remove old table structur in form, add csrf protection

2025-06-01 22:47:19 +00:00 · 2021-01-25 09:09:02 +01:00 · 2021-01-25 09:09:02 +01:00 · b5d769fc1c
commit b5d769fc1c
parent 44813338b1
1 changed files with 36 additions and 25 deletions
--- a/views/bootstrap/class.ForcePasswordChange.php
+++ b/views/bootstrap/class.ForcePasswordChange.php
@ -77,31 +77,42 @@ $(document).ready( function() {
 		echo "<div class=\"alert\">".getMLText('password_expiration_text')."</div>";
 		$this->contentContainerStart();
 ?>
-<form action="../op/op.EditUserData.php" method="post" id="form" name="form1">
-<table>
-	<tr>
-		<td><?php printMLText("current_password");?>:</td>
-		<td><input id="currentpwd" type="Password" name="currentpwd" size="30"></td>
-	</tr>
-	<tr>
-		<td><?php printMLText("password");?>:</td>
-		<td><input id="pwd" class="pwd" type="Password" rel="strengthbar" name="pwd" size="30"></td>
-	</tr>
-		<tr>
-			<td><?php printMLText("password_strength");?>:</td>
-			<td>
-				<div id="strengthbar" class="progress" style="width: 220px; height: 30px; margin-bottom: 8px;"><div class="bar bar-danger" style="width: 0%;"></div></div>
-			</td>
-		</tr>
-	<tr>
-		<td><?php printMLText("confirm_pwd");?>:</td>
-		<td><input id="pwdconf" type="Password" name="pwdconf" size="30"></td>
-	</tr>
-	<tr>
-		<td></td>
-		<td><input class="btn" type="submit" value="<?php printMLText("submit_userinfo") ?>"></td>
-	</tr>
-</table>
+<form class="form-horizontal" action="../op/op.EditUserData.php" method="post" id="form" name="form1">
+	<?php echo createHiddenFieldWithKey('edituserdata'); ?>
+<?php
+		$this->formField(
+			getMLText("current_password"),
+			array(
+				'element'=>'input',
+				'type'=>'password',
+				'id'=>'currentpwd',
+				'name'=>'currentpwd',
+				'autocomplete'=>'off',
+				'required'=>true
+			)
+		);
+		$this->formField(
+			getMLText("new_password"),
+			'<input class="pwd" type="password" rel="strengthbar" id="pwd" name="pwd" size="30">'
+		);
+		if($passwordstrength) {
+			$this->formField(
+				getMLText("password_strength"),
+				'<div id="strengthbar" class="progress" style="width: 220px; height: 30px; margin-bottom: 8px;"><div class="bar bar-danger" style="width: 0%;"></div></div>'
+			);
+		}
+		$this->formField(
+			getMLText("confirm_pwd"),
+			array(
+				'element'=>'input',
+				'type'=>'password',
+				'id'=>'pwdconf',
+				'name'=>'pwdconf',
+				'autocomplete'=>'off',
+			)
+		);
+		$this->formSubmit("<i class=\"fa fa-save\"></i> ".getMLText('submit_password'));
+?>
 <input type="hidden" name="fullname" value="<?php print htmlspecialchars($user->getFullName());?>" />
 <input type="hidden" name="email" value="<?php print htmlspecialchars($user->getEmail());?>" />
 <input type="hidden" name="comment" value="<?php print htmlspecialchars($user->getComment());?>" />