modules/index/chpass.php (74a5d99) - webinterface.git

chpass.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
require_once('inc/debug.php');
$title = "Passwort &auml;ndern";
$error = '';
require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER));
if ($_POST['password1'] != '')
{
  check_form_token('index_chpass');
  $result = NULL;
  switch ($_SESSION['role'])
  {
    case ROLE_SYSTEMUSER:
      $result = find_role($_SESSION['userinfo']['uid'], $_POST['old_password']);
      break;
    case ROLE_CUSTOMER:
      $result = find_role($_SESSION['customerinfo']['customerno'], $_POST['old_password']);
      break;
  }
  if ($result == NULL)
    input_error('Das bisherige Passwort ist nicht korrekt!');
  elseif ($_POST['password2'] != $_POST['password1'])
    input_error('Die Best&auml;tigung ist nicht identisch mit dem neuen Passwort!');
  elseif ($_POST['password2'] == '')
    input_error('Sie m&uuml;ssen das neue Passwort zweimal eingeben!');
  elseif ($_POST['old_password'] == '')
    input_error('Altes Passwort nicht angegeben!');
  else
  {
    if ($result == ROLE_SYSTEMUSER)
      set_systemuser_password($_SESSION['userinfo']['uid'], $_POST['password1']);
    elseif ($result == ROLE_CUSTOMER)
      set_customer_password($_SESSION['customerinfo']['customerno'], $_POST['password1']);
    else
      system_failure("WTF?!");
    
    if (! $debugmode)
      header('Location: index.php');
    else
      output('');
  }
}
if ($_SESSION['role'] == ROLE_SYSTEMUSER)
  warning('Beachten Sie: Wenn Sie hier Ihr Passwort ändern, betrifft dies auch Ihr Anmelde-Passwort am Server (SSH).');
 
 
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
webinterface.git

XSRF-kram fixed
