<?php


highlight_file(__FILE__);
        exit;


/*
  $Id: account_password.php 1739 2007-12-20 00:52:16Z hpdl $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2003 osCommerce

  Released under the GNU General Public License
*/

  require('includes/application_top.php');

  if (!tep_session_is_registered('customer_id')) {
    $navigation->set_snapshot();
    tep_redirect(tep_href_link(FILENAME_LOGIN'''SSL'));
  }

// needs to be included earlier to set the success message in the messageStack
  require(DIR_WS_LANGUAGES $language '/' FILENAME_ACCOUNT_PASSWORD);

  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
    $password_current tep_db_prepare_input($HTTP_POST_VARS['password_current']);
    $password_new tep_db_prepare_input($HTTP_POST_VARS['password_new']);
    $password_confirmation tep_db_prepare_input($HTTP_POST_VARS['password_confirmation']);

    $error false;

    if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
      $error true;

      $messageStack->add('account_password'ENTRY_PASSWORD_CURRENT_ERROR);
    } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
      $error true;

      $messageStack->add('account_password'ENTRY_PASSWORD_NEW_ERROR);
    } elseif ($password_new != $password_confirmation) {
      $error true;

      $messageStack->add('account_password'ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
    }

    if ($error == false) {
      $check_customer_query tep_db_query("select customers_password from " TABLE_CUSTOMERS " where customers_id = '" . (int)$customer_id "'");
      $check_customer tep_db_fetch_array($check_customer_query);

      if (tep_validate_password($password_current$check_customer['customers_password'])) {
        tep_db_query("update " TABLE_CUSTOMERS " set customers_password = '" tep_encrypt_password($password_new) . "' where customers_id = '" . (int)$customer_id "'");

        tep_db_query("update " TABLE_CUSTOMERS_INFO " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id "'");

        $messageStack->add_session('account'SUCCESS_PASSWORD_UPDATED'success');

        tep_redirect(tep_href_link(FILENAME_ACCOUNT'''SSL'));
      } else {
        $error true;

        $messageStack->add('account_password'ERROR_CURRENT_PASSWORD_NOT_MATCHING);
      }
    }
  }

  $breadcrumb->add(NAVBAR_TITLE_1tep_href_link(FILENAME_ACCOUNT'''SSL'));
  $breadcrumb->add(NAVBAR_TITLE_2tep_href_link(FILENAME_ACCOUNT_PASSWORD'''SSL'));
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET?>">
<title><?php echo TITLE?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER HTTP_SERVER) . DIR_WS_CATALOG?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<?php require('includes/form_check.js.php'); ?>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
  <tr>
    <td width="<?php echo BOX_WIDTH?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES 'column_left.php'); ?>
<!-- left_navigation_eof //-->
    </table></td>
<!-- body_text //-->
    <td width="100%" valign="top"><?php echo tep_draw_form('account_password'tep_href_link(FILENAME_ACCOUNT_PASSWORD'''SSL'), 'post''onSubmit="return check_form(account_password);"') . tep_draw_hidden_field('action''process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><?php echo HEADING_TITLE?></td>
            <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES 'table_background_account.gif'HEADING_TITLEHEADING_IMAGE_WIDTHHEADING_IMAGE_HEIGHT); ?></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif''100%''10'); ?></td>
      </tr>
<?php
  if ($messageStack->size('account_password') > 0) {
?>
      <tr>
        <td><?php echo $messageStack->output('account_password'); ?></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif''100%''10'); ?></td>
      </tr>
<?php
  }
?>
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
          <tr>
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr>
                <td class="main"><b><?php echo MY_PASSWORD_TITLE?></b></td>
                <td class="inputRequirement" align="right"><?php echo FORM_REQUIRED_INFORMATION?></td>
              </tr>
            </table></td>
          </tr>
          <tr>
            <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
              <tr class="infoBoxContents">
                <td><table border="0" cellspacing="2" cellpadding="2">
                  <tr>
                    <td class="main"><?php echo ENTRY_PASSWORD_CURRENT?></td>
                    <td class="main"><?php echo tep_draw_password_field('password_current') . '&nbsp;' . (tep_not_null(ENTRY_PASSWORD_CURRENT_TEXT) ? '<span class="inputRequirement">' ENTRY_PASSWORD_CURRENT_TEXT '</span>'''); ?></td>
                  </tr>
                  <tr>
                    <td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif''100%''10'); ?></td>
                  </tr>
                  <tr>
                    <td class="main"><?php echo ENTRY_PASSWORD_NEW?></td>
                    <td class="main"><?php echo tep_draw_password_field('password_new') . '&nbsp;' . (tep_not_null(ENTRY_PASSWORD_NEW_TEXT) ? '<span class="inputRequirement">' ENTRY_PASSWORD_NEW_TEXT '</span>'''); ?></td>
                  </tr>
                  <tr>
                    <td class="main"><?php echo ENTRY_PASSWORD_CONFIRMATION?></td>
                    <td class="main"><?php echo tep_draw_password_field('password_confirmation') . '&nbsp;' . (tep_not_null(ENTRY_PASSWORD_CONFIRMATION_TEXT) ? '<span class="inputRequirement">' ENTRY_PASSWORD_CONFIRMATION_TEXT '</span>'''); ?></td>
                  </tr>
                </table></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><?php echo tep_draw_separator('pixel_trans.gif''100%''10'); ?></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
          <tr class="infoBoxContents">
            <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif''10''1'); ?></td>
                <td><?php echo '<a href="' tep_href_link(FILENAME_ACCOUNT'''SSL') . '">' tep_image_button('button_back.gif'IMAGE_BUTTON_BACK) . '</a>'?></td>
                <td align="right"><?php echo tep_image_submit('button_continue.gif'IMAGE_BUTTON_CONTINUE); ?></td>
                <td width="10"><?php echo tep_draw_separator('pixel_trans.gif''10''1'); ?></td>
              </tr>
            </table></td>
          </tr>
        </table></td>
      </tr>
    </table></form></td>
<!-- body_text_eof //-->
    <td width="<?php echo BOX_WIDTH?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES 'column_right.php'); ?>
<!-- right_navigation_eof //-->
    </table></td>
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES 'application_bottom.php'); ?>