ulogger-server/utils/changepass.php

<?php
/* μlogger
 *
 * Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
 *
 * This is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

  require_once(dirname(__DIR__) . "/auth.php"); // sets $user

  /**
   * Exit with error message
   *
   * @param string $errorMessage Message
   */
  function exitWithError($errorMessage) {
    return exitWithStatus(true, $errorMessage);
  }

  /**
   * Exit with xml response
   * @param boolean $isError Error if true
   * @param string $errorMessage Optional error message
   */
  function exitWithStatus($isError = false, $errorMessage = NULL) {
    header("Content-type: text/xml");
    $xml = new XMLWriter();
    $xml->openURI("php://output");
    $xml->startDocument("1.0");
    $xml->setIndent(true);
    $xml->startElement('root');
      $xml->writeElement("error", (int) $isError);
    if ($isError) {
      $xml->writeElement("message", $errorMessage);
    }
    $xml->endElement();
    $xml->endDocument();
    $xml->flush();
    exit;
  }

  $login = isset($_REQUEST['login']) ? trim($_REQUEST['login']) : NULL;
  $oldpass = isset($_REQUEST['oldpass']) ? $_REQUEST['oldpass'] : NULL;
  $pass = isset($_REQUEST['pass']) ? $_REQUEST['pass'] : NULL;
  if (empty($pass)) {
    exitWithError("Empty password");
  }
  if ($user->isAdmin && !empty($login)) {
    // different user, only admin
    $passUser = new uUser($login);
    if (!$passUser->valid) {
      exitWithError("User unknown");
    }
  } else {
    // current user
    $passUser = $user;
    if (!$passUser->validPassword($oldpass)) {
      exitWithError("Wrong old password");
    }
  }
  if ($passUser->setPass($pass) === false) {
    exitWithError("Server error");
  }

  exitWithStatus();

?>
Add password change form 2017-04-06 23:23:25 +02:00			`<?php`
			`/* μlogger`
			`*`
			`* Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)`
			`*`
			`* This is free software; you can redistribute it and/or modify it under`
Fix copyright notice 2017-04-07 00:05:28 +02:00			`* the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 3 of the License, or`
Add password change form 2017-04-06 23:23:25 +02:00			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful, but`
			`* WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`* General Public License for more details.`
			`*`
Fix copyright notice 2017-04-07 00:05:28 +02:00			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, see <http://www.gnu.org/licenses/>.`
Add password change form 2017-04-06 23:23:25 +02:00			`*/`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00
Remove unused references to mysqli object 2017-04-16 21:31:41 +02:00			`require_once(dirname(__DIR__) . "/auth.php"); // sets $user`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00
			`/**`
			`* Exit with error message`
			`*`
			`* @param string $errorMessage Message`
			`*/`
Add password change form 2017-04-06 23:23:25 +02:00			`function exitWithError($errorMessage) {`
			`return exitWithStatus(true, $errorMessage);`
			`}`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00
			`/**`
Add password change form 2017-04-06 23:23:25 +02:00			`* Exit with xml response`
			`* @param boolean $isError Error if true`
			`* @param string $errorMessage Optional error message`
			`*/`
			`function exitWithStatus($isError = false, $errorMessage = NULL) {`
			`header("Content-type: text/xml");`
			`$xml = new XMLWriter();`
			`$xml->openURI("php://output");`
			`$xml->startDocument("1.0");`
			`$xml->setIndent(true);`
			`$xml->startElement('root');`
			`$xml->writeElement("error", (int) $isError);`
			`if ($isError) {`
			`$xml->writeElement("message", $errorMessage);`
			`}`
			`$xml->endElement();`
			`$xml->endDocument();`
			`$xml->flush();`
			`exit;`
			`}`

			`$login = isset($_REQUEST['login']) ? trim($_REQUEST['login']) : NULL;`
			`$oldpass = isset($_REQUEST['oldpass']) ? $_REQUEST['oldpass'] : NULL;`
Add optional password_compat for PHP 5.4 2017-04-14 14:00:56 +02:00			`$pass = isset($_REQUEST['pass']) ? $_REQUEST['pass'] : NULL;`
			`if (empty($pass)) {`
Add password change form 2017-04-06 23:23:25 +02:00			`exitWithError("Empty password");`
			`}`
			`if ($user->isAdmin && !empty($login)) {`
			`// different user, only admin`
			`$passUser = new uUser($login);`
			`if (!$passUser->valid) {`
			`exitWithError("User unknown");`
			`}`
			`} else {`
			`// current user`
			`$passUser = $user;`
			`if (!$passUser->validPassword($oldpass)) {`
			`exitWithError("Wrong old password");`
			`}`
			`}`
Add optional password_compat for PHP 5.4 2017-04-14 14:00:56 +02:00			`if ($passUser->setPass($pass) === false) {`
Add password change form 2017-04-06 23:23:25 +02:00			`exitWithError("Server error");`
			`}`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00
Add password change form 2017-04-06 23:23:25 +02:00			`exitWithStatus();`
Update phpdoc, minor formatting 2017-04-09 23:35:55 +02:00
Add password change form 2017-04-06 23:23:25 +02:00			`?>`