Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Forced password change when password is password

  • Loading branch information...
commit d884ab5ebc407a6c7ed6b518d88e86ed92befb9c 1 parent e90e23f
@mreidsma mreidsma authored
View
14 account.php
@@ -47,7 +47,11 @@
if($result)
{
+ if($_GET['e'] != 2) {
$m = '<div class="lib-success">Password changed!</div>';
+ } else {
+ $m = '<div class="lib-success">Oh, that&#8217;s a much better password. Let&#8217;s get you to <a href="/sustainability">where the action is...</a></div>';
+ }
include ("../labs/includes/current_user.php"); // Update local account info variables before loading the page
$_SESSION['password'] = $update_password;
}
@@ -57,7 +61,13 @@
}
}
-
+ if($_GET['e'] == 1) {
+ $m = '<div class="lib-alert">Oops, that password isn&#8217;t very secure. Let&#8217;s change it.</div>';
+ }
+
+ if($_GET['e'] == 2) {
+ echo '<meta http-equiv="refresh" content="4; url=/sustainability">';
+ }
//display update password form
echo '<section class="wrapper">
@@ -65,7 +75,7 @@
<div id="login">
<div id="login_form">
<h3>Update Password</h3>
- <form action="" class="lib-form" method="post" id="settings">
+ <form action="account.php?e=2" class="lib-form" method="post" id="settings">
<div class="row"><label for="curr_pass">Current password:</label><input type="password" id="curr_pass" name="curr_pass" /></div>
<div class="row"><label for="new_password1">Change my password to:</label><input type="password" id="new_password1" name="new_password1" /></div>
<div class="row"><label for="new_password2">New password (again):</label><input type="password" id="new_password2" name="new_password2" /></div>
View
8 index.php
@@ -43,6 +43,14 @@
<div class="logged_in"><p>Welcome, <a href="account.php" title="Change your password">'.$current_usr_fn.'</a>. <a href="resources/logout.php">Logout</a></p></div><div class="clear"></div>
<div id="ie-warning"><span class="lib-alert">This site works a lot better in Firefox, Chrome, or Safari. Really, any browser other than Internet Explorer.</span></div>';
+
+ if($_SESSION['password'] == "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8") {
+ // Dear god change your password from "password"
+
+ echo '<meta http-equiv="refresh" content="0; url=account.php?e=1">';
+
+ }
+
//if the user does not belong to a team, display a form to select or create one
if(!usr_is_on_team($current_usr_id)){
View
2  resources/css/styles.css
@@ -64,7 +64,7 @@ li.labels li.non-recyclable-items .tooltip { bottom: -17em;}
@media screen and (min-width: 650px) {
h1 {padding: 0; font-size:3.5em;}
-#login_form { width: 30%; margin: 10% auto; }
+#login_form { width: 30%; margin: 5% auto; }
.logged_in .lib-button { float: right; margin: 0; position: relative; background: transparent; border: none; font-weight: normal; text-shadow: none; color: #069; font-size: .9em; bottom: 3.9em; text-decoration:none;-webkit-box-shadow:none;box-shadow:none;}
.logged_in .lib-button-grey { display: none; }
.logged_in a { text-decoration: none; }
View
3  resources/header.php
@@ -4,11 +4,10 @@
require "../labs/includes/mysqlconnect.php";
require "login.php";
require "functions.php";
+require "settings.php";
if($logged_in) { include "../labs/includes/current_user.php"; }
-require "settings.php";
-
echo '<!DOCTYPE html>
<html lang="en">
View
3  resources/login.php
@@ -139,6 +139,9 @@ function checkLogin(){
unset($_SESSION['password']);
return false;
}
+
+
+
return true;
} else {
return false;
Please sign in to comment.
Something went wrong with that request. Please try again.