RT#29354: Password Security in Email [xmlhttp validation for selfservice]

[freeside.git] / fs_selfservice / FS-SelfService / cgi / change_password.html

diff --git a/fs_selfservice/FS-SelfService/cgi/change_password.html b/fs_selfservice/FS-SelfService/cgi/change_password.html
index 9b91d2c..ef66554 100644 (file)
--- a/fs_selfservice/FS-SelfService/cgi/change_password.html
+++ b/fs_selfservice/FS-SelfService/cgi/change_password.html
@@ -1,14 +1,10 @@
-<%= $url = "$selfurl?session=$session_id;action="; ''; %>
-<%= include('header') %>
-
-<FONT SIZE=4>Change password</FONT><BR><BR>
+<%= include('header', 'Change password') %>
 
 <%= if ( $error ) {
   $OUT .= qq!<FONT SIZE="+1" COLOR="#ff0000">$error</FONT><BR><BR>!;
 } ''; %>
 
 <FORM ACTION="<%= $selfurl %>" METHOD="POST">
-<INPUT TYPE="hidden" NAME="session" VALUE="<%= $session_id %>">
 <INPUT TYPE="hidden" NAME="action" VALUE="process_change_password">
 
 <TABLE BGCOLOR="#cccccc">
@@ -16,7 +12,7 @@
   <TR>
     <TH ALIGN="right">Change password for account: </TH>
     <TD>
-      <SELECT NAME="svcnum">
+      <SELECT ID="new_password_svcnum" NAME="svcnum">
         <%= foreach my $svc ( @svcs ) {
               $OUT .= '<OPTION VALUE="'. $svc->{'svcnum'}. '"'.
                         ( $svc->{'svcnum'} eq $svcnum ? ' SELECTED' : '' ). '>'.
@@ -29,7 +25,15 @@
 
   <TR>
     <TH ALIGN="right">New password: </TH>
-    <TD><INPUT TYPE="password" NAME="new_password" SIZE="18"></TD>
+    <TD>
+      <INPUT ID="new_password" TYPE="password" NAME="new_password" SIZE="18">
+      <DIV ID="new_password_result"></DIV>
+<%= include('send_xmlhttp') %>
+<%= include('add_password_validation') %>
+<SCRIPT>
+add_password_validation('new_password');
+</SCRIPT>
+    </TD>
   </TR>
 
   <TR>