bug 1138: added ticket validation for password reset
[cacert-devel.git] / pages / account / 44.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */ ?>
18 <? if(array_key_exists('error',$_SESSION['_config']) && $_SESSION['_config']['error'] != "") { ?><div color="orange">ERROR: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); }
19
20 $ticketno = ""; if(array_key_exists('ticketno', $_SESSION)) $ticketno = $_SESSION['ticketno'];
21 if (!valid_ticket_number($ticketno)) {
22 echo printf(_("I'm sorry, you did not enter a ticket number!%sYou cannot reset the password.%s"), '<br/>', '<br/><a href="account.php?id=43&amp;userid=' . intval($_REQUEST['userid']) .'">'. _('Back to previous page.').'</a>');
23 exit;
24 }
25 ?>
26
27 <form method="post" action="account.php">
28 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
29 <tr>
30 <td colspan="2" class="title"><?=_("Change Password")?></td>
31 </tr>
32 <tr>
33 <td class="DataTD"><?=_("Email")?>:</td>
34 <td class="DataTD"><b><?=sanitizeHTML($_REQUEST['email'])?></b></td>
35 </tr>
36 <tr>
37 <td class="DataTD"><?=_("New Password")?>:</td>
38 <td class="DataTD"><input type="text" name="newpass" value="<?=array_key_exists('newpass',$_REQUEST)?sanitizeHTML($_REQUEST['newpass']):""?>"></td>
39 </tr>
40 <tr>
41 <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
42 </tr>
43 </table>
44 <input type="hidden" name="userid" value="<?=intval($_REQUEST['userid'])?>">
45 <input type="hidden" name="oldid" value="<?=$id?>">
46 <input type="hidden" name="ticketno" value="<?=$ticketno?>"/>
47 </form>