]> git.mjollnir.org Git - moodle.git/commitdiff
conversion of login/change_password.php to new formslib and other changes:
authorskodak <skodak>
Sat, 2 Dec 2006 14:38:31 +0000 (14:38 +0000)
committerskodak <skodak>
Sat, 2 Dec 2006 14:38:31 +0000 (14:38 +0000)
* new formslib
* works only when logged in - added redirection to login page for guests or not logged in yet
* fixed redirects when logging in and on forced password change
* "Logged in as" users are not allowed to use this form
* general cleanup

lib/moodlelib.php
login/change_password.php
login/change_password_form.html [deleted file]
login/change_password_form.php [new file with mode: 0644]
user/view.php

index 4d255b70b3046c852872481d3f62e7757e10634c..0a42eeb9f00f82df7f664863629cbf7c53fe9db9 100644 (file)
@@ -1538,7 +1538,12 @@ function require_login($courseid=0, $autologinguest=true, $cm=null) {
     if (!empty($USER->preference['auth_forcepasswordchange'])){
         if (is_internal_auth() || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
             $SESSION->wantsurl = $FULLME;
-            redirect($CFG->wwwroot .'/login/change_password.php');
+            if (empty($CFG->loginhttps)) {
+                redirect($CFG->wwwroot .'/login/change_password.php');
+            } else {
+                $wwwroot = str_replace('http:','https:', $CFG->wwwroot);
+                redirect($wwwroot .'/login/change_password.php');
+            }
         } elseif($CFG->changepassword) {
             redirect($CFG->changepassword);
         } else {
index c2f58e6693551ee8eb602e15f4fcc6d7d1c4d7bf..8045551adc6be0906c5918b86b70225b9eb79381 100644 (file)
@@ -1,9 +1,12 @@
 <?PHP // $Id$
 
     require_once('../config.php');
+    require_once('change_password_form.php');
 
     $id = optional_param('id', SITEID, PARAM_INT);
 
+    $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+
     //HTTPS is potentially required in this page
     httpsrequired();
 
         error('No such course!');
     }
 
-    // did we get here because of a force password change
-    $forcepassword = !empty($USER->preference['auth_forcepasswordchange']);
+    // require proper login; guest can not change passwords anymore!
+    // TODO: add change password capability so that we can prevent participants to change password
+    if (empty($USER->id) or $USER->username=='guest' or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) {
+        if (empty($SESSION->wantsurl)) {
+            $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
+        }
+        redirect($CFG->httpswwwroot.'/login/index.php');
+    }
 
-    if (!$forcepassword) {  // Don't redirect if they just got sent here
-        require_login($id);
+    // do not allow "Logged in as" users to change any passwords
+    if (!empty($USER->realuser)) {
+        error('Can not use this script when "Logged in as"!');
     }
 
-    if ($frm = data_submitted()) {
-        validate_form($frm, $err);
+    $mform = new change_password_form('change_password.php');
+    $mform->set_defaults(array('id'=>$course->id, 'username'=>$USER->username));
 
-        update_login_count();
+    if ($data = $mform->data_submitted()) {
 
-        if (!count((array)$err)) {
-            $user = get_complete_user_data('username', $frm->username);
+        if (!has_capability('moodle/user:update', $sitecontext)) {
+            //ignore submitted username - the same is done in form validation
+            $data->username = $USER->username;
+        }
+
+        if ($data->username == $USER->username) {
+            $user =& $USER;
+        } else {
+            $user = get_complete_user_data('username', $data->username);
+        }
 
-            if (isguest($user->id)) {
-                error('Can\'t change guest password!');
+        if (is_internal_auth($user->auth)){
+            if (!update_internal_user_password($user, $data->newpassword1)) {
+                error('Could not set the new password');
             }
-            
-            if (is_internal_auth($user->auth)){
-                if (!update_internal_user_password($user, $frm->newpassword1)) {
-                    error('Could not set the new password');
-                }
-            } else { // external users
-                // the relevant auth libs should be loaded already 
-                // as validate_form() calls authenticate_user_login()
-                // check that we allow changes through moodle
-                if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
-                    if (function_exists('auth_user_update_password')){
-                        // note that we pass cleartext password 
-                        if (auth_user_update_password($user->username, $frm->newpassword1)){
-                            update_internal_user_password($user, $frm->newpassword1, false);
-                        } else {
-                            error('Could not set the new password');
-                        }
+        } else { // external users
+            // the relevant auth libs should be loaded already
+            // as part of form validation in function authenticate_user_login()
+            // check that we allow changes through moodle
+            if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
+                if (function_exists('auth_user_update_password')){
+                    // note that we pass cleartext password
+                    if (auth_user_update_password($user->username, $data->newpassword1)){
+                        update_internal_user_password($user, $data->newpassword1, false);
                     } else {
-                        error('The authentication module is misconfigured (missing auth_user_update_password)'); 
-                    } 
+                        error('Could not set the new password');
+                    }
                 } else {
-                    error('You cannot change your password this way.');
+                    error('The authentication module is misconfigured (missing auth_user_update_password)');
                 }
+            } else {
+                error('You cannot change your password this way.');
             }
-            
-            /// Are we admin logged in as someone else? If yes then we need to retain our real identity.
-            if (!empty($USER->realuser)) {
-                $realuser = $USER->realuser;
-            }
-            
-            $USER = clone($user); // Get a fresh copy
-
-            if (!empty($realuser)) {
-                $USER->realuser = $realuser;
-            }
-
-            // register success changing password
-            unset_user_preference('auth_forcepasswordchange', $user->id);
-
-            set_moodle_cookie($USER->username);
-
-            reset_login_count();
+        }
 
-            $strpasswordchanged = get_string('passwordchanged');
+        // register success changing password
+        unset_user_preference('auth_forcepasswordchange', $user->id);
 
-            add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&amp;course=$course->id", "$user->id");
+        $strpasswordchanged = get_string('passwordchanged');
 
-            $fullname = fullname($USER, true);
+        add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&amp;course=$course->id", "$user->id");
 
-            if ($course->id != SITEID) {
-                $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
-            } else {
-                $navstr = '';
-            }
-            $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strpasswordchanged";
+        $fullname = fullname($USER, true);
 
-            print_header($strpasswordchanged, $strpasswordchanged, $navstr);
+        if ($course->id != SITEID) {
+            $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
+        } else {
+            $navstr = '';
+        }
+        $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strpasswordchanged";
 
-            notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$id");
+        print_header($strpasswordchanged, $strpasswordchanged, $navstr);
 
-            print_footer();
-            exit;
+        if (empty($SESSION->wantsurl)) {
+            $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$id";
+        } else {
+            $returnto = $SESSION->wantsurl;
         }
-    }
 
-    // We NEED to set this, because the form assumes it has a value!
-    $frm->id = empty($course->id) ? 0 : $course->id;
+        notice($strpasswordchanged, $returnto);
 
-    if (empty($frm->username) && !isguest()) {
-        $frm->username = $USER->username;
+        print_footer();
+        exit;
     }
 
+
     $strchangepassword = get_string('changepassword');
 
     $fullname = fullname($USER, true);
     }
     $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string('participants')."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strchangepassword";
 
-    print_header($strchangepassword, $strchangepassword, $navstr);
-
-    echo '<br />';
-    print_simple_box_start('center');
-    include('change_password_form.html');
-    print_simple_box_end();
-    print_footer();
-
-
-
-
-/******************************************************************************
- * FUNCTIONS
- *****************************************************************************/
-function validate_form($frm, &$err) {
-
-    global $USER;
-
-    $validpw = authenticate_user_login($frm->username, $frm->password);
-
-    if (empty($frm->username)){
-        $err->username = get_string('missingusername');
-    } else {
-        if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and empty($frm->password)){
-            $err->password = get_string('missingpassword');
-        } else {  
-            if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) {
-                //require non adminusers to give valid password
-                if(!$validpw) {
-                    $err->password = get_string('wrongpassword');
-                }
-            }
-            else {
-                // don't allow anyone to change the primary admin's password
-                $mainadmin = get_admin();
-                if($frm->username == $mainadmin->username && $mainadmin->id != $USER->id) { // the primary admin can change their own password!
-                    $err->username = get_string('adminprimarynoedit');
-                }
-            }
-        }
-    }
-
-    if (empty($frm->newpassword1)){
-        $err->newpassword1 = get_string('missingnewpassword');
-    }
 
-    if (empty($frm->newpassword2)){
-        $err->newpassword2 = get_string('missingnewpassword');
-    } else {
-        if ($frm->newpassword1 <> $frm->newpassword2) {
-            $err->newpassword2 = get_string('passwordsdiffer');
-        } else {
-            if(!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and ($frm->password === $frm->newpassword1)){
-                $err->newpassword1 = get_string('mustchangepassword');
-            }
-        }
+    print_header($strchangepassword, $strchangepassword, $navstr);
+    if (!empty($USER->preference['auth_forcepasswordchange'])) {
+        notify(get_string('forcepasswordchangenotice'));
     }
-    
-    return;
-}
+    $mform->display();
+    print_footer();
 
 ?>
diff --git a/login/change_password_form.html b/login/change_password_form.html
deleted file mode 100644 (file)
index 182c286..0000000
+++ /dev/null
@@ -1,70 +0,0 @@
-
-<?php 
-    // only display this help message if we are being forced to change
-    if ($forcepassword) {
-        notify( get_string('forcepasswordchangenotice') );
-    }
- ?>
-<p><b><?php print_string("allfieldsrequired") ?></b></p>
-<?php
-   if (empty($frm->username)) {
-       $frm->username = "";
-   }
-   if (empty($frm->password)) {
-       $frm->password = "";
-   }
-   if (empty($frm->newpassword1)) {
-       $frm->newpassword1 = "";
-   }
-   if (empty($frm->newpassword2)) {
-       $frm->newpassword2 = "";
-   }
-?>
-<form action="change_password.php" method="post" name="form" id="form">
-<table cellpadding="2">
-
-<tr valign="top">
-    <td><label for="username"><?php print_string("username") ?></label></td>
-    <td>
-    <?php if (has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) || empty($frm->username)) { ?>
-        <input type="text" name="username" id="username" size="25" value="<?php p($frm->username) ?>" />
-    <?php } else { ?>
-        <input type="hidden" name="username" id="username" value="<?php p($frm->username)?>" />  <?php p($frm->username)?>
-    <?php } ?>
-    <?php if (!empty($err->username)) { formerr($err->username); } ?>
-    </td>
-</tr>
-
-<?php if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) { ?>
-    <tr valign="top">
-        <td><label for="password"><?php print_string("oldpassword") ?></label></td>
-        <td><input type="password" name="password" id="password" size="25" value="<?php p($frm->password) ?>" />
-        <?php if (!empty($err->password)) { formerr($err->password); } ?>
-        </td>
-    </tr>
-<?php } ?>
-    
-
-<tr valign="top">
-    <td><label for="newpassword1"><?php print_string("newpassword") ?></label></td>
-    <td><input type="password" name="newpassword1" id="newpassword1" size="25" value="<?php p($frm->newpassword1) ?>" />
-    <?php if (!empty($err->newpassword1)) { formerr($err->newpassword1); } ?>
-    </td>
-</tr>
-<tr valign="top">
-    <td><label for="newpassword2"><?php print_string("newpassword") ?> (<?php print_string("again") ?>)</label></td>
-    <td><input type="password" name="newpassword2" id="newpassword2" size="25" value="<?php p($frm->newpassword2) ?>" />
-    <?php if (!empty($err->newpassword2)) { formerr($err->newpassword2); } ?>
-    </td>
-</tr>
-<tr>
-    <td></td>
-    <td><input type="hidden" name="id" value="<?php p($frm->id)?>" />
-        <input type="submit" value="<?php print_string("changepassword") ?>" />
-        <?php if (has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) { ?>
-            <input type="hidden" name="password" id="password" value="" />
-        <?php } ?>
-    </td>
-</tr>
-</table>
-</form>
diff --git a/login/change_password_form.php b/login/change_password_form.php
new file mode 100644 (file)
index 0000000..93c185a
--- /dev/null
@@ -0,0 +1,103 @@
+<?php //$Id$
+
+require_once $CFG->libdir.'/formslib.php';
+
+class change_password_form extends moodleform {
+
+    function definition() {
+        global $USER;
+
+        $mform    =& $this->_form;
+        $renderer =& $mform->defaultRenderer();
+
+        $mform->addElement('header', '', get_string('changepassword'), '');
+        $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+
+        // visible elements
+        if (has_capability('moodle/user:update', $sitecontext)) {
+            $mform->addElement('text', 'username', get_string('username'));
+            $mform->addRule('username', get_string('required'), 'required', null, 'client');
+            $mform->setType('username', PARAM_RAW);
+        } else {
+            $mform->addElement('hidden', 'username');
+            $mform->setType('username', PARAM_RAW);
+        }
+
+        if (has_capability('moodle/user:update', $sitecontext)) {
+            $mform->addElement('hidden', 'password');
+            $mform->setType('username', PARAM_RAW);
+        } else {
+            $mform->addElement('password', 'password', get_string('oldpassword'));
+            $mform->addRule('password', get_string('required'), 'required', null, 'client');
+            $mform->setType('password', PARAM_RAW);
+        }
+
+        $mform->addElement('password', 'newpassword1', get_string('newpassword'));
+        $mform->addRule('newpassword1', get_string('required'), 'required', null, 'client');
+        $mform->setType('newpassword1', PARAM_RAW);
+
+        $mform->addElement('password', 'newpassword2', get_string('newpassword').' ('.get_String('again').')');
+        $mform->addRule('newpassword2', get_string('required'), 'required', null, 'client');
+        $mform->setType('newpassword2', PARAM_RAW);
+
+
+        // hidden optional params
+        $mform->addElement('hidden', 'id', 0);
+        $mform->setType('id', PARAM_INT);
+
+        // buttons
+        $mform->addelement('submit', 'submitbutton', get_string('changepassword'));
+
+        $renderer->addStopFieldsetElements('submitbutton');
+    }
+
+/// perform extra password change validation
+    function validation($data){
+        global $USER;
+        $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID);
+        $errors = array();
+
+        if (has_capability('moodle/user:update', $sitecontext)) {
+            if (!$user = get_record('user', 'username', $data['username'])) {
+                $errors['username'] = get_string('invalidlogin');
+                return $errors;
+            }
+        } else {
+            update_login_count();
+
+            // ignore submitted username
+            if (!$user = authenticate_user_login($USER->username, $data['password'])) {
+                $errors['password'] = get_string('invalidlogin');
+                return $errors;
+            }
+
+            reset_login_count();
+        }
+
+        // can not change guest user password
+        if ($user->username == 'guest') {
+            $errors['username'] = get_string('invalidlogin');
+            return $errors;
+        }
+
+        // can not change password of primary admin
+        $mainadmin = get_admin();
+        if ($user->id == $mainadmin->id and $USER->id != $mainadmin->id) {
+            $errors['username'] = get_string('adminprimarynoedit');
+            return $errors;
+        }
+
+        if ($data['newpassword1'] <> $data['newpassword2']) {
+            $errors['newpassword1'] = get_string('passwordsdiffer');
+            $errors['newpassword2'] = get_string('passwordsdiffer');
+            return $errors;
+        } else if (!has_capability('moodle/user:update', $sitecontext) and ($data['password'] == $data['newpassword1'])){
+            $errors['newpassword1'] = get_string('mustchangepassword');
+            $errors['newpassword2'] = get_string('mustchangepassword');
+            return $errors;
+        }
+
+        return true;
+    }
+}
+?>
index 825c4eb3972e9ed68d8a02cdd9eaabb0524f55f2..73aaf35ff4234495c09feb664143a2d4202aa82a 100644 (file)
         if ($internalpassword ) {
             echo "<td nowrap=\"nowrap\"><form action=\"$internalpassword\" method=\"get\">";
             echo "<input type=\"hidden\" name=\"id\" value=\"$course->id\" />";
-            echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" />";
+            if (!empty($USER->realuser)) {
+                // changing of password when "Logged in as" is not allowed
+                echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
+            } else {
+                echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" />";
+            }
             echo "</form></td>";
         } else if ( strlen($CFG->changepassword) > 1 ) {
             echo "<td nowrap=\"nowrap\"><form action=\"$CFG->changepassword\" method=\"get\">";