4 * Controller to handle user password change requests.
7 * Expected REQUEST parameters
8 * $_REQUEST['pk'] - The primary key being used for encryption. The browser would have requested this previously
9 * $_REQUEST['curPass'] - ciphertext of the user's current password
10 * $_REQUEST['newPass'] - ciphertext of the new password to use
11 * $_REQUEST['newPass2']) - second copy of ciphertext of the new password to confirm proper user entry.
13 * Copyright (C) 2013 Kevin Yeh <kevin.y@integralemr.com> and OEMR <www.oemr.org>
15 * LICENSE: This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 3
18 * of the License, or (at your option) any later version.
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
27 * @author Kevin Yeh <kevin.y@integralemr.com>
28 * @link http://www.open-emr.org
33 include_once("../globals.php");
34 require_once("$srcdir/authentication/password_change.php");
36 $curPass=$_REQUEST['curPass'];
37 $newPass=$_REQUEST['newPass'];
38 $newPass2=$_REQUEST['newPass2'];
40 if ($newPass!=$newPass2) {
41 echo xlt("Passwords Don't match!");
46 $success=update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg);
48 echo xlt("Password change successful");
50 // If update_password fails the error message is returned