2 include_once("../globals.php");
3 include_once("$srcdir/sha1.js");
4 include_once("$srcdir/sql.inc");
5 include_once("$srcdir/auth.inc");
9 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
10 <script src
="checkpwd_validation.js" type
="text/javascript"></script
>
11 <script language
='JavaScript'>
12 //Validating password and display message if password field is empty - starts
13 function pwdvalidation()
15 var password1
=trim(document
.user_form
.clearPass
.value
);
16 var password2
=trim(document
.user_form
.clearPass2
.value
);
17 document
.getElementById("display_msg").innerHTML
="";
20 alert("<?php echo xl('Please enter the password'); ?>");
21 document
.user_form
.clearPass
.focus();
26 alert("<?php echo xl('Please enter the password'); ?>");
27 document
.user_form
.clearPass2
.focus();
30 if (password1
!= password2
)
32 alert("<?php echo xl('Error: passwords don\'t match. Please check your typing.'); ?>");
33 document
.user_form
.clearPass
.value
="";
34 document
.user_form
.clearPass2
.value
="";
35 document
.user_form
.clearPass
.focus();
38 //Checking for the strong password if the 'secure password' feature is enabled
39 if(document
.user_form
.secure_pwd
.value
== 1){
40 var pwdresult
= passwordvalidate(password1
);
42 alert("<?php echo xl('The password must be at least eight characters, and should'); echo '\n'; echo xl('contain at least three of the four following items:'); echo '\n'; echo xl('A number'); echo '\n'; echo xl('A lowercase letter'); echo '\n'; echo xl('An uppercase letter'); echo '\n'; echo xl('A special character');echo '('; echo xl('not a letter or number'); echo ').'; echo '\n'; echo xl('For example:'); echo ' healthCare@09'; ?>");
43 document
.user_form
.clearPass
.value
="";
44 document
.user_form
.clearPass2
.value
="";
45 document
.user_form
.clearPass
.focus();
49 // ViCareplus : As per NIST standard, SHA1 encryption algorithm is used
50 document
.user_form
.authPass
.value
=SHA1(document
.user_form
.clearPass
.value
);
51 document
.user_form
.clearPass
.value
='';
52 document
.user_form
.authPass2
.value
=SHA1(document
.user_form
.clearPass2
.value
);
53 document
.user_form
.clearPass2
.value
='';
58 <body
class="body_top">
60 <span
class="title"><?php
xl('Password Change','e'); ?
></span
>
66 $ip=$_SERVER['REMOTE_ADDR'];
67 if ($_GET["mode"] == "update") {
68 if ($_GET["authPass"] && $_GET["authPass2"] && $_GET["authPass"] != "da39a3ee5e6b4b0d3255bfef95601890afd80709") { // account for empty
69 $tqvar = addslashes($_GET["authPass"]);
70 $tqvar2 = addslashes($_GET["authPass2"]);
71 if ($tqvar == $tqvar2) {
73 // Validating the password
74 if($GLOBALS['password_history'] != 0){
75 $updatepwd = UpdatePasswordHistory($_SESSION["authId"],$tqvar);
77 sqlStatement("update users set password='$tqvar' where id={$_SESSION["authId
"]}");
80 if ($updatepwd == 1) {
81 echo "<span class='alert'>".xl("Password change successful.",'','',' ').xl("Click")."<a href='$rootdir/logout.php?auth=logout' class=link_submit>".xl("here",'',' ',' ')."</a>".xl("to login again").".<br><br></span>";
87 echo "<span class=alert>" . xl("Error: passwords don't match. Please check your typing.") . "</span><br><br>\n";
92 $res = sqlStatement("select * from users where id={$_SESSION["authId
"]}");
93 $row = sqlFetchArray($res);
96 <div id
="display_msg">
99 if ($update_pwd_failed==1) //display message if entered password matched one of last three passwords.
101 echo "<font class='redtext'>". xl("Recent three passwords are not allowed.") ."</font>";
106 <span
class="text"><?php
xl('Once you change your password, you will have to re-login.','e'); ?
><br
></span
>
107 <FORM NAME
="user_form" METHOD
="GET" ACTION
="user_info.php"
108 onsubmit
="top.restoreSession()">
109 <input type
=hidden name
=secure_pwd value
="<?php echo $GLOBALS['secure_password']; ?>">
112 <TD
><span
class=text
><?php
xl('Full Name','e'); ?
>: </span
></TD
>
113 <TD
><span
class=text
><?php
echo htmlspecialchars($iter["fname"] . " " . $iter["lname"], ENT_NOQUOTES
); ?
></span
></td
>
117 <TD
><span
class=text
><?php
xl('Username','e'); ?
>: </span
></TD
>
118 <TD
><span
class=text
><?php
echo $iter["username"]; ?
></span
></td
>
122 <TD
><span
class=text
><?php
xl('Password','e'); ?
>: </span
></TD
>
123 <TD
><input type
=password name
=clearPass size
=20 value
=""></td
>
126 <TD
><span
class=text
><?php
xl('Password','e'); ?
> (<?
xl('Again','e');?
>): </span
></TD
>
127 <TD
><input type
=password name
=clearPass2 size
=20 value
=""></td
>
131 <br
> 
; 
; 
;
132 <INPUT TYPE
="HIDDEN" NAME
="id" VALUE
="<?php echo $_GET["id
"]; ?>">
133 <INPUT TYPE
="HIDDEN" NAME
="mode" VALUE
="update">
134 <INPUT TYPE
="HIDDEN" NAME
="authPass" VALUE
="">
135 <INPUT TYPE
="HIDDEN" NAME
="authPass2" VALUE
="">
136 <INPUT TYPE
="Submit" VALUE
=<?php
xl('Save Changes','e','\'','\''); ?
> onClick
="return pwdvalidation()">
138 <?php
if (! $GLOBALS['concurrent_layout']) { ?
>
140 [<a href
="../main/main_screen.php" target
="_top" class="link_submit"
141 onclick
="top.restoreSession()"><?php
xl('Back','e'); ?
></font
></a
>]
151 // da39a3ee5e6b4b0d3255bfef95601890afd80709 == blank