From 9e4119fa6d4855b49a49c79f89d9034dfb0845ff Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sat, 9 Jun 2018 08:41:34 +0200
Subject: [PATCH] login/edit: optional fields to change password

Inline login/pass page.
---
 login/edit.php     | 31 ++++++++++++++++++++++++++++---
 login/pass.inc.php |  4 +++-
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/login/edit.php b/login/edit.php
index 563a3a5..2adfc51 100644
--- a/login/edit.php
+++ b/login/edit.php
@@ -1,6 +1,6 @@
 <?php
 global $User;
-if (empty($user = $User)) {
+if (empty($user = &$User)) {
 	return;
 }
 
@@ -58,6 +58,13 @@ if ($_POST) {
 		}
 	}
 
+	if (!empty($_POST['newpass'])) {
+		require_once('login/pass.inc.php');
+		if ($error = passform($user, $_POST)) {
+			$colwarn['pass'] = $error;
+		}
+	}
+
 	if ($colwarn) {
 		print "<p class=warn>Instellingen zijn niet (volledig) opgeslagen. Probeer het later nog eens.</p>\n\n";
 	}
@@ -72,7 +79,6 @@ if ($_POST) {
 	Geef een e-mailadres op waarmee we u kunnen bereiken indien nodig.
 	Wij zullen dit adres nooit vrij- of doorgeven.
 	</p>
-	<p>
 <?php
 foreach ($cols as $col => &$colconf) {
 	print "\t";
@@ -92,7 +98,26 @@ foreach ($cols as $col => &$colconf) {
 	}
 	print "<br />\n";
 }
+
+if (isset($user['pass'])) {
+	if ($hide = empty($_POST['newpass'])) {
+?>
+	<p><a onclick="document.getElementById('pass').removeAttribute('hidden'); this.remove()">Wachtwoord wijzigen</a></p>
+<?php
+	}
+?>
+	<div id="pass"<?php if ($hide) print ' hidden'; ?>>
+		<label for="newpass">Wachtwoord:</label>
+		<input type="password" name="oldpass" value="" placeholder="Huidig wachtwoord" />
+		<input type="password" name="newpass" value="" placeholder="Nieuw wachtwoord" />
+<?php
+	if ($error = @$colwarn['pass']) {
+		print " <span class=warn>$error</span>\n";
+	}
+?>
+	</div>
+<?php
+}
 ?>
 	<input type="submit" value="Opslaan" />
-	</p>
 </form>
diff --git a/login/pass.inc.php b/login/pass.inc.php
index 2b4665c..cbfb1db 100644
--- a/login/pass.inc.php
+++ b/login/pass.inc.php
@@ -40,7 +40,9 @@ function passform($user, $input = [])
 
 	$authhash = md5($input['newpass']);
 	$user['auth'] = "{$user['name']}:$authhash";
-	login_setcookie();
+	if ($GLOBALS['User'] === $user) {
+		login_setcookie();
+	}
 	return;
 }
 
-- 
2.30.0