<?PHP // $Id$
require_once('../config.php');
+ require_once('change_password_form.php');
$id = optional_param('id', SITEID, PARAM_INT);
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+
//HTTPS is potentially required in this page
httpsrequired();
error('No such course!');
}
- // did we get here because of a force password change
- $forcepassword = !empty($USER->preference['auth_forcepasswordchange']);
+ // require proper login; guest can not change passwords anymore!
+ // TODO: add change password capability so that we can prevent participants to change password
+ if (empty($USER->id) or $USER->username=='guest' or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) {
+ if (empty($SESSION->wantsurl)) {
+ $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
+ }
+ redirect($CFG->httpswwwroot.'/login/index.php');
+ }
- if (!$forcepassword) { // Don't redirect if they just got sent here
- require_login($id);
+ // do not allow "Logged in as" users to change any passwords
+ if (!empty($USER->realuser)) {
+ error('Can not use this script when "Logged in as"!');
}
- if ($frm = data_submitted()) {
- validate_form($frm, $err);
+ $mform = new change_password_form('change_password.php');
+ $mform->set_defaults(array('id'=>$course->id, 'username'=>$USER->username));
- update_login_count();
+ if ($data = $mform->data_submitted()) {
- if (!count((array)$err)) {
- $user = get_complete_user_data('username', $frm->username);
+ if (!has_capability('moodle/user:update', $sitecontext)) {
+ //ignore submitted username - the same is done in form validation
+ $data->username = $USER->username;
+ }
+
+ if ($data->username == $USER->username) {
+ $user =& $USER;
+ } else {
+ $user = get_complete_user_data('username', $data->username);
+ }
- if (isguest($user->id)) {
- error('Can\'t change guest password!');
+ if (is_internal_auth($user->auth)){
+ if (!update_internal_user_password($user, $data->newpassword1)) {
+ error('Could not set the new password');
}
-
- if (is_internal_auth($user->auth)){
- if (!update_internal_user_password($user, $frm->newpassword1)) {
- error('Could not set the new password');
- }
- } else { // external users
- // the relevant auth libs should be loaded already
- // as validate_form() calls authenticate_user_login()
- // check that we allow changes through moodle
- if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
- if (function_exists('auth_user_update_password')){
- // note that we pass cleartext password
- if (auth_user_update_password($user->username, $frm->newpassword1)){
- update_internal_user_password($user, $frm->newpassword1, false);
- } else {
- error('Could not set the new password');
- }
+ } else { // external users
+ // the relevant auth libs should be loaded already
+ // as part of form validation in function authenticate_user_login()
+ // check that we allow changes through moodle
+ if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
+ if (function_exists('auth_user_update_password')){
+ // note that we pass cleartext password
+ if (auth_user_update_password($user->username, $data->newpassword1)){
+ update_internal_user_password($user, $data->newpassword1, false);
} else {
- error('The authentication module is misconfigured (missing auth_user_update_password)');
- }
+ error('Could not set the new password');
+ }
} else {
- error('You cannot change your password this way.');
+ error('The authentication module is misconfigured (missing auth_user_update_password)');
}
+ } else {
+ error('You cannot change your password this way.');
}
-
- /// Are we admin logged in as someone else? If yes then we need to retain our real identity.
- if (!empty($USER->realuser)) {
- $realuser = $USER->realuser;
- }
-
- $USER = clone($user); // Get a fresh copy
-
- if (!empty($realuser)) {
- $USER->realuser = $realuser;
- }
-
- // register success changing password
- unset_user_preference('auth_forcepasswordchange', $user->id);
-
- set_moodle_cookie($USER->username);
-
- reset_login_count();
+ }
- $strpasswordchanged = get_string('passwordchanged');
+ // register success changing password
+ unset_user_preference('auth_forcepasswordchange', $user->id);
- add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&course=$course->id", "$user->id");
+ $strpasswordchanged = get_string('passwordchanged');
- $fullname = fullname($USER, true);
+ add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&course=$course->id", "$user->id");
- if ($course->id != SITEID) {
- $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
- } else {
- $navstr = '';
- }
- $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</a> -> $strpasswordchanged";
+ $fullname = fullname($USER, true);
- print_header($strpasswordchanged, $strpasswordchanged, $navstr);
+ if ($course->id != SITEID) {
+ $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
+ } else {
+ $navstr = '';
+ }
+ $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</a> -> $strpasswordchanged";
- notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id");
+ print_header($strpasswordchanged, $strpasswordchanged, $navstr);
- print_footer();
- exit;
+ if (empty($SESSION->wantsurl)) {
+ $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id";
+ } else {
+ $returnto = $SESSION->wantsurl;
}
- }
- // We NEED to set this, because the form assumes it has a value!
- $frm->id = empty($course->id) ? 0 : $course->id;
+ notice($strpasswordchanged, $returnto);
- if (empty($frm->username) && !isguest()) {
- $frm->username = $USER->username;
+ print_footer();
+ exit;
}
+
$strchangepassword = get_string('changepassword');
$fullname = fullname($USER, true);
}
$navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string('participants')."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</a> -> $strchangepassword";
- print_header($strchangepassword, $strchangepassword, $navstr);
-
- echo '<br />';
- print_simple_box_start('center');
- include('change_password_form.html');
- print_simple_box_end();
- print_footer();
-
-
-
-
-/******************************************************************************
- * FUNCTIONS
- *****************************************************************************/
-function validate_form($frm, &$err) {
-
- global $USER;
-
- $validpw = authenticate_user_login($frm->username, $frm->password);
-
- if (empty($frm->username)){
- $err->username = get_string('missingusername');
- } else {
- if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and empty($frm->password)){
- $err->password = get_string('missingpassword');
- } else {
- if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) {
- //require non adminusers to give valid password
- if(!$validpw) {
- $err->password = get_string('wrongpassword');
- }
- }
- else {
- // don't allow anyone to change the primary admin's password
- $mainadmin = get_admin();
- if($frm->username == $mainadmin->username && $mainadmin->id != $USER->id) { // the primary admin can change their own password!
- $err->username = get_string('adminprimarynoedit');
- }
- }
- }
- }
-
- if (empty($frm->newpassword1)){
- $err->newpassword1 = get_string('missingnewpassword');
- }
- if (empty($frm->newpassword2)){
- $err->newpassword2 = get_string('missingnewpassword');
- } else {
- if ($frm->newpassword1 <> $frm->newpassword2) {
- $err->newpassword2 = get_string('passwordsdiffer');
- } else {
- if(!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and ($frm->password === $frm->newpassword1)){
- $err->newpassword1 = get_string('mustchangepassword');
- }
- }
+ print_header($strchangepassword, $strchangepassword, $navstr);
+ if (!empty($USER->preference['auth_forcepasswordchange'])) {
+ notify(get_string('forcepasswordchangenotice'));
}
-
- return;
-}
+ $mform->display();
+ print_footer();
?>
+++ /dev/null
-
-<?php
- // only display this help message if we are being forced to change
- if ($forcepassword) {
- notify( get_string('forcepasswordchangenotice') );
- }
- ?>
-<p><b><?php print_string("allfieldsrequired") ?></b></p>
-<?php
- if (empty($frm->username)) {
- $frm->username = "";
- }
- if (empty($frm->password)) {
- $frm->password = "";
- }
- if (empty($frm->newpassword1)) {
- $frm->newpassword1 = "";
- }
- if (empty($frm->newpassword2)) {
- $frm->newpassword2 = "";
- }
-?>
-<form action="change_password.php" method="post" name="form" id="form">
-<table cellpadding="2">
-
-<tr valign="top">
- <td><label for="username"><?php print_string("username") ?></label></td>
- <td>
- <?php if (has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) || empty($frm->username)) { ?>
- <input type="text" name="username" id="username" size="25" value="<?php p($frm->username) ?>" />
- <?php } else { ?>
- <input type="hidden" name="username" id="username" value="<?php p($frm->username)?>" /> <?php p($frm->username)?>
- <?php } ?>
- <?php if (!empty($err->username)) { formerr($err->username); } ?>
- </td>
-</tr>
-
-<?php if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) { ?>
- <tr valign="top">
- <td><label for="password"><?php print_string("oldpassword") ?></label></td>
- <td><input type="password" name="password" id="password" size="25" value="<?php p($frm->password) ?>" />
- <?php if (!empty($err->password)) { formerr($err->password); } ?>
- </td>
- </tr>
-<?php } ?>
-
-
-<tr valign="top">
- <td><label for="newpassword1"><?php print_string("newpassword") ?></label></td>
- <td><input type="password" name="newpassword1" id="newpassword1" size="25" value="<?php p($frm->newpassword1) ?>" />
- <?php if (!empty($err->newpassword1)) { formerr($err->newpassword1); } ?>
- </td>
-</tr>
-<tr valign="top">
- <td><label for="newpassword2"><?php print_string("newpassword") ?> (<?php print_string("again") ?>)</label></td>
- <td><input type="password" name="newpassword2" id="newpassword2" size="25" value="<?php p($frm->newpassword2) ?>" />
- <?php if (!empty($err->newpassword2)) { formerr($err->newpassword2); } ?>
- </td>
-</tr>
-<tr>
- <td></td>
- <td><input type="hidden" name="id" value="<?php p($frm->id)?>" />
- <input type="submit" value="<?php print_string("changepassword") ?>" />
- <?php if (has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) { ?>
- <input type="hidden" name="password" id="password" value="" />
- <?php } ?>
- </td>
-</tr>
-</table>
-</form>
--- /dev/null
+<?php //$Id$
+
+require_once $CFG->libdir.'/formslib.php';
+
+class change_password_form extends moodleform {
+
+ function definition() {
+ global $USER;
+
+ $mform =& $this->_form;
+ $renderer =& $mform->defaultRenderer();
+
+ $mform->addElement('header', '', get_string('changepassword'), '');
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+
+ // visible elements
+ if (has_capability('moodle/user:update', $sitecontext)) {
+ $mform->addElement('text', 'username', get_string('username'));
+ $mform->addRule('username', get_string('required'), 'required', null, 'client');
+ $mform->setType('username', PARAM_RAW);
+ } else {
+ $mform->addElement('hidden', 'username');
+ $mform->setType('username', PARAM_RAW);
+ }
+
+ if (has_capability('moodle/user:update', $sitecontext)) {
+ $mform->addElement('hidden', 'password');
+ $mform->setType('username', PARAM_RAW);
+ } else {
+ $mform->addElement('password', 'password', get_string('oldpassword'));
+ $mform->addRule('password', get_string('required'), 'required', null, 'client');
+ $mform->setType('password', PARAM_RAW);
+ }
+
+ $mform->addElement('password', 'newpassword1', get_string('newpassword'));
+ $mform->addRule('newpassword1', get_string('required'), 'required', null, 'client');
+ $mform->setType('newpassword1', PARAM_RAW);
+
+ $mform->addElement('password', 'newpassword2', get_string('newpassword').' ('.get_String('again').')');
+ $mform->addRule('newpassword2', get_string('required'), 'required', null, 'client');
+ $mform->setType('newpassword2', PARAM_RAW);
+
+
+ // hidden optional params
+ $mform->addElement('hidden', 'id', 0);
+ $mform->setType('id', PARAM_INT);
+
+ // buttons
+ $mform->addelement('submit', 'submitbutton', get_string('changepassword'));
+
+ $renderer->addStopFieldsetElements('submitbutton');
+ }
+
+/// perform extra password change validation
+ function validation($data){
+ global $USER;
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+ $errors = array();
+
+ if (has_capability('moodle/user:update', $sitecontext)) {
+ if (!$user = get_record('user', 'username', $data['username'])) {
+ $errors['username'] = get_string('invalidlogin');
+ return $errors;
+ }
+ } else {
+ update_login_count();
+
+ // ignore submitted username
+ if (!$user = authenticate_user_login($USER->username, $data['password'])) {
+ $errors['password'] = get_string('invalidlogin');
+ return $errors;
+ }
+
+ reset_login_count();
+ }
+
+ // can not change guest user password
+ if ($user->username == 'guest') {
+ $errors['username'] = get_string('invalidlogin');
+ return $errors;
+ }
+
+ // can not change password of primary admin
+ $mainadmin = get_admin();
+ if ($user->id == $mainadmin->id and $USER->id != $mainadmin->id) {
+ $errors['username'] = get_string('adminprimarynoedit');
+ return $errors;
+ }
+
+ if ($data['newpassword1'] <> $data['newpassword2']) {
+ $errors['newpassword1'] = get_string('passwordsdiffer');
+ $errors['newpassword2'] = get_string('passwordsdiffer');
+ return $errors;
+ } else if (!has_capability('moodle/user:update', $sitecontext) and ($data['password'] == $data['newpassword1'])){
+ $errors['newpassword1'] = get_string('mustchangepassword');
+ $errors['newpassword2'] = get_string('mustchangepassword');
+ return $errors;
+ }
+
+ return true;
+ }
+}
+?>