interface/usergroup/user_info_ajax.php

   1 <?php
   2 /**
   3  * Controller to handle user password change requests.
   4  *
   5  * <pre>
   6  * Expected REQUEST parameters
   7  * $_REQUEST['pk'] - The primary key being used for encryption. The browser would have requested this previously
   8  * $_REQUEST['curPass'] - ciphertext of the user's current password
   9  * $_REQUEST['newPass'] - ciphertext of the new password to use
  10  * $_REQUEST['newPass2']) - second copy of ciphertext of the new password to confirm proper user entry.
  11  * </pre>
  12  *
  13  * @package   OpenEMR
  14  * @link      http://www.open-emr.org
  15  * @author    Kevin Yeh <kevin.y@integralemr.com>
  16  * @author    Brady Miller <brady.g.miller@gmail.com>
  17  * @copyright Copyright (c) 2013 Kevin Yeh <kevin.y@integralemr.com>
  18  * @copyright Copyright (c) 2013 OEMR <www.oemr.org>
  19  * @copyright Copyright (c) 2017 Brady Miller <brady.g.miller@gmail.com>
  20  * @license   https://github.com/openemr/openemr/blob/master/LICENSE CNU General Public License 3
  21  */
  22
  23
  24 require_once("../globals.php");
  25 require_once("$srcdir/authentication/password_change.php");
  26
  27 $curPass=$_REQUEST['curPass'];
  28 $newPass=$_REQUEST['newPass'];
  29 $newPass2=$_REQUEST['newPass2'];
  30
  31 if ($newPass!=$newPass2) {
  32     echo "<div class='alert alert-danger'>" . xlt("Passwords Don't match!") . "</div>";
  33     exit;
  34 }
  35
  36 $errMsg='';
  37 $success=update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg);
  38 if ($success) {
  39     echo "<div class='alert alert-success'>" . xlt("Password change successful") . "</div>";
  40 } else {
  41     // If update_password fails the error message is returned
  42     echo "<div class='alert alert-danger'>" . text($errMsg) . "</div>";
  43 }