error($message);
}
- // require proper login; guest can not change passwords anymore!
+ // require proper login; guest can not change password
// TODO: add change password capability so that we can prevent participants to change password
- if (empty($USER->id) or $USER->username=='guest' or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) {
+ if (empty($USER->id) or isguestuser() or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
}
error('Can not use this script when "Logged in as"!');
}
+ // load the appropriate auth plugin
+ $userauth = get_auth_plugin($USER->auth);
+
+ if (!$userauth->can_change_password()) {
+ error(get_string('nopasswordchange', 'auth'));
+ }
+
+ if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+ // this internal scrip not used
+ redirect($userauth->change_password_url());
+ }
+
$mform = new login_change_password_form();
$mform->set_data(array('id'=>$course->id, 'username'=>$USER->username));
$user = get_complete_user_data('username', $data->username);
}
- // load the appropriate auth plugin
- $userauth = get_auth_plugin($user->auth);
- if ($userauth->can_change_password()){
- if ($userauth->user_update_password($user, $data->newpassword1)) {
- } else {
- error('Could not set the new password');
- }
- } else { // external users
- $message = 'You cannot change your password this way.';
- if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
- $message .= '<br /><br />' . get_string('passwordextlink')
- . '<br /><br />' . '<a href="' . $userauth->change_password_url() . '">'
- . $userauth->change_password_url() . '</a>'; error('You cannot change your password this way.');
- }
- error($message);
- }
-
// register success changing password
unset_user_preference('auth_forcepasswordchange', $user->id);
$strlogin = get_string('login');
$strloginalready = get_string('loginalready');
$strok = get_string('ok');
-$strpasswordextlink = get_string('passwordextlink');
$strpasswordnohelp = get_string('passwordnohelp');
$strsecretalreadyused = get_string('secretalreadyused');
$strsenddetails = get_string('senddetails');
// if user located (and no errors) take the appropriate action
if (empty($errors) and !empty($user)) {
+
+ $userauth = get_auth_plugin($user->auth);
+
// check this user isn't 'unconfirmed'
if (empty($user->confirmed)) {
$errors[] = $strconfirmednot;
+
} else {
- // what to do depends on the authentication method
- $userauth = get_auth_plugin($user->auth);
- if ($userauth->is_internal() or $userauth->can_change_password()) {
- // handle internal authentication
+ if (method_exists($userauth, 'can_reset_password') and $userauth->can_reset_password()) {
+ // reset internal password and notify user
// set 'secret' string
$user->secret = random_string(15);
// display confirm message
$page = 'emailconfirm';
+
} else {
- // handle some 'external' authentication
- // if help text defined then we are going to display another page
- $strextmessage = '';
- $continue = false;
- if (!empty($userauth->config->changepasswordhelp)) {
- $txt->extmessage = $userauth->config->changepasswordhelp .'<br /><br />';
- }
- // if url defined then add that to the message (with a standard message)
- if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
- $strextmessage .= $strpasswordextlink . '<br /><br />';
- $strextmessage .= '<a href="' . $userauth->change_password_url() . '">' . $userauth->change_password_url() . '</a>';
- }
- // if nothing to display, just do message that we can't help
- if (empty($strextmessage)) {
- $strextmessage = $strpasswordextlink;
- $continue = true;
+ // send email (make sure mail block is off)
+ $user->mailstop = 0;
+ if (!send_password_change_info($user)) {
+ error('error sending password change confirmation email');
}
- $page = 'external';
+
+ // display confirm message
+ $page = 'emailconfirm';
}
}
}
- if ($page != 'external' and !empty($CFG->protectusernames)) {
+ if (!empty($CFG->protectusernames)) {
// do not give any hints about usernames or email!
$errors = array();
$page = 'emailmaybeconfirmed';
}
- // nothing supplied - show error in any case
if (empty($param->username) and empty($param->email)) {
+ // nothing supplied - show error in any case
$errors[] = 'no email or username';
$page = '';
}
if (!empty($user) and $user->secret === '') {
$errors[] = $strsecretalreadyused;
+
} else if (!empty($user) and $user->secret == stripslashes($p_secret)) {
// make sure that url relates to a valid user
// check this isn't guest user
// TODO: add change password capability so that we can prevent participants to change password
- if ($user->username == 'guest' or has_capability('moodle/legacy:guest', $sitecontext, $user->id, false)) {
- error('You cannot change the guest password');
+ if (isguestuser($user) or has_capability('moodle/legacy:guest', $sitecontext, $user->id, false)) {
+ error('You cannot reset the guest password');
}
// override email stop and mail new password
$stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
-} else if ($page == 'external') {
- // display change password help text
- print_simple_box($strextmessage, 'center', '50%', '', '20', 'noticebox');
-
- // only print continue button if it makes sense
- if ($continue) {
- print_continue($CFG->wwwroot.'/index.php');
- }
-
} else if ($page == 'emailsent') {
// mail sent with new password
notice($stremailpasswordsent, $changepasswordurl);
notice($strforgottenduplicate, $CFG->wwwroot.'/index.php');
} else {
- echo '<br />';
- print_simple_box_start('center', '50%', '', '20');
-
// display any errors
if (!empty($errors)) {
+ print_box_start('generalbox boxwidthnormal boxaligncenter');
$s = $strerror;
$s .= '<ul class="errors">';
foreach ($errors as $error) {
}
$s .= '</ul>';
notify($s, 'notifyproblem');
+ print_box_end();
}
-
}
-if(!$mform->get_data()) {
+if(!$mform->get_data() or !empty($errors)) {
+ print_box_start('generalbox boxwidthnormal boxaligncenter');
echo $strforgotteninstruct;
+ print_box_end();
$mform->display();
}
-print_simple_box_end();
print_footer();
//Select password change url
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password()) {
- $passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
+ if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+ $passwordchangeurl = $userauth->change_password_url();
+ } else {
+ $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
+ }
} else {
- $passwordchangeurl = $userauth->change_password_url();
+ $passwordchangeurl = '';
}
// check whether the user should be changing password
if ($passwordchangeurl != '') {
redirect($passwordchangeurl);
} else {
- error("You cannot proceed without changing your password.
- However there is no available page for changing it.
- Please contact your Moodle Administrator.");
+ error(get_strin('nopasswordchangeforced', 'auth'));
}
}
echo "</td></tr></table>";
- $internalpassword = false;
$userauth = get_auth_plugin($user->auth);
- if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) {
- if (empty($CFG->loginhttps)) {
- $internalpassword = "$CFG->wwwroot/login/change_password.php";
+
+ $passwordchangeurl = false;
+ if ($userauth->can_change_password()) {
+ if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+ $passwordchangeurl = $userauth->change_password_url();
} else {
- $internalpassword = str_replace('http:','https:',$CFG->wwwroot.'/login/change_password.php');
+ if (empty($CFG->loginhttps)) {
+ $passwordchangeurl = "$CFG->wwwroot/login/change_password.php";
+ } else {
+ $passwordchangeurl = str_replace('http:', 'https:', $CFG->wwwroot.'/login/change_password.php');
+ }
}
}
// Print other functions
echo '<div class="buttons">';
- if ($currentuser and !isguest()) {
- if ($internalpassword ) {
- echo "<form action=\"$internalpassword\" method=\"get\">";
- echo "<fieldset class='invisiblefieldset'>";
- echo "<input type=\"hidden\" name=\"id\" value=\"$course->id\" />";
- if (!empty($USER->realuser)) {
- // changing of password when "Logged in as" is not allowed
- echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
- } else {
- echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" />";
- }
- echo "</fieldset>";
- echo "</form>";
- } elseif ( method_exists($userauth, 'change_password_url') and strlen($userauth->change_password_url())) {
- echo "<form action=\"".$userauth->change_password_url()."\" method=\"get\">";
- echo "<fieldset class='invisiblefieldset'>";
+ if ($currentuser and $passwordchangeurl and !isguest()) { //TODO: add proper capability for password changing
+ echo "<form action=\"$passwordchangeurl\" method=\"get\">";
+ echo "<fieldset class='invisiblefieldset'>";
+ echo "<input type=\"hidden\" name=\"id\" value=\"$course->id\" />";
+ if (!empty($USER->realuser)) {
+ // changing of password when "Logged in as" is not allowed
+ echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
+ } else {
echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" />";
- echo "</fieldset>";
- echo "</form>";
}
+ echo "</fieldset>";
+ echo "</form>";
}
if ($course->id != SITEID && empty($course->metacourse)) { // Mostly only useful at course level
projects / moodle.git / commitdiff