interface/usergroup/user_info_ajax.php

   1 <?php
   2 /**
   3  * Controller to handle user password change requests.
   4  *
   5  * <pre>
   6  * Expected REQUEST parameters
   7  * $_REQUEST['pk'] - The primary key being used for encryption. The browser would have requested this previously
   8  * $_REQUEST['curPass'] - ciphertext of the user's current password
   9  * $_REQUEST['newPass'] - ciphertext of the new password to use
  10  * $_REQUEST['newPass2']) - second copy of ciphertext of the new password to confirm proper user entry.
  11  * </pre>
  12  *
  13  * @package   OpenEMR
  14  * @link      http://www.open-emr.org
  15  * @author    Kevin Yeh <kevin.y@integralemr.com>
  16  * @author    Brady Miller <brady.g.miller@gmail.com>
  17  * @copyright Copyright (c) 2013 Kevin Yeh <kevin.y@integralemr.com>
  18  * @copyright Copyright (c) 2013 OEMR <www.oemr.org>
  19  * @copyright Copyright (c) 2017-2018 Brady Miller <brady.g.miller@gmail.com>
  20  * @license   https://github.com/openemr/openemr/blob/master/LICENSE CNU General Public License 3
  21  */
  22
  23
  24 require_once("../globals.php");
  25 require_once("$srcdir/authentication/password_change.php");
  26
  27 if (!empty($_POST)) {
  28     if (!verifyCsrfToken($_POST["csrf_token_form"])) {
  29         csrfNotVerified();
  30     }
  31 }
  32
  33 $curPass=$_REQUEST['curPass'];
  34 $newPass=$_REQUEST['newPass'];
  35 $newPass2=$_REQUEST['newPass2'];
  36
  37 if ($newPass!=$newPass2) {
  38     echo "<div class='alert alert-danger'>" . xlt("Passwords Don't match!") . "</div>";
  39     exit;
  40 }
  41
  42 $errMsg='';
  43 $success=update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg);
  44 if ($success) {
  45     echo "<div class='alert alert-success'>" . xlt("Password change successful") . "</div>";
  46 } else {
  47     // If update_password fails the error message is returned
  48     echo "<div class='alert alert-danger'>" . text($errMsg) . "</div>";
  49 }