<?php
/**
 * The Strangecode Codebase - a general application development framework for PHP
 * For details visit the project site: <http://trac.strangecode.com/codebase/>
 * Copyright 2001-2012 Strangecode, LLC
 * 
 * This file is part of The Strangecode Codebase.
 *
 * The Strangecode Codebase is free software: you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as published by the
 * Free Software Foundation, either version 3 of the License, or (at your option)
 * any later version.
 * 
 * The Strangecode Codebase is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 * 
 * You should have received a copy of the GNU General Public License along with
 * The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
 */

/**
 * password.php
 */

// require_once dirname(__FILE__) . '/_config.inc.php';

$auth->requireLogin();

require_once 'codebase/lib/FormValidator.inc.php';

/******************************************************************************
 * CODE CONFIG
 *****************************************************************************/

// Titles and navigation header.
$nav->add(_("Change password"));

// The object to validate form input from the user.
$fv = new FormValidator();

/********************************************************************
* MAIN
********************************************************************/

if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) {
    // We remember which page we came from so we can go back there.
    $app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admin_password');
}
$app->sslOn();

switch (getFormData('op')) {
case 'update_password' :

    // Get the form variables.
    $frm = getFormData();

    // Validate the posted data.
//  $fv->isEmpty('oldpassword', _("You did not specify the <strong>old password</strong>."));
    $fv->checkRegex('oldpassword', '/^[[:alnum:][:punct:]]{0,128}$/i', true, _("The <strong>Old password</strong> specified is not valid."));
    if (!$fv->isEmpty('newpassword', _("You did not specify the <strong>New password</strong>."))) {
        $fv->checkRegex('newpassword', '/^[[:alnum:][:punct:]]{6,128}$/i', true, _("The <strong>New password</strong> specified is not valid. A password must be 6 or more characters."));
        if ($frm['newpassword'] != $frm['newpassword2'] && !$fv->isEmpty('newpassword2', _("You need to type the <strong>New password</strong> twice."))) {
            $fv->addError('newpassword', _("The <strong>New passwords</strong> do not match."));
            $fv->addError('newpassword2');
        }
    }

    if (!$fv->anyErrors() && false === $auth->authenticate($auth->get('username'), $frm['oldpassword'])) {
        $fv->addError('oldpassword', _("Your <strong>Old password</strong> failed authentication."));
        $app->logMsg(sprintf('Password change failed for %s, using (md5ed) password: %s', $auth->get('username'), md5($frm['oldpassword'])), LOG_NOTICE, __FILE__, __LINE__);
    }

    if (!$fv->anyErrors()) {
        $auth->setPassword(null, $frm['newpassword']);
        $app->logMsg(sprintf('Password change successful for %s', $auth->get('username')), LOG_INFO, __FILE__, __LINE__);
        $app->raiseMsg(sprintf(_("Password change successful for %s"), $auth->get('username')), MSG_SUCCESS, __FILE__, __LINE__);
        $app->dieBoomerangURL('admin_password');
    }
    break;
}

// Templates.
include 'header.ihtml';
include 'codebase/services/templates/password.ihtml';
include 'footer.ihtml';