From 3163329b8a8da24b8e388d4309f99cf2c6742a19 Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Sat, 16 Aug 2008 17:23:44 +0000 Subject: Central: Added logout page Also modified Change Password to lock out non logged-in users and to use the instaDisc_verifyUser() functions instead of inlining it. Refs #25 --- central/trunk/changepassword.php | 69 ++++++++++++++++++++-------------------- central/trunk/logout.php | 11 +++++++ 2 files changed, 46 insertions(+), 34 deletions(-) create mode 100644 central/trunk/logout.php (limited to 'central/trunk') diff --git a/central/trunk/changepassword.php b/central/trunk/changepassword.php index 84c7110..81fc5a7 100644 --- a/central/trunk/changepassword.php +++ b/central/trunk/changepassword.php @@ -5,52 +5,53 @@ include('includes/instadisc.php'); include('includes/template.php'); -if (!isset($_GET['submit'])) +if (isset($_SESSION['username'])) { - showForm('','','',array()); -} else { - $numOfErrors = 0; - $errors = array(); - - if ($_POST['old'] == '') + if (!isset($_GET['submit'])) { - addError($numOfErrors, $errors, 'old', 'Old Password is a required field'); + showForm('','','',array()); } else { - $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_SESSION['username']) . "\" AND password = \"" . mysql_real_escape_string(md5($_POST['old'])) . "\""; - $getuser2 = mysql_query($getuser); - $getuser3 = mysql_fetch_array($getuser2); + $numOfErrors = 0; + $errors = array(); - if ($getuser3['password'] != md5($_POST['password'])) + if ($_POST['old'] == '') { - addError($numOfErrors, $errors, 'old', 'Old password is not correct'); + addError($numOfErrors, $errors, 'old', 'Old Password is a required field'); + } else { + if (!instaDisc_verifyUser($_SESSION['username'], $_POST['old']) + { + addError($numOfErrors, $errors, 'old', 'Old password is not correct'); + } } - } - if ($_POST['new'] == '') - { - addError($numOfErrors, $errors, 'new', 'New Password is a required field'); - } + if ($_POST['new'] == '') + { + addError($numOfErrors, $errors, 'new', 'New Password is a required field'); + } - if ($_POST['confirm'] == '') - { - addError($numOfErrors, $errors, 'confirm', 'Confirm New Password is a required field'); - } + if ($_POST['confirm'] == '') + { + addError($numOfErrors, $errors, 'confirm', 'Confirm New Password is a required field'); + } - if ($_POST['new'] != $_POST['confirm']) - { - addError($numOfErrors, $errors, 'confirm', 'Passwords do not match'); - } + if ($_POST['new'] != $_POST['confirm']) + { + addError($numOfErrors, $errors, 'confirm', 'Passwords do not match'); + } - if ($numOfErrors > 0) - { - showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors); - } else { - instaDisc_changePassword($_SESSION['username'], $_POST['new']); + if ($numOfErrors > 0) + { + showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors); + } else { + instaDisc_changePassword($_SESSION['username'], $_POST['new']); - $template = new FITemplate('changedpassword'); - $template->add('SITENAME', instaDisc_getConfig('siteName')); - $template->display(); + $template = new FITemplate('changedpassword'); + $template->add('SITENAME', instaDisc_getConfig('siteName')); + $template->display(); + } } +} else { + header('Location: index.php'); } function showForm($old, $new, $confirm, $errors) diff --git a/central/trunk/logout.php b/central/trunk/logout.php new file mode 100644 index 0000000..e915329 --- /dev/null +++ b/central/trunk/logout.php @@ -0,0 +1,11 @@ + -- cgit 1.4.1