Subversion Repositories ALCASAR

<?php

# change user password on Alcasar captive Portal

# Copyright (C) 2003, 2004 Mondru AB.

# Copyright (C) 2008-2009 ANGEL95 & REXY

require('/etc/freeradius-web/config.php');

require('../lib/functions.php');

require('../lib/defaults.php');

$current_page = $_SERVER['PHP_SELF'];

# Choice of language

$Language = 'fr';

if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){

  $Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);

  $Language = strtolower(substr(chop($Langue[0]),0,2)); }

if($Language == 'es'){

$R_title = "User password change";

$R_form_l1 = "User";

$R_form_l2 = "Old password";

$R_form_l3 = "New password";

$R_form_l4 = "New password (confirmation)";

$R_form_button = "Modify";

$R_form_result1 = "Your password has been successfuly changed";

$R_form_result2 = "Error when trying to change password";

}

if($Language == 'de'){

$R_title = "User password change";

$R_form_l1 = "User";

$R_form_l2 = "Old password";

$R_form_l3 = "New password";

$R_form_l4 = "New password (confirmation)";

$R_form_button = "Modify";

$R_form_result1 = "Your password has been successfuly changed";

$R_form_result2 = "Error when trying to change password";

}

if($Language == 'nl'){

$R_title = "User password change";

$R_form_l1 = "User";

$R_form_l2 = "Old password";

$R_form_l3 = "New password";

$R_form_l4 = "New password (confirmation)";

$R_form_button = "Modify";

$R_form_result1 = "Your password has been successfuly changed";

$R_form_result2 = "Error when trying to change password";

}

if($Language == 'en'){

$R_title = "User password change";

$R_form_l1 = "User";

$R_form_l2 = "Old password";

$R_form_l3 = "New password";

$R_form_l4 = "New password (confirmation)";

$R_form_button = "Modify";

$R_form_result1 = "Your password has been successfuly changed";

$R_form_result2 = "Error when trying to change password";

}

if($Language == 'fr'){

$R_title = "Changement de mot de passe utilisateur";

$R_form_l1 = "Utilisateur";

$R_form_l2 = "Ancien mot de passe";

$R_form_l3 = "nouveau mot de passe";

$R_form_l4 = "nouveau mot de passe (confirmation)";

$R_form_button = "Modifier";

$R_form_result1 = "Votre mot de passe a été modifié avec succès";

$R_form_result2 = "Erreur de changement de mot de passe";

}

echo "

<html>

<head>

  <title>$R_title</title>

  <meta http-equiv=\"Cache-control\" content=\"no-cache\">

  <meta http-equiv=\"Pragma\" content=\"no-cache\">

<link rel=\"stylesheet\" href=\"/css/style.css\" type=\"text/css\">

</head>

<body>

<center>

<table border=0 width=400 cellpadding=0 cellspacing=2>

<tr>

<td>

<form name=\"master\" action=\"$current_page\" method=\"post\">

<input type=hidden name=action value=checkpass>

<br>

<table border=0 width=540 cellpadding=1 cellspacing=1>

<tr valign=top>

<td width=340></td>

<td bgcolor=\"black\" width=200>

	<table border=0 width=100% cellpadding=2 cellspacing=0>

	<tr bgcolor=\"#907030\" align=right valign=top><th>

	<font color=\"white\">$R_title</font>&nbsp;

	</th></tr>

	</table>

</td></tr>

<tr bgcolor=\"black\" valign=top><td colspan=2>

	<table border=0 width=100% cellpadding=12 cellspacing=0 bgcolor=\"#ffffd0\" valign=top>

	<tr><td>

	<table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor=\"#ffffe0\" valign=top>

	<tr><td align=center bgcolor=\"#d0ddb0\">$R_form_l1</td><td><input type=\"text\" name=\"login\" value=\"\"></td></tr>	

	<tr><td align=center bgcolor=\"#d0ddb0\">$R_form_l2</td><td><input type=\"password\" name=\"passwd\" value=\"\"></td></tr>	

	<tr><td align=center bgcolor=\"#d0ddb0\">$R_form_l3</td><td><input type=\"password\" name=\"newpasswd\" value=\"\"></td></tr>	

	<tr><td align=center bgcolor=\"#d0ddb0\">$R_form_l4</td><td><input type=\"password\" name=\"newpasswd2\" value=\"\">&nbsp;<input type=\"submit\" class=button value=\"$R_form_button\"></td></tr>	

	</table>

	</table>

</table>";

#if (is_file("../lib/$config[general_lib_type]/password_check.php"))

#	include("../lib/$config[general_lib_type]/password_check.php");

if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))

	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");

else{

	echo "<b>Could not include SQL library</b><br>\n";

	exit();

}

if ($action == 'checkpass'){

	$link = @da_sql_pconnect($config);

	if ($link){

		$res = @da_sql_query($link,$config,

			"SELECT attribute,value FROM $config[sql_check_table] WHERE username = '$login'

			AND attribute = '$config[sql_password_attribute]';");

		if ($res){

			$row = @da_sql_fetch_array($res,$config);

			if (is_file("../lib/crypt/$config[general_encryption_method].php")){

				include("../lib/crypt/$config[general_encryption_method].php");

				$enc_passwd = $row[value];

				$passwd = da_encrypt($passwd,$enc_passwd);

				$newpasswd = da_encrypt($newpasswd,$enc_passwd);

				$newpasswd2 = da_encrypt($newpasswd2,$enc_passwd);

				if (($passwd == $enc_passwd) and ($newpasswd == $newpasswd2)){

					$msg = '<font color=blue><b>'.$R_form_result1.'</b></font>';

					$res2 = @da_sql_query($link,$config,

						"UPDATE $config[sql_check_table] set value='$newpasswd' WHERE username = '$login'

						AND attribute = '$config[sql_password_attribute]';");}

				else

					$msg = '<font color=red><b>'.$R_form_result2.'</b></font>';

			}

			else

				echo "<b>Could not open encryption library file</b><br>\n";

		}

	}

	echo "<tr><td colspan=3 align=center>$msg</td></tr>\n";

}

?>

</body>

</html>