diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php index fd796bcc1..66201f8b0 100644 --- a/modules/pref-prefs.php +++ b/modules/pref-prefs.php @@ -10,6 +10,53 @@ function module_pref_prefs($link) { $subop = $_REQUEST["subop"]; + if ($subop == "change-password") { + + $old_pw = $_POST["OLD_PASSWORD"]; + $new_pw = $_POST["NEW_PASSWORD"]; + $con_pw = $_POST["CONFIRM_PASSWORD"]; + + if ($old_pw == "") { + print "ERROR: Old password cannot be blank."; + return; + } + + if ($new_pw == "") { + print "ERROR: New password cannot be blank."; + return; + } + + if ($new_pw != $con_pw) { + print "ERROR: Entered passwords do not match."; + return; + } + + $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]); + $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]); + + $active_uid = $_SESSION["uid"]; + + if ($old_pw && $new_pw) { + + $login = db_escape_string($_SERVER['PHP_AUTH_USER']); + + $result = db_query($link, "SELECT id FROM ttrss_users WHERE + id = '$active_uid' AND (pwd_hash = '$old_pw' OR + pwd_hash = '$old_pw_hash')"); + + if (db_num_rows($result) == 1) { + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' + WHERE id = '$active_uid'"); + + print "Password has been changed."; + } else { + print "ERROR: Old password is incorrect."; + } + } + + return; + } + if ($subop == "Save configuration") { $_SESSION["prefs_op_result"] = "save-config"; @@ -78,36 +125,6 @@ return prefs_js_redirect(); - } else if ($subop == "Change password") { - - $old_pw = $_POST["OLD_PASSWORD"]; - $new_pw = $_POST["OLD_PASSWORD"]; - - $old_pw_hash = 'SHA1:' . sha1($_POST["OLD_PASSWORD"]); - $new_pw_hash = 'SHA1:' . sha1($_POST["NEW_PASSWORD"]); - - $active_uid = $_SESSION["uid"]; - - if ($old_pw && $new_pw) { - - $login = db_escape_string($_SERVER['PHP_AUTH_USER']); - - $result = db_query($link, "SELECT id FROM ttrss_users WHERE - id = '$active_uid' AND (pwd_hash = '$old_pw' OR - pwd_hash = '$old_pw_hash')"); - - if (db_num_rows($result) == 1) { - db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' - WHERE id = '$active_uid'"); - - $_SESSION["pwd_change_result"] = "ok"; - } else { - $_SESSION["pwd_change_result"] = "failed"; - } - } - - return prefs_js_redirect(); - } else if ($subop == "Reset to defaults") { $_SESSION["prefs_op_result"] = "reset-to-defaults"; @@ -167,7 +184,7 @@ print format_warning("Your password is at default value, please change it."); } - if ($_SESSION["pwd_change_result"] == "failed") { +/* if ($_SESSION["pwd_change_result"] == "failed") { print format_warning("Could not change the password."); } @@ -175,7 +192,7 @@ print format_notice("Password was changed."); } - $_SESSION["pwd_change_result"] = ""; + $_SESSION["pwd_change_result"] = ""; */ if ($_SESSION["prefs_op_result"] == "reset-to-defaults") { print format_notice("The configuration was reset to defaults."); @@ -210,30 +227,40 @@ print ""; - print "
"; + print ""; + } $result = db_query($link, "SELECT diff --git a/prefs.js b/prefs.js index d6feeecee..6256f71bf 100644 --- a/prefs.js +++ b/prefs.js @@ -124,13 +124,26 @@ function gethelp_callback() { } } - function notify_callback() { if (xmlhttp.readyState == 4) { notify_info(xmlhttp.responseText); } } + +function changepass_callback() { + if (xmlhttp.readyState == 4) { + + if (xmlhttp.responseText.indexOf("ERROR: ") == 0) { + notify_error(xmlhttp.responseText.replace("ERROR: ", "")); + } else { + notify_info(xmlhttp.responseText); + } + + document.forms['change_pass_form'].reset(); + } +} + function updateFeedList(sort_key) { if (!xmlhttp_ready(xmlhttp)) { @@ -1585,4 +1598,28 @@ function showFeedsWithErrors() { displayDlg('feedUpdateErrors'); } +function changeUserPassword() { + + try { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return false; + } + + var query = Form.serialize("change_pass_form"); + + notify_progress("Trying to change password..."); + + xmlhttp.open("POST", "backend.php", true); + xmlhttp.onreadystatechange=changepass_callback; + xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); + xmlhttp.send(query); + + } catch (e) { + exception_error("changeUserPassword", e); + } + + return false; +}