v2.1 final

Author: nilsteampassnet

files/empty_file.txt

@@ -0,0 +1 @@
+ 

home.php

@@ -37,7 +37,7 @@
                         	<td>'.$txt['index_new_pw'].' :</td><td><input type="password" size="10" name="new_pw" id="new_pw"/></td>
                         </tr>
                         <tr><td>'.$txt['index_change_pw_confirmation'].' :</td><td><input type="password" size="10" name="new_pw2" id="new_pw2" /></td></tr>
-                        <tr><td colspan="2"><input type="button" onClick="ChangerMdp()" value="'.$txt['index_change_pw_button'].'" /></td></tr>
+                        <tr><td colspan="2"><input type="button" onClick="ChangeMyPass()" value="'.$txt['index_change_pw_button'].'" /></td></tr>
                     </table>
                 </div>';
             }elseif ( !empty($_SESSION['derniere_connexion']) ){

install/install_ajax.php

@@ -186,7 +186,7 @@
                 ('admin','custom_login_text',''),
                 ('admin','default_language','english'),
                 ('admin', 'send_stats', '".$_SESSION['send_stats']."'),
-                ('admin', 'send_mail_on_user_login', '0');
+                ('admin', 'send_mail_on_user_login', '0'),
                 ('cron', 'sending_emails', '0');");
             if ( $res4 ){
                 echo 'document.getElementById("tbl_4").innerHTML = "<img src=\"images/tick.png\">";';

load.php

@@ -351,7 +351,6 @@ function aes_encrypt(text) {
                     if ( $("#new_pw").val() != "" && $("#new_pw").val() == $("#new_pw2").val() ){
                     	if($("#pw_strength_value").val() >= $("#user_pw_complexity").val()){
 				            var data = "{\"new_pw\":\""+protectString($("#new_pw").val())+"\"}";
-
 				            $.post(
 				                "sources/main.queries.php",
 				                {
@@ -598,6 +597,23 @@ function(data){
 		);
     })
 
+    function ChangeMyPass(){
+    	var data = "{\"new_pw\":\""+protectString($("#new_pw").val())+"\"}";
+        $.post(
+            "sources/main.queries.php",
+            {
+                type    			: "change_pw",
+                change_pw_origine	: "first_change",
+                complexity			:	"",
+				data 				:	aes_encrypt(data)
+            },
+            function(data){
+            	document.main_form.submit();
+            },
+            "json"
+        );
+    }
+
     //Permits to upload passwords from KEEPASS file
     function ImportKEEPASS(file){
     	//clean divs

sources/items.queries.php

@@ -244,7 +244,7 @@ function is_utf8($string)
                     	stripslashes($data_received['label']);
                     if (!empty($data_received['description']) && isset($_SESSION['settings']['show_description']) && $_SESSION['settings']['show_description'] == 1)
                         $html .= '&nbsp;<font size=2px>['.strip_tags(stripslashes(substr(CleanString($data_received['description']),0,30))).']</font>';
-                    $html .= '</a>';
+                    $html .= '</a><span style="float:right;margin:2px 10px 0px 0px;">';
 
                     // display quick icon shortcuts ?
                     if (isset($_SESSION['settings']['copy_to_clipboard_small_icons']) && $_SESSION['settings']['copy_to_clipboard_small_icons'] == 1) {
@@ -257,7 +257,7 @@ function is_utf8($string)
                     	if (!empty($data_received['pw'])) {
                     		$item_pw = '<img src="includes/images/mini_lock_enable.png" id="icon_pw_'.$new_id.'" class="copy_clipboard" title="'.$txt['item_menu_copy_pw'].'" />';
                     	}
-                    	$html .= '<span style="float:right;margin:2px 10px 0px 0px;">'.$item_login.'&nbsp;'.$item_pw;
+                    	$html .= $item_login.'&nbsp;'.$item_pw;
                     	//$html .= '<input type="hidden" id="item_pw_in_list_'.$new_id.'" value="'.$data_received['pw'].'"><input type="hidden" id="item_login_in_list_'.$new_id.'" value="'.$data_received['login'].'">';
                     }
 

sources/main.queries.php

@@ -46,89 +46,102 @@
     	//Prepare variables
     	$new_pw = encrypt(htmlspecialchars_decode($data_received['new_pw']));
 
-			if(isset($_POST['change_pw_origine']) && $_POST['change_pw_origine'] == "user_change"){
-				//User has decided to change is PW
-
-	      //Get a string with the old pw array
-	      $last_pw = explode(';',$_SESSION['last_pw']);
-
-        //if size is bigger then clean the array
-        if ( sizeof($last_pw) > $_SESSION['settings']['number_of_used_pw'] && $_SESSION['settings']['number_of_used_pw'] > 0 ){
-            for($x=0;$x<$_SESSION['settings']['number_of_used_pw'];$x++)
-                unset($last_pw[$x]);
-
-            //reinit SESSION
-            $_SESSION['last_pw'] = implode(';',$last_pw);
-        }
-        //specific case where admin setting "number_of_used_pw" is 0
-        else if ( $_SESSION['settings']['number_of_used_pw'] == 0 ){
-            $_SESSION['last_pw'] = "";
-            $last_pw = array();
-        }
+    	//User has decided to change is PW
+		if(isset($_POST['change_pw_origine']) && $_POST['change_pw_origine'] == "user_change"){
+			//Get a string with the old pw array
+			$last_pw = explode(';',$_SESSION['last_pw']);
+
+			//if size is bigger then clean the array
+			if ( sizeof($last_pw) > $_SESSION['settings']['number_of_used_pw'] && $_SESSION['settings']['number_of_used_pw'] > 0 ){
+				for($x=0;$x<$_SESSION['settings']['number_of_used_pw'];$x++)
+					unset($last_pw[$x]);
+
+				//reinit SESSION
+				$_SESSION['last_pw'] = implode(';',$last_pw);
+			}
+			//specific case where admin setting "number_of_used_pw" is 0
+			else if ( $_SESSION['settings']['number_of_used_pw'] == 0 ){
+				$_SESSION['last_pw'] = "";
+				$last_pw = array();
+			}
 
-        //check if new pw is different that old ones
-        if ( in_array($new_pw,$last_pw) ){
-        	echo '[ { "error" : "already_used" } ]';
-        }else{
-            //update old pw with new pw
-            if ( sizeof($last_pw) == ($_SESSION['settings']['number_of_used_pw']+1) ){
-                unset($last_pw[0]);
-            }else{
-                array_push($last_pw,$new_pw);
-            }
+			//check if new pw is different that old ones
+			if ( in_array($new_pw,$last_pw) ){
+				echo '[ { "error" : "already_used" } ]';
+			}else{
+				//update old pw with new pw
+				if ( sizeof($last_pw) == ($_SESSION['settings']['number_of_used_pw']+1) ){
+					unset($last_pw[0]);
+				}else{
+					array_push($last_pw,$new_pw);
+				}
 
-            //create a list of last pw based on the table
-            $old_pw = "";
-            foreach($last_pw as $elem){
-                if ( !empty($elem) ){
-                    if (empty($old_pw)) $old_pw = $elem;
-                    else $old_pw .= ";".$elem;
-                }
-            }
+				//create a list of last pw based on the table
+				$old_pw = "";
+				foreach($last_pw as $elem){
+					if ( !empty($elem) ){
+						if (empty($old_pw)) $old_pw = $elem;
+						else $old_pw .= ";".$elem;
+					}
+				}
 
-            //update sessions
-            $_SESSION['last_pw'] = $old_pw;
-            $_SESSION['last_pw_change'] = mktime(0,0,0,date('m'),date('d'),date('y'));
-            $_SESSION['validite_pw'] = true;
-
-            //update DB
-            $db->query_update(
-                "users",
-                array(
-                    'pw' => $new_pw,
-                    'last_pw_change' => mktime(0,0,0,date('m'),date('d'),date('y')),
-                    'last_pw' => $old_pw
-                ),
-                "id = ".$_SESSION['user_id']
-            );
-
-            echo '[ { "error" : "none" } ]';
-        }
-			}else
-			//ADMIN has decided to change the USER's PW
-			if(isset($_POST['change_pw_origine']) && $_POST['change_pw_origine'] == "admin_change"){
-				//Check KEY
-      	if ($data_received['key'] != $_SESSION['key']) {
-      		echo '[ { "error" : "key_not_conform" } ]';
-      		exit();
-      	}
+				//update sessions
+				$_SESSION['last_pw'] = $old_pw;
+				$_SESSION['last_pw_change'] = mktime(0,0,0,date('m'),date('d'),date('y'));
+				$_SESSION['validite_pw'] = true;
 
 				//update DB
-        $db->query_update(
-            "users",
-            array(
-                'pw' => $new_pw,
-                'last_pw_change' => mktime(0,0,0,date('m'),date('d'),date('y'))
-            ),
-            "id = ".$data_received['user_id']
-        );
-
-        echo '[ { "error" : "none" } ]';
-			}
+				$db->query_update(
+					"users",
+					array(
+						'pw' => $new_pw,
+						'last_pw_change' => mktime(0,0,0,date('m'),date('d'),date('y')),
+						'last_pw' => $old_pw
+					),
+					"id = ".$_SESSION['user_id']
+				);
 
-			else{
-				echo '[ { "error" : "nothing_to_do" } ]';
+				echo '[ { "error" : "none" } ]';
 			}
+		}
+		//ADMIN has decided to change the USER's PW
+		elseif(isset($_POST['change_pw_origine']) && $_POST['change_pw_origine'] == "admin_change"){
+			//Check KEY
+			if ($data_received['key'] != $_SESSION['key']) {
+				echo '[ { "error" : "key_not_conform" } ]';
+				exit();
+			}
+
+			//update DB
+			$db->query_update(
+				"users",
+				array(
+					'pw' => $new_pw,
+					'last_pw_change' => mktime(0,0,0,date('m'),date('d'),date('y'))
+				),
+				"id = ".$data_received['user_id']
+			);
+
+			echo '[ { "error" : "none" } ]';
+		}
+    	//ADMIN first login
+    	if(isset($_POST['change_pw_origine']) && $_POST['change_pw_origine'] == "first_change"){
+    		//update DB
+    		$db->query_update(
+	    		"users",
+	    		array(
+	    			'pw' => $new_pw,
+	    			'last_pw_change' => mktime(0,0,0,date('m'),date('d'),date('y'))
+	    		),
+	    		"id = ".$_SESSION['user_id']
+    		);
+    		$_SESSION['last_pw_change'] = mktime(0,0,0,date('m'),date('d'),date('y'));
+    		echo '[ { "error" : "none" } ]';
+    	}
+    	//DEFAULT case
+		else{
+			echo '[ { "error" : "nothing_to_do" } ]';
+		}
 
     break;