49 private $passwordConfirmation;
70 private $csrfProtector;
81 $this->passwordOld = isset($_POST[
'xh_password_old'])
82 ?
stsl($_POST[
'xh_password_old']) :
'';
83 $this->passwordNew = isset($_POST[
'xh_password_new'])
84 ?
stsl($_POST[
'xh_password_new']) :
'';
85 $this->passwordConfirmation = isset($_POST[
'xh_password_confirmation'])
86 ?
stsl($_POST[
'xh_password_confirmation']) :
'';
103 $o .= $this->render();
113 private function render()
117 return '<form id="xh_change_password" action="' . $sn
118 .
'?&xh_change_password" method="post">' 119 . $this->csrfProtector->tokenInput()
120 . $this->renderField(
'old', $this->passwordOld)
121 . $this->renderField(
'new', $this->passwordNew)
122 . $this->renderField(
'confirmation', $this->passwordConfirmation)
123 . $this->renderSubmit()
135 private function renderField($which, $value)
137 $id =
"xh_password_$which";
139 .
'<label for="' . $id .
'">' . $this->lang[
'password'][$which]
142 'input id="' . $id .
'" type="password" name="' . $id
143 .
'" value="' .
XH_hsc($value) .
'"' 145 if (in_array($which, array(
'old',
'new'))) {
146 $html .=
' <span class="xh_password_score"></span>';
157 private function renderSubmit()
159 return '<p><button name="action" value="save">' 160 .
utf8_ucfirst($this->lang[
'action'][
'save']) .
'</button></p>';
174 $this->csrfProtector->check();
175 if ($hash = $this->validate($error)) {
176 $this->config[
'security'][
'password'] = $hash;
177 $this->savePassword();
182 $o .= $this->render();
193 private function validate(&$error)
196 if ($this->passwordOld && $this->passwordNew
197 && $this->passwordConfirmation
199 $hash = password_verify($this->passwordOld, $this->config[
'security'][
'password']);
201 $error = $this->lang[
'password'][
'wrong'];
203 if (!preg_match(
'/^[!-~]+$/u', $this->passwordNew)) {
204 $error = $this->lang[
'password'][
'invalid'];
205 } elseif ($this->passwordNew != $this->passwordConfirmation) {
206 $error = $this->lang[
'password'][
'mismatch'];
208 $result = password_hash($this->passwordNew, PASSWORD_BCRYPT);
212 $error = $this->lang[
'password'][
'fields_missing'];
224 private function savePassword()
229 foreach ($this->config as $cat => $opts) {
230 foreach ($opts as $name => $opt) {
233 if ($cat ==
'security' && $name ==
'type' 234 || $cat ==
'scripting' && $name ==
'regexp' 235 || $cat ==
'site' && $name ==
'title' 240 $opt = addcslashes($opt,
"\0..\37\"\$\\");
241 $o .=
"\$cf['$cat']['$name']=\"$opt\";\n";
XH_writeFile($filename, $contents)
foreach(XH_plugins() as $plugin) $_XH_csrfProtection
XH_message($type, $message)