It's time to customize your Change Password page in websites that generated with PHPMaker 9.0.1. Please note that started from PHPMaker 9, the Change Password also supports for Captcha extensions. The good news is: I also have successfully integrated this Captcha extension with Forgot Password page in order to display it properly, since it has been used in other pages (Login, Registration, Add, Edit, and Change Password) too.
All we have to do is customizing PHPMaker template files. In other words, we will not modify the generated script files at all.
Important: In order to display the Captcha in the Change Password Page properly, make sure you have done the following:
- Enable the CAPTCHA extension from: Tools -> Extensions -> CAPTCHA.
- Enable the related setting from: Security -> Advanced -> User Login Options -> Change Recovery Page -> CAPTCHA (require extension).
Updated on May 30, 2012: This customization has been implemented in PHPMaker version 9.0.2, it matches to each other, and as a result, it works properly.
Updated on July 21, 2012: This customization has been implemented in PHPMaker version 9.0.3, it matches to each other, and as a result, it works properly.
Updated on September 4, 2012: This customization has been implemented in PHPMaker version 9.0.4, it matches to each other, and as a result, it works properly.
Updated on November 28, 2012: This customization has been implemented in PHPMaker version 9.1.0, it matches to each other, and as a result, it works properly.
Updated on February 9, 2013: This customization has been implemented in PHPMaker version 9.2.0, it matches to each other, and as a result, it works properly.
Updated on June 17, 2013: The customization for CAPTCHA part has been handled by using MasinoCAPTCHA extension. The customization for the look and view of Change Password page has been handled by MasinoChangePwd page. You don’t need to implement the customization below if you use my extension above together with the original PHPMaker Template and Extensions.
[hidepost]
Before we get started, please note that the step number 1 and 2 is identically with the step number 1 and 2 in the customization for Login Page in PHPMaker version 9.0.1 (previous article). So, if you have done it before, you may skip the step number 1 and 2 below, and start from the step number 3
- Download images-box.zip. Extract the .zip file that contains of 9 image files in it, to your \Script\images sub-directory. Make sure you do not skip this step, as those images are also being used for the other customization that related to Registration, Forgot Password, and Change Password pages.
-
Open your \extensions\CAPTCHA\captcha-script.php file, and then replace all of the content of that file with the following code below (Warning: Please backup your original file first before doing this step!):
<!--##session phpcaptcha_config##--> <!--## // Check if Use Captcha var bUseCaptcha = false; var bConfirmCaptcha = false; var EXT = EXTS("CAPTCHA"); if (EXT.Enabled) { if (CTRL.CtrlID == "register") { if (PROJ.SecRegisterCaptcha) { bUseCaptcha = true; bConfirmCaptcha = PROJ.SecRegisterConfirm; } } else if (CTRL.CtrlID == "login") { if (PROJ.SecLoginCaptcha) { bUseCaptcha = true; bConfirmCaptcha = false; } } else if (CTRL.CtrlID == "forgotpwd") { if (PROJ.SecForgotPwdCaptcha) { bUseCaptcha = true; bConfirmCaptcha = false; } } else if (CTRL.CtrlID == "changepwd") { if (PROJ.SecChangePwdCaptcha) { bUseCaptcha = true; bConfirmCaptcha = false; } } else if (CTRL.CtrlID == "add") { if (TABLE.TblAddCaptcha) { bUseCaptcha = true; bConfirmCaptcha = TABLE.TblAddConfirm; } } else if (CTRL.CtrlID == "edit") { if (TABLE.TblEditCaptcha) { bUseCaptcha = true; bConfirmCaptcha = TABLE.TblEditConfirm; } } } // Get table variable sTblVar = gsTblVar; ##--> <!--##/session##--> <!--##session phpcaptcha_var##--> <!--## if (bUseCaptcha) { ##--> // CAPTCHA var $captcha; <!--## } ##--> <!--##/session##--> <!--##session phpcaptcha_php##--> <!--## if (bUseCaptcha) { if (CTRL.CtrlID == "add" || CTRL.CtrlID == "register") { ##--> // CAPTCHA checking if ($this->CurrentAction <> "I" && $this->CurrentAction <> "C") { if ( (($this->CurrentAction == "F") || ($this->CurrentAction == "I") || ($this->CurrentAction == "A") || ($this->CurrentAction == "X")) && (MS_SHOW_CAPTCHA_ON_REGISTRATION_PAGE == TRUE) ) { $objForm->Index = -1; $this->captcha = $objForm->GetValue("captcha"); if ($this->captcha <> @$_SESSION["EW_CAPTCHA_CODE"]) { // CAPTCHA unmatched $this->setFailureMessage($Language->Phrase("EnterValidateCode")); $this->CurrentAction = "I"; // Reset action, do not insert $this->EventCancelled = TRUE; // Event cancelled $this->RestoreFormValues(); // Restore form values } else { if ($this->CurrentAction == "A") $_SESSION["EW_CAPTCHA_CODE"] = ew_Random(); } } } <!--## } else if (CTRL.CtrlID == "edit") { ##--> // CAPTCHA checking if ($this->CurrentAction <> "I") { $objForm->Index = -1; $this->captcha = $objForm->GetValue("captcha"); if ($this->captcha <> @$_SESSION["EW_CAPTCHA_CODE"]) { // CAPTCHA unmatched $this->setFailureMessage($Language->Phrase("EnterValidateCode")); // Set message $this->CurrentAction = ""; // Reset action, do not update $this->EventCancelled = TRUE; // Event cancelled $this->RestoreFormValues(); // Restore form values } else { if ($this->CurrentAction == "U") $_SESSION["EW_CAPTCHA_CODE"] = ew_Random(); } } <!--## } else if (CTRL.CtrlID == "login") { ##--> // CAPTCHA checking if (ew_IsHttpPost()) { $this->captcha = @$_POST["captcha"]; if ($this->captcha <> @$_SESSION["EW_CAPTCHA_CODE"]) { // CAPTCHA unmatched $this->setFailureMessage($Language->Phrase("EnterValidateCode")); // Set message $bValidate = FALSE; } } if (!$bValidate) { $_SESSION["EW_CAPTCHA_CODE"] = ew_Random(); } <!--## } else if (CTRL.CtrlID == "forgotpwd") { ##--> // CAPTCHA checking if (ew_IsHttpPost()) { $this->captcha = @$_POST["captcha"]; if ($this->captcha <> @$_SESSION["EW_CAPTCHA_CODE"]) { // CAPTCHA unmatched $this->setFailureMessage($Language->Phrase("EnterValidateCode")); // Set message $bValidEmail = FALSE; } } if (!$bValidEmail) { $_SESSION["EW_CAPTCHA_CODE"] = ew_Random(); } <!--## } else if (CTRL.CtrlID == "changepwd") { ##--> // CAPTCHA checking if (ew_IsHttpPost()) { $this->captcha = @$_POST["captcha"]; if ($this->captcha <> @$_SESSION["EW_CAPTCHA_CODE"]) { // CAPTCHA unmatched $this->setFailureMessage($Language->Phrase("EnterValidateCode")); // Set message $bValidate = FALSE; } } if (!$bValidate) { $_SESSION["EW_CAPTCHA_CODE"] = ew_Random(); } <!--## } } ##--> <!--##/session##--> <!--##session phpcaptcha_htm##--> <!--## if (bUseCaptcha) { ##--> <!--## if (bConfirmCaptcha) { ##--> <?php if ($<!--##=gsTblVar##-->->CurrentAction <> "F") { ?> <!--## } ##--> <!-- captcha html (begin) --> <tr> <td > </td> <td > </td> <tr/> <tr> <td colspan="3" align="center"> <?php if (phpversion() < "4.3.2") { echo "<p class=\"ewmsg\">Warning: CAPTCHA extension is enabled but PHP version on this server is " . phpversion() . " only. The extension requires PHP >= 4.3.2.</p>"; } ?> <div><img src="ewcaptcha.php" alt="Security Image" width="200" height="50" /></div><br> <span class="phpmaker"><!--##@EnterValidateCode##--><!--##@FieldRequiredIndicator##--></span><br> <input type="text" name="captcha" id="captcha" size="30" /> </td> </tr> <!--## if (bConfirmCaptcha) { ##--> <?php } else { ?> <input type="hidden" name="captcha" id="captcha" value="<?php echo $<!--##=sPageObj##-->->captcha ?>" /> <?php } ?> <!--## } ##--> <br> <!-- captcha html (end) --> <!--## } ##--> <!--##/session##--> <!--##session phpcaptcha_js##--> <!--## if (bUseCaptcha) { ##--> if (fobj.captcha && !ew_HasValue(fobj.captcha)) return ew_OnError(this, fobj.captcha, ewLanguage.Phrase("EnterValidateCode")); <!--## } ##--> <!--##/session##--> -
Open your \Script\ewcfg.php file, and find this code:
// General
before that line, please insert the following code:
// Begin of modification Customizing Change Password Page, by Masino Sinaga, May 3, 2012 define("MS_SHOW_CAPTCHA_ON_CHANGE_PASSWORD_PAGE", FALSE, TRUE); // End of modification Customizing ChangePassword Page, by Masino Sinaga, May 3, 2012 -
Open your \Script\changepwd.php file, and then replace all the content of that file with the following code. Just like Login, Registration, and Forgot Password pages, the Change Password page also does not change for a long time. So it is save to do the following step. However, Warning: Please backup your file before doing this step!:
<!--##session currenttable##--> <!--## // Set security table current if (ew_IsNotEmpty(PROJ.SecTbl)) { TABLE = DB.Tables(PROJ.SecTbl); goFlds = goTblFlds.Fields; gsTblVar = TABLE.TblVar; } ##--> <!--##/session##--> <?php <!--##session phpmain##--> <!--## if (GetFldObj(PROJ.SecLoginIDFld)) { // nothing to do } ##--> <!--##include captcha-script.php/phpcaptcha_var##--> // // Page main // function Page_Main() { global $conn, $Language, $Security, $gsFormError; $bPostBack = ew_IsHttpPost(); $bValidate = TRUE; if ($bPostBack) { $sOPwd = ew_StripSlashes(@$_POST["opwd"]); $sNPwd = ew_StripSlashes(@$_POST["npwd"]); $sCPwd = ew_StripSlashes(@$_POST["cpwd"]); $bValidate = $this->ValidateForm($sOPwd, $sNPwd, $sCPwd); if (!$bValidate) { $this->setFailureMessage($gsFormError); } } if (MS_SHOW_CAPTCHA_ON_CHANGE_PASSWORD_PAGE == TRUE) { <!--##include captcha-script.php/phpcaptcha_php##--> } $bPwdUpdated = FALSE; if ($bPostBack && $bValidate) { // Setup variables <!--## if (bCheckPasswordExpiry) { ##--> if (IsPasswordExpired()) { $sUsername = $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME]; } else { $sUsername = $Security->CurrentUserName(); } <!--## } else { ##--> $sUsername = $Security->CurrentUserName(); <!--## } ##--> $sFilter = str_replace("%u", ew_AdjustSql($sUsername), EW_USER_NAME_FILTER); // Set up filter (Sql Where Clause) and get Return SQL // SQL constructor in <!--##=gsTblVar##--> class, <!--##=gsTblVar##-->info.php $this->CurrentFilter = $sFilter; $sSql = $this->SQL(); if ($rs = $conn->Execute($sSql)) { if (!$rs->EOF) { $rsold = $rs->fields; if (ew_ComparePassword($rsold['<!--##=SQuote(PROJ.SecPasswdFld)##-->'], $sOPwd)) { $bValidPwd = TRUE; <!--## if (SYSTEMFUNCTIONS.ServerScriptExist("Other","User_ChangePassword")) { ##--> $bValidPwd = $this->User_ChangePassword($rsold, $sUsername, $sOPwd, $sNPwd); <!--## } ##--> if ($bValidPwd) { $rsnew = array('<!--##=SQuote(PROJ.SecPasswdFld)##-->' => $sNPwd); // Change Password <!--## if (PROJ.SecChangeEmail) { ##--> $sEmail = $rsold['<!--##=SQuote(PROJ.SecEmailFld)##-->']; <!--## } ##--> $rs->Close(); $conn->raiseErrorFn = 'ew_ErrorFn'; $bValidPwd = $conn->Execute($this->UpdateSQL($rsnew)); $conn->raiseErrorFn = ''; if ($bValidPwd) $bPwdUpdated = TRUE; } else { $this->setFailureMessage($Language->Phrase("InvalidNewPassword")); $rs->Close(); } } else { $this->setFailureMessage($Language->Phrase("InvalidPassword")); } } else { $rs->Close(); } } } if ($bPwdUpdated) { <!--## if (PROJ.SecChangeEmail) { ##--> if (@$sEmail <> "") { // Load Email Content $Email = new cEmail(); $Email->Load("<!--##=sFnChangePwdTxt##-->"); $Email->ReplaceSender(EW_SENDER_EMAIL); // Replace Sender $Email->ReplaceRecipient($sEmail); // Replace Recipient $Email->ReplaceContent('<!--$Password-->', $sNPwd); $Email->Charset = EW_EMAIL_CHARSET; <!--## if (SYSTEMFUNCTIONS.ServerScriptExist("Other","Email_Sending")) { ##--> $Args = array(); $Args["rs"] = &$rsnew; $bEmailSent = FALSE; if ($this->Email_Sending($Email, $Args)) $bEmailSent = $Email->Send(); <!--## } else { ##--> $bEmailSent = $Email->Send(); <!--## } ##--> // Send email failed if (!$bEmailSent) $this->setFailureMessage($Email->SendErrDescription); } <!--## } ##--> if ($this->getSuccessMessage() == "") $this->setSuccessMessage($Language->Phrase("PasswordChanged")); // Set up success message <!--## if (bCheckPasswordExpiry) { ##--> // Update user profile and login again global $UserProfile; $UserProfile->SetValue(EW_USER_PROFILE_LAST_PASSWORD_CHANGED_DATE, ew_StdCurrentDate()); $UserProfile->SaveProfileToDatabase($sUsername); if (IsPasswordExpired()) { $_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = $sNPwd; $_SESSION[EW_SESSION_STATUS] = "loggingin"; $this->Page_Terminate("<!--##=sFnLogin##-->"); // Continue login process } <!--## } ##--> $this->Page_Terminate("<!--##=sFnDefault##-->"); // Exit page and clean up } } <!--##/session##--> ?> <!--##session changepwd_htm##--> <script type="text/javascript"> var <!--##=sFormName##--> = new ew_Form("<!--##=sFormName##-->"); // extend form with Validate function <!--##=sFormName##-->.Validate = function() { var fobj = this.Form; if (!this.ValidateRequired) return true; // ignore validation if (!ew_HasValue(fobj.opwd)) return ew_OnError(this, fobj.opwd, ewLanguage.Phrase("EnterOldPassword")); if (!ew_HasValue(fobj.npwd)) return ew_OnError(this, fobj.npwd, ewLanguage.Phrase("EnterNewPassword")); if (fobj.npwd.value != fobj.cpwd.value) return ew_OnError(this, fobj.cpwd, ewLanguage.Phrase("MismatchPassword")); <!--##include captcha-script.php/phpcaptcha_js##--> <!--## if (SYSTEMFUNCTIONS.ClientScriptExist("Other","Form_CustomValidate")) { ##--> // Call Form Custom Validate event if (!this.Form_CustomValidate(fobj)) return false; <!--## } ##--> return true; } <!--## if (SYSTEMFUNCTIONS.ClientScriptExist("Other","Form_CustomValidate")) { ##--> // extend form with Form_CustomValidate function <!--##=sFormName##-->.Form_CustomValidate = <!--##~SYSTEMFUNCTIONS.GetClientScript("Other","Form_CustomValidate")##--> <!--## } ##--> // requires js validation <?php if (EW_CLIENT_VALIDATE) { ?> <!--##=sPageObj##-->.ValidateRequired = true; <?php } else { ?> <!--##=sPageObj##-->.ValidateRequired = false; <?php } ?> </script> <!--##include phpcommon.php/header-message##--> <!--##include phpcommon.php/phpcommon-message##--> <br /><br /> <body onload="document.<!--##=sFormName##-->.opwd.value=''; document.<!--##=sFormName##-->.opwd.focus();"> <form name="<!--##=sFormName##-->" id="<!--##=sFormName##-->" class="ewForm" action="<?php echo ew_CurrentPage() ?>" method="post"<!--##=sFormSubmit##-->> <table border="0" cellpadding="0" cellspacing="0" width="400" align="center"> <tr> <td> <table border="0" cellpadding="0" cellspacing="0" width="420" align="center"> <tr> <td align="left" valign="top" width="4" height="30"><img src="phpimages/sidebox-title-left.gif"></td> <td align="left" valign="middle" background="phpimages/sidebox-title-bg.gif" width="390" height="30"> <font class="option"> <strong><!--##@ChangePwdPage##--></strong></font></td> <td align="left" valign="top" width="4" height="30"><img src="phpimages/sidebox-title-right.gif"></td> </tr> </table> </td> </tr> </table> <table border="0" cellpadding="0" cellspacing="0" align="center"> <tr valign="top"> <td width="4" align="left" valign="top" background="phpimages/sidebox-bar-left.gif"><img src="phpimages/sidebox-bar-px.gif"></td> <td bgcolor="#FFFFFF" width="" align="left" valign="top"> <table bgcolor="#F0F1F5" border="0" cellpadding="0" cellspacing="0" align="center"> <tr> <td> <table width="412" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td > </td> <td > </td> <tr/> <tr> <td > </td> <td > </td> <tr/> <tr> <td> <span class="phpmaker"><!--##@OldPassword##--></span></td> <td><span class="phpmaker"><input type="password" name="opwd" id="opwd" size="30" /></span></td> </tr> <tr> <td > </td> <td > </td> <tr/> <tr> <td> <span class="phpmaker"><!--##@NewPassword##--></span></td> <td><span class="phpmaker"><input type="password" name="npwd" id="npwd" size="30" /></span></td> </tr> <tr> <td > </td> <td > </td> <tr/> <tr> <td> <span class="phpmaker"><!--##@ConfirmPassword##--></span></td> <td><span class="phpmaker"><input type="password" name="cpwd" id="cpwd" size="30" /></span></td> </tr> <tr> <td > </td> <td > </td> <tr/> <?php if (MS_SHOW_CAPTCHA_ON_CHANGE_PASSWORD_PAGE == TRUE) { ?> <!--##include captcha-script.php/phpcaptcha_htm##--> <?php } ?> <tr> <td > </td> <td > </td> <tr/> <tr> <td> </td> <td><span class="phpmaker"><input type="submit" name="btnsubmit" id="btnsubmit" value="<?php echo ew_BtnCaption($Language->Phrase("ChangePwdBtn")) ?>" /></span></td> </tr> <tr> <td > </td> <td > </td> <tr/> <tr> <td > </td> <td > </td> <tr/> </table> </td> </tr> </table> </td> <td width="4" align="left" valign="top" background="phpimages/sidebox-bar-right.gif"><img src="phpimages/sidebox-bar-px.gif"> </td> </tr> </table> <table border="0" cellpadding="0" cellspacing="0" width="420" align="center"> <tr> <td width="2" height="29" align="left" valign="top"><img src="phpimages/storybox-bottom-left.gif"></td> <td width="394" height="29" background="phpimages/storybox-bottom-bg.gif"> </td> <td width="8" height="29" align="left" valign="top"><img src="phpimages/storybox-bottom-right.gif"></td> </tr> </table> </form> </body> <br /><br /> <script type="text/javascript"> <!--##=sFormName##-->.Init(); </script> <!--##include phpcommon.php/footer-message##--> <!--##/session##--> <?php <!--##session phpfunction##--> // Validate form function ValidateForm($opwd, $npwd, $cpwd) { global $Language, $gsFormError; // Check if validation required if (!EW_SERVER_VALIDATE) return TRUE; // Initialize form error message $gsFormError = ""; if ($opwd == "") { ew_AddMessage($gsFormError, $Language->Phrase("EnterOldPassword")); } if ($npwd == "") { ew_AddMessage($gsFormError, $Language->Phrase("EnterNewPassword")); } if ($npwd <> $cpwd) { ew_AddMessage($gsFormError, $Language->Phrase("MismatchPassword")); } // Return validate result $valid = ($gsFormError == ""); <!--## if (SYSTEMFUNCTIONS.ServerScriptExist("Other","Form_CustomValidate")) { ##--> // Call Form CustomValidate event $sFormCustomError = ""; $valid = $valid && $this->Form_CustomValidate($sFormCustomError); if ($sFormCustomError <> "") { ew_AddMessage($gsFormError, $sFormCustomError); } <!--## } ##--> return $valid; } <!--##/session##--> ?> <?php <!--##session phpevents##--> <!--##~SYSTEMFUNCTIONS.GetServerScript("Other","Email_Sending")##--> <!--##~SYSTEMFUNCTIONS.GetServerScript("Other","Form_CustomValidate")##--> <!--##~SYSTEMFUNCTIONS.GetServerScript("Other","User_ChangePassword")##--> <!--##/session##--> ?> -
Please note that since PHPMaker 9.0.4, there was a little bit change in this changepwd.php file. After you replacing all of the content of this file in the previous step above, then find this following code (again, this customization only for PHPMaker >= 9.0.4):
$bValidPwd = $conn->Execute($this->UpdateSQL($rsnew));
then replace it with the following code:
// $bValidPwd = $conn->Execute($this->UpdateSQL($rsnew)); // Old method! <= 9.0.3 $bValidPwd = $this->Update($rsnew); // Started from PHPMaker 9.0.4 -
Still from \Script\changepwd.php file above, find again this code (again, this customization only for PHPMaker >= 9.0.4):
// requires js validation <?php if (EW_CLIENT_VALIDATE) { ?> <!--##=sPageObj##-->.ValidateRequired = true; <?php } else { ?> <!--##=sPageObj##-->.ValidateRequired = false; <?php } ?>then replace it with the following code:
// requires js validation <?php if (EW_CLIENT_VALIDATE) { ?> <!--##=sFormName##-->.ValidateRequired = true; <?php } else { ?> <!--##=sFormName##-->.ValidateRequired = false; <?php } ?> - Finally, re-generate your script files using PHPMaker as always.
[/hidepost]
[…] note that you are strongly recommended to implement this customization before doing the customization below, since there are some replacements that you will not find if […]