+(* COCANWIKI - a wiki written in Objective CAML.
+ * Written by Richard W.M. Jones <rich@merjis.com>.
+ * Copyright (C) 2004 Merjis Ltd.
+ * $Id: change_password.ml,v 1.1 2004/09/25 13:17:00 rich Exp $
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING. If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *)
+
+open Apache
+open Registry
+open Cgi
+open Printf
+
+open Cocanwiki
+open Cocanwiki_ok
+
+let run r (q : cgi) (dbh : Dbi.connection) hostid _ user =
+ let old_password = q#param "old_password" in
+
+ (* Check the old password was supplied correctly. *)
+ let userid =
+ match user with
+ Anonymous -> assert false (* cannot happen *)
+ | User (userid, _, _) -> userid in
+
+ let sth = dbh#prepare_cached "select 1 from users
+ where id = ? and password = ?" in
+ sth#execute [`Int userid; `String old_password];
+
+ let old_password_ok =
+ try 1 = sth#fetch1int ()
+ with
+ Not_found -> false in
+
+ if not old_password_ok then (
+ error ~title:"Bad password"
+ ~back_button:true
+ q "The password you gave is wrong.";
+ return ()
+ );
+
+ let password1 = q#param "password1" in
+ let password2 = q#param "password2" in
+
+ if password1 = "" || password2 = "" then (
+ error ~back_button:true ~title:"Bad password"
+ q "The password you gave is empty.";
+ return ()
+ );
+
+ if password1 <> password2 then (
+ error ~back_button:true ~title:"Passwords don't match"
+ q "The two passwords you gave aren't identical.";
+ return ()
+ );
+
+ let password = password1 in
+
+ (* Change the password. *)
+ let sth =
+ dbh#prepare_cached
+ "update users set password = ?, force_password_change = false
+ where id = ?" in
+ sth#execute [`String password; `Int userid];
+
+ dbh#commit ();
+
+ let buttons = [ ok_button "/" ] in
+ ok ~buttons ~title:"Password changed"
+ q "The password was changed."
+
+let () =
+ register_script ~anonymous:false run