Subversion Repositories ALCASAR

Rev

Rev 426 | Blame | Last modification | View Log

<?php
# change user password on Alcasar captive Portal
# Copyright (C) 2003, 2004 Mondru AB.
# Copyright (C) 2008-2009 ANGEL95 & REXY

require('/etc/freeradius-web/config.php');

$current_page = $_SERVER['PHP_SELF'];

# Choice of language
$Language = 'fr';
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
  $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
  $Language = strtolower(substr(chop($Langue[0]),0,2)); }
if($Language == 'es'){
$R_title = "User password change";
$R_form_l1 = "User";
$R_form_l2 = "Old password";
$R_form_l3 = "New password";
$R_form_l4 = "New password (confirmation)";
$R_form_button = "Modify";
$R_form_result1 = "Your password has been successfuly changed";
$R_form_result2 = "Error when trying to change password";
$R_retour = "ALCASAR home page";}
if($Language == 'de'){
$R_title = "User password change";
$R_form_l1 = "User";
$R_form_l2 = "Old password";
$R_form_l3 = "New password";
$R_form_l4 = "New password (confirmation)";
$R_form_button = "Modify";
$R_form_result1 = "Your password has been successfuly changed";
$R_form_result2 = "Error when trying to change password";
$R_retour = "ALCASAR home page";}
if($Language == 'nl'){
$R_title = "User password change";
$R_form_l1 = "User";
$R_form_l2 = "Old password";
$R_form_l3 = "New password";
$R_form_l4 = "New password (confirmation)";
$R_form_button = "Modify";
$R_form_result1 = "Your password has been successfuly changed";
$R_form_result2 = "Error when trying to change password";
$R_retour = "ALCASAR home page";}
if($Language == 'en'){
$R_title = "User password change";
$R_form_l1 = "User";
$R_form_l2 = "Old password";
$R_form_l3 = "New password";
$R_form_l4 = "New password (confirmation)";
$R_form_button = "Modify";
$R_form_result1 = "Your password has been successfuly changed";
$R_form_result2 = "Error when trying to change password";
$R_retour = "ALCASAR home page";}
if($Language == 'fr'){
$R_title = "Changement de mot de passe utilisateur";
$R_form_l1 = "Utilisateur";
$R_form_l2 = "Ancien mot de passe";
$R_form_l3 = "nouveau mot de passe";
$R_form_l4 = "nouveau mot de passe (confirmation)";
$R_form_button = "Modifier";
$R_form_result1 = "Votre mot de passe a &eacute;t&eacute; modifi&eacute; avec succ&egrave;s";
$R_form_result2 = "Erreur de changement de mot de passe";
$R_retour = "Retour &agrave; la page d'accueil ALCASAR";
}
echo "
<html>
        <head>
                <title>$R_title</title>
                <meta http-equiv=\"Cache-control\" content=\"no-cache\">
                <meta http-equiv=\"Pragma\" content=\"no-cache\">
                <link rel=\"stylesheet\" href=\"../css/pass.css\" type=\"text/css\">
        </head>
        <body>
                <div id=\"page\">
                        <div id=\"block_pass\">
                                <form name=\"master\" action=\"$current_page\" method=\"post\">
                                <input type=hidden name=action value=checkpass>
                                <p id=\"titre_pass\">$R_title</p>
                                        <table id=\"champs_pass\">
                                                <tr>
                                                        <td class=\"first_item\">$R_form_l1</td>
                                                        <td><input type=\"text\" name=\"login\" value=\"\" label=\"test\"></td>
                                                </tr>   
                                                <tr>
                                                        <td class=\"first_item\">$R_form_l2</td>
                                                        <td><input type=\"password\" name=\"passwd\" value=\"\"></td>
                                                </tr>
                                                <tr>
                                                        <td class=\"first_item\">$R_form_l3</td>
                                                        <td><input type=\"password\" name=\"newpasswd\" value=\"\"></td>
                                                </tr>
                                                <tr>
                                                        <td class=\"first_item\">$R_form_l4</td>
                                                        <td><input type=\"password\" name=\"newpasswd2\" value=\"\"></td>
                                                </tr>
                                        </table>
                                <span><a href=\"http://alcasar\">$R_retour</a></span>
                                <input type=\"submit\" class=\"button\" id=\"btn_pass\" value=\"$R_form_button\">
                        </div>
                </div>
";

if (is_file("sql/drivers/$config[sql_type]/functions.php"))
        include_once("sql/drivers/$config[sql_type]/functions.php");
else{
        echo "<b>Could not include SQL library</b><br>\n";
        exit();
}
if (isset($action)){
        if ($action == 'checkpass'){
        $link = @da_sql_pconnect($config);
        if ($link){
                $res = @da_sql_query($link,$config,
                        "SELECT attribute,value FROM $config[sql_check_table] WHERE username = '$login'
                        AND attribute = '$config[sql_password_attribute]';");
                if ($res){
                        $row = @da_sql_fetch_array($res,$config);
                        if (is_file("crypt/$config[general_encryption_method].php")){
                                include("crypt/$config[general_encryption_method].php");
                                $enc_passwd = $row['value'];
                                $passwd = da_encrypt($passwd,$enc_passwd);
                                $newpasswd = da_encrypt($newpasswd,$enc_passwd);
                                $newpasswd2 = da_encrypt($newpasswd2,$enc_passwd);
                                if (($passwd == $enc_passwd) and ($newpasswd == $newpasswd2)){
                                        $msg = '<font color=blue><b>'.$R_form_result1.'</b></font>';
                                        $res2 = @da_sql_query($link,$config,
                                                "UPDATE $config[sql_check_table] set value='$newpasswd' WHERE username = '$login'
                                                AND attribute = '$config[sql_password_attribute]';");}
                                else
                                        $msg = '<font color=red><b>'.$R_form_result2.'</b></font>';
                        }
                        else
                                echo "<b>Could not open encryption library file</b><br>\n";
                }
        }
        echo "<span align=center>$msg</span>\n";
}
}
?>
</body>
</html>