2017-05-22 11:24:21 +02:00
|
|
|
<?php
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
//
|
|
|
|
|
// NagiosQL
|
|
|
|
|
//
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
//
|
2019-04-17 11:40:50 +02:00
|
|
|
// (c) 2005-2018 by Martin Willisegger
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
|
// Project : NagiosQL
|
|
|
|
|
// Component : Password administration
|
2019-04-17 11:40:50 +02:00
|
|
|
// Website : https://sourceforge.net/projects/nagiosql/
|
|
|
|
|
// Version : 3.4.0
|
|
|
|
|
// GIT Repo : https://gitlab.com/wizonet/NagiosQL
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
//
|
2019-04-17 11:40:50 +02:00
|
|
|
// Path settings
|
|
|
|
|
// ===================
|
|
|
|
|
$strPattern = '(admin/[^/]*.php)';
|
|
|
|
|
$preRelPath = preg_replace($strPattern, '', filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_STRING));
|
|
|
|
|
$preBasePath = preg_replace($strPattern, '', filter_input(INPUT_SERVER, 'SCRIPT_FILENAME', FILTER_SANITIZE_STRING));
|
|
|
|
|
//
|
2017-05-22 11:24:21 +02:00
|
|
|
// Define common variables
|
|
|
|
|
// =======================
|
2019-04-17 11:40:50 +02:00
|
|
|
$prePageId = 31;
|
|
|
|
|
$preContent = 'admin/password.htm.tpl';
|
|
|
|
|
$preAccess = 1;
|
|
|
|
|
$preFieldvars = 1;
|
|
|
|
|
$preShowHeader = 0;
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
|
// Include preprocessing files
|
|
|
|
|
// ===========================
|
2019-04-17 11:40:50 +02:00
|
|
|
require $preBasePath.'functions/prepend_adm.php';
|
|
|
|
|
require $preBasePath.'functions/prepend_content.php';
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
|
// Change password
|
|
|
|
|
// =======================
|
2019-04-17 11:40:50 +02:00
|
|
|
if (($chkTfValue1 != '') && ($chkTfValue2 != '')) {
|
|
|
|
|
// Check old password
|
|
|
|
|
$strSQL = 'SELECT * FROM `tbl_user` '
|
|
|
|
|
. "WHERE `username`='".$_SESSION['username']."' AND `password`=MD5('$chkTfValue1')";
|
|
|
|
|
$booReturn = $myDBClass->hasDataArray($strSQL, $arrDataLines, $intDataCount);
|
|
|
|
|
if ($booReturn == false) {
|
|
|
|
|
$myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
|
|
|
|
|
$myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
|
|
|
|
|
} elseif ($intDataCount == 1) {
|
|
|
|
|
// Check equality and password length
|
|
|
|
|
if (($chkTfValue2 === $chkTfValue3) && (strlen($chkTfValue2) >=5)) {
|
|
|
|
|
// Update database
|
|
|
|
|
$strSQLUpdate = "UPDATE `tbl_user` SET `password`=MD5('$chkTfValue2'), `last_login`=NOW() "
|
|
|
|
|
. "WHERE `username`='".$_SESSION['username']."'";
|
|
|
|
|
$booReturn = $myDBClass->insertData($strSQLUpdate);
|
|
|
|
|
if ($booReturn == true) {
|
|
|
|
|
$myDataClass->writeLog(translate('Password successfully modified'));
|
|
|
|
|
// Force new login
|
|
|
|
|
$_SESSION['logged_in'] = 0;
|
|
|
|
|
$_SESSION['username'] = '';
|
|
|
|
|
$_SESSION['userid'] = 0;
|
|
|
|
|
$_SESSION['groupadm'] = 0;
|
|
|
|
|
$_SESSION['domain'] = 0;
|
|
|
|
|
header('Location: ' .$SETS['path']['protocol']. '://' .
|
|
|
|
|
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
|
|
|
|
|
$_SESSION['SETS']['path']['base_url']. 'index.php');
|
|
|
|
|
} else {
|
|
|
|
|
$myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
|
|
|
|
|
$myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// New password wrong
|
|
|
|
|
$myVisClass->processMessage(
|
|
|
|
|
translate('Password too short or password fields do not match!'),
|
|
|
|
|
$strErrorMessage
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// Old password wrong
|
|
|
|
|
$myVisClass->processMessage(translate('The old password is invalid'), $strErrorMessage);
|
|
|
|
|
}
|
|
|
|
|
} elseif (filter_input(INPUT_POST, 'submit')) {
|
|
|
|
|
// Wrong data
|
|
|
|
|
$myVisClass->processMessage(
|
|
|
|
|
translate('Database entry failed! Not all necessary data filled in!'),
|
|
|
|
|
$strErrorMessage
|
|
|
|
|
);
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
|
|
|
|
//
|
|
|
|
|
// Output header variable
|
|
|
|
|
// ======================
|
|
|
|
|
echo $tplHeaderVar;
|
|
|
|
|
//
|
|
|
|
|
// Include content
|
|
|
|
|
// ===============
|
2019-04-17 11:40:50 +02:00
|
|
|
foreach ($arrDescription as $elem) {
|
|
|
|
|
$conttp->setVariable($elem['name'], $elem['string']);
|
|
|
|
|
}
|
|
|
|
|
$conttp->setVariable('LANG_SAVE', translate('Save'));
|
|
|
|
|
$conttp->setVariable('LANG_ABORT', translate('Abort'));
|
|
|
|
|
$conttp->setVariable('FILL_ALLFIELDS', translate('Please fill in all fields marked with an *'));
|
|
|
|
|
$conttp->setVariable('FILL_NEW_PASSWD_NOT_EQUAL', translate('The new passwords don not match!'));
|
|
|
|
|
$conttp->setVariable('FILL_NEW_PWDSHORT', translate('The new password is too short - use at least 6 characters!'));
|
|
|
|
|
if ($strErrorMessage != '') {
|
|
|
|
|
$conttp->setVariable('ERRORMESSAGE', $strErrorMessage);
|
2017-05-22 11:24:21 +02:00
|
|
|
}
|
2019-04-17 11:40:50 +02:00
|
|
|
$conttp->setVariable('ACTION_INSERT', filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_STRING));
|
|
|
|
|
$conttp->setVariable('IMAGE_PATH', $_SESSION['SETS']['path']['base_url']. 'images/');
|
2017-05-22 11:24:21 +02:00
|
|
|
// Check access rights for adding new objects
|
2019-04-17 11:40:50 +02:00
|
|
|
if ($myVisClass->checkAccountGroup($prePageKey, 'write') != 0) {
|
|
|
|
|
$conttp->setVariable('ADD_CONTROL', 'disabled="disabled"');
|
|
|
|
|
}
|
|
|
|
|
$conttp->parse('passwordsite');
|
|
|
|
|
$conttp->show('passwordsite');
|
2017-05-22 11:24:21 +02:00
|
|
|
//
|
|
|
|
|
// Include footer
|
|
|
|
|
// ==============
|
2019-04-17 11:40:50 +02:00
|
|
|
$maintp->setVariable('VERSION_INFO', "<a href='https://sourceforge.net/projects/nagiosql/' "
|
|
|
|
|
. "target='_blank'>NagiosQL</a> $setFileVersion");
|
|
|
|
|
$maintp->parse('footer');
|
|
|
|
|
$maintp->show('footer');
|
