<?php
# $Id$
# http://www.mapbender.org/index.php/ChangePassword
#
# Copyright (C) 2002 CCGIS 
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.


require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
/*  
 * @security_patch irv done
 */ 
//security_patch_log(__FILE__,__LINE__);
//import_request_variables("PG");

$postvars = explode(",", "oldpassword,newpassword,confirmpassword,profile_id,upd");
foreach ($postvars as $value) {
   $$value = $_POST[$value];
}

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<?php
echo '<meta http-equiv="Content-Type" content="text/html; charset='.CHARSET.'">';	
?>
<title>Change Password</title>
<style type="text/css">
<!--
body{
	font-family: Arial, Helvetica, sans-serif;
	font-size: 10px;
}
.desc{
	font-family: Arial, Helvetica, sans-serif;
	font-size: 9px;
}
.myButton{
	font-family: Arial, Helvetica, sans-serif;
	width : 150px;
}
-->
</style>
<script language="JavaScript">
function validate(wert){
	if(wert == 'newpassword'){
		if(document.form1.newpassword.value == ""){
			//alert("Bitte geben Sie ein neues Passwort an.");
			alert("Please enter a new password.");
			document.form1.newpassword.focus();
			document.form1.upd.value='false';
			return false;
		}
		if(document.form1.newpassword.value.length < 6 || document.form1.newpassword.value.search(/\d/) == -1 || document.form1.newpassword.value.search(/\D/) == -1 ){
			//alert("Bitte beachten Sie die unten\naufgef�hrten Passwortregeln!");
			alert("Please note the rules for choosing a password below!");
			document.form1.newpassword.focus();
			document.form1.upd.value='false';
			return false;
		}
		var letter =  document.form1.newpassword.value.match(/\D/);
		if(eval("document.form1.newpassword.value.match(/" + letter + "/gi).length") > 4){
			//alert("Bitte beachten Sie die unten\naufgef�hrten Passwortregeln!");
			alert("Please note the rules for choosing a password below!");
			document.form1.newpassword.focus();
			document.form1.upd.value='false';
			return false;
		}
		var integer =  document.form1.newpassword.value.match(/\d/);
		if(eval("document.form1.newpassword.value.match(/" + integer + "/gi).length") > 4){
			//alert("Bitte beachten Sie die unten\naufgef�hrten Passwortregeln!");
			alert("Please note the rules for choosing a password below!");
			document.form1.newpassword.focus();
			document.form1.upd.value='false';
			return false;
		}
		if(document.form1.confirmpassword.value == ""){
			//alert("Bitte best�tigen Sie das Passwort.");
			alert("Please confirm the password.");
			document.form1.confirmpassword.focus();
			document.form1.upd.value='false';
			return false;
		}
		if(document.form1.newpassword.value!=document.form1.confirmpassword.value) {
			//alert("Die Passw�rter stimmen nicht �berein.");
			alert("The password entries do not match.");
			document.form1.confirmpassword.value='';
			document.form1.confirmpassword.focus();
			document.form1.upd.value='false';
			return false;
		}
		else{
			document.form1.upd.value='true';
			document.form1.submit();
		}
	}
}
</script>
</head>
<body>
<?php
//the database-params
$con = db_connect($DBSERVER,$OWNER,$PW);
db_select_db(DB,$con);

$logged_user_name=Mapbender::session()->get("mb_user_name");
$logged_user_id=Mapbender::session()->get("mb_user_id");

/* handle INSERT and DELETE */
if($upd){
	$sql_user_id = "SELECT mb_user_id FROM mb_user WHERE mb_user_id = $1 ";
	$v = array($logged_user_id);
	$t = array('i');
	$res_user_id = db_prep_query($sql_user_id,$v,$t);
	$real_user_id = db_result($res_user_id,0,"mb_user_id");

	$sql_password = "SELECT mb_user_password, mb_user_password = $1 as new FROM mb_user where mb_user_id = $2";
	$v = array($newpassword,$real_user_id);
	$t = array('s','i');
	$res_password = db_prep_query($sql_password,$v,$t);

	if( db_result($res_password,0,"mb_user_password") == md5($oldpassword) &&
            db_result($res_password,0,"mb_user_password") != db_result($res_password,0,"new")){
		$sql_update = "UPDATE mb_user SET mb_user_password = $1";
		$v = array(md5($newpassword));
		$t = array('s');
		$sql_update .= " WHERE mb_user_id = $2 ";
		array_push($v,$real_user_id);
		array_push($t,'i');
		db_prep_query($sql_update,$v,$t);
		echo "<script language='javascript'>";
		//echo "alert('Passwort wurde ge�ndert!');";
		echo "alert('Password has been updated!');";
		echo "</script>";
	}
	elseif (db_result($res_password,0,"mb_user_password") != md5($oldpassword)){
		echo "<script language='javascript'>";
		echo "alert('Please enter the correct current password!');";
		echo "</script>";
	} else {
		echo "<script language='javascript'>";
		//echo "alert('Bitte beachten Sie die unten aufgef�hrten Passwortregeln!');";
		echo "alert('Please note the rules for choosing a password below!');";
		echo "</script>";
	}
}

/* HTML */
echo "<fieldset><legend>Change password:</legend>";
echo "<form name='form1' action='" . $self ."' method='post'>";
echo "<table cellpadding='5' cellspacing='0' border='0'>";
echo "<tr>";
echo "<td>";
echo "old password:";
echo "</td>";
echo "<td>";
echo "<input type='password' name='oldpassword' value=''>";
echo "</td>";
echo"</tr>";
echo "<tr>";
echo "<td>";
echo "new password:";
echo "</td>";
echo "<td>";
echo "<input type='password' name='newpassword' value=''>";
echo "</td>";
echo"</tr>";
echo"<tr>";
echo "<td>";
echo "confirm:";
echo "</td>";
echo "<td>";
echo "<input type='password' name='confirmpassword' value=''>";
echo "</td>";
echo "</tr>";
echo"<tr>";
echo"<td>";
echo "<input type='hidden' name='profile_id' value='";
echo "$profile_id";
echo "'>";
echo "</td>";
echo"<td></tr></table>";
echo "<input type='hidden' name='upd' value=''>";
echo "<center><input class='myButton' type='button' name='update' value='update' onClick='validate(\"newpassword\")'></center>";
echo "</form>";

?>
</fieldset><br />

<div class='desc'>
Please note: <br />
<ul>
<li>the password has to be different from the old one</li>
<li>the minimum length is six characters</li>
<li>it must contain a number</li>
<li>it must not be composed entirely of numbers</li>
<li>no character may be used more than four times</li>
</ul>
</div>
</body>
</html>