></tr></table>
       </FORM>
       </BODY></HTML>

 EOF;
 ?>
ErrorMail
Definition: errormail.i:9