diff --git a/actions.php b/actions.php index 51ee0bfb1a..f0d87e1d68 100644 --- a/actions.php +++ b/actions.php @@ -414,7 +414,7 @@ setcookie(session_name(), '', time()-42000, '/'); } session_destroy(); - } else if ($_GET['action']=="chgpwd") { + } else if ($_GET['action']=="chgpwd" || $_GET['action']=="forcechgpwd") { //DB $query = "SELECT password FROM imas_users WHERE id = '$userid'"; //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); @@ -427,12 +427,10 @@ } else { $newpw =md5($_POST['pw1']); } - //DB $query = "UPDATE imas_users SET password='$md5pw' WHERE id='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - $stm = $DBH->prepare("UPDATE imas_users SET password=:newpw WHERE id=:uid LIMIT 1"); + $stm = $DBH->prepare("UPDATE imas_users SET password=:newpw,forcepwreset=0 WHERE id=:uid LIMIT 1"); $stm->execute(array(':uid'=>$userid, ':newpw'=>$newpw)); } else { - echo "
Password change failed. Try Again\n"; + echo "Password change failed. Try Again\n"; echo "\n"; exit; } diff --git a/admin/actions.php b/admin/actions.php index 72c46a9d57..062838d39e 100644 --- a/admin/actions.php +++ b/admin/actions.php @@ -108,7 +108,7 @@ $query .= ',SID=:SID'; } if (isset($_POST['doresetpw'])) { - $query .= ',password=:password'; + $query .= ',password=:password,forcepwreset=1'; } $query .= " WHERE id=:id"; $stm = $DBH->prepare($query); @@ -212,26 +212,6 @@ deletealluserfiles($_GET['id']); //todo: delete courses if any break; - case "chgpwd": - $stm = $DBH->prepare("SELECT password FROM imas_users WHERE id=:id"); - $stm->execute(array(':id'=>$userid)); - $line = $stm->fetch(PDO::FETCH_ASSOC); - - if ((md5($_POST['oldpw'])==$line['password'] || (isset($CFG['GEN']['newpasswords']) && password_verify($_POST['oldpw'], $line['password'])) ) && ($_POST['newpw1'] == $_POST['newpw2'])) { - $md5pw =md5($_POST['newpw1']); - if (isset($CFG['GEN']['newpasswords'])) { - $md5pw = password_hash($_POST['newpw1'], PASSWORD_DEFAULT); - } else { - $md5pw = md5($_POST['newpw1']); - } - $stm = $DBH->prepare("UPDATE imas_users SET password=:password WHERE id=:id"); - $stm->execute(array(':password'=>$md5pw, ':id'=>$userid)); - } else { - echo "Password change failed. Try Again\n"; - echo "\n"; - exit; - } - break; case "newadmin": if ($myrights < 75 && ($myspecialrights&16)!=16 && ($myspecialrights&32)!=32) { echo "You don't have the authority for this action"; break;} if ($_POST['newrights']>$myrights) { diff --git a/admin/forms.php b/admin/forms.php index b85ba32ff2..f5a08b9508 100644 --- a/admin/forms.php +++ b/admin/forms.php @@ -2,7 +2,7 @@ //IMathAS: Admin forms //(c) 2006 David Lippman require("../init.php"); -$placeinhead = ''; +$placeinhead = ''; require("../header.php"); require("../includes/htmlutil.php"); @@ -68,16 +68,6 @@ echo "\n"; echo ''; break; - case "chgpwd": - echo ''.Sanitize::encodeStringForDisplay($infoerr).'
'; @@ -1782,7 +1782,7 @@ function findfolder($items,$n,$loc) { //ask for student info $nologo = true; $flexwidth = true; - $placeinhead .= ''; + $placeinhead .= ''; require("header.php"); if (isset($infoerr)) { echo ''.Sanitize::encodeStringForDisplay($infoerr).'
'; diff --git a/course/listusers.php b/course/listusers.php index 4fba31cf08..614d831808 100644 --- a/course/listusers.php +++ b/course/listusers.php @@ -185,7 +185,7 @@ } elseif (isset($_GET['newstu']) && $CFG['GEN']['allowinstraddstus']) { $curBreadcrumb .= " > Roster > Enroll Students\n"; $pagetitle = "Enroll a New Student"; - $placeinhead .= ''; + $placeinhead .= ''; if (isset($_POST['SID'])) { require_once("../includes/newusercommon.php"); @@ -204,8 +204,8 @@ //DB $query .= "VALUES ('{$_POST['SID']}','$md5pw',10,'{$_POST['firstname']}','{$_POST['lastname']}','{$_POST['email']}',0);"; //DB mysql_query($query) or die("Query failed : " . mysql_error()); //DB $newuserid = mysql_insert_id(); - $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify) "; - $query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :msgnotify);"; + $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify, forcepwreset) "; + $query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :msgnotify, 1);"; $stm = $DBH->prepare($query); $stm->execute(array(':SID'=>$_POST['SID'], ':password'=>$md5pw, ':rights'=>10, ':FirstName'=>$_POST['firstname'], ':LastName'=>$_POST['lastname'], ':email'=>$_POST['email'], ':msgnotify'=>0)); @@ -269,7 +269,7 @@ } elseif (isset($_GET['chgstuinfo'])) { $curBreadcrumb .= " > Roster > Change User Info\n"; $pagetitle = "Change Student Info"; - $placeinhead .= ''; + $placeinhead .= ''; require_once("../includes/newusercommon.php"); if (isset($_POST['firstname'])) { @@ -321,7 +321,7 @@ $newpw = md5($_POST['pw1']); } //DB $query .= ",password='$newpw'"; - $query .= ",password=:password"; + $query .= ",password=:password,forcepwreset=1"; $qarr[':password'] = $newpw; $msgout .= 'Password updated
'; } @@ -731,14 +731,15 @@ function postRosterForm(uid,action) {