From 1437f0a5e365ca914a44683ce3f7248f9dc25900 Mon Sep 17 00:00:00 2001 From: skodak Date: Sat, 2 Dec 2006 14:38:31 +0000 Subject: [PATCH] conversion of login/change_password.php to new formslib and other changes: * new formslib * works only when logged in - added redirection to login page for guests or not logged in yet * fixed redirects when logging in and on forced password change * "Logged in as" users are not allowed to use this form * general cleanup --- lib/moodlelib.php | 7 +- login/change_password.php | 195 ++++++++++++-------------------- login/change_password_form.html | 70 ------------ login/change_password_form.php | 103 +++++++++++++++++ user/view.php | 7 +- 5 files changed, 185 insertions(+), 197 deletions(-) delete mode 100644 login/change_password_form.html create mode 100644 login/change_password_form.php diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 4d255b70b3..0a42eeb9f0 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -1538,7 +1538,12 @@ function require_login($courseid=0, $autologinguest=true, $cm=null) { if (!empty($USER->preference['auth_forcepasswordchange'])){ if (is_internal_auth() || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){ $SESSION->wantsurl = $FULLME; - redirect($CFG->wwwroot .'/login/change_password.php'); + if (empty($CFG->loginhttps)) { + redirect($CFG->wwwroot .'/login/change_password.php'); + } else { + $wwwroot = str_replace('http:','https:', $CFG->wwwroot); + redirect($wwwroot .'/login/change_password.php'); + } } elseif($CFG->changepassword) { redirect($CFG->changepassword); } else { diff --git a/login/change_password.php b/login/change_password.php index c2f58e6693..8045551adc 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -1,9 +1,12 @@ preference['auth_forcepasswordchange']); + // require proper login; guest can not change passwords anymore! + // TODO: add change password capability so that we can prevent participants to change password + if (empty($USER->id) or $USER->username=='guest' or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) { + if (empty($SESSION->wantsurl)) { + $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php'; + } + redirect($CFG->httpswwwroot.'/login/index.php'); + } - if (!$forcepassword) { // Don't redirect if they just got sent here - require_login($id); + // do not allow "Logged in as" users to change any passwords + if (!empty($USER->realuser)) { + error('Can not use this script when "Logged in as"!'); } - if ($frm = data_submitted()) { - validate_form($frm, $err); + $mform = new change_password_form('change_password.php'); + $mform->set_defaults(array('id'=>$course->id, 'username'=>$USER->username)); - update_login_count(); + if ($data = $mform->data_submitted()) { - if (!count((array)$err)) { - $user = get_complete_user_data('username', $frm->username); + if (!has_capability('moodle/user:update', $sitecontext)) { + //ignore submitted username - the same is done in form validation + $data->username = $USER->username; + } + + if ($data->username == $USER->username) { + $user =& $USER; + } else { + $user = get_complete_user_data('username', $data->username); + } - if (isguest($user->id)) { - error('Can\'t change guest password!'); + if (is_internal_auth($user->auth)){ + if (!update_internal_user_password($user, $data->newpassword1)) { + error('Could not set the new password'); } - - if (is_internal_auth($user->auth)){ - if (!update_internal_user_password($user, $frm->newpassword1)) { - error('Could not set the new password'); - } - } else { // external users - // the relevant auth libs should be loaded already - // as validate_form() calls authenticate_user_login() - // check that we allow changes through moodle - if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) { - if (function_exists('auth_user_update_password')){ - // note that we pass cleartext password - if (auth_user_update_password($user->username, $frm->newpassword1)){ - update_internal_user_password($user, $frm->newpassword1, false); - } else { - error('Could not set the new password'); - } + } else { // external users + // the relevant auth libs should be loaded already + // as part of form validation in function authenticate_user_login() + // check that we allow changes through moodle + if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) { + if (function_exists('auth_user_update_password')){ + // note that we pass cleartext password + if (auth_user_update_password($user->username, $data->newpassword1)){ + update_internal_user_password($user, $data->newpassword1, false); } else { - error('The authentication module is misconfigured (missing auth_user_update_password)'); - } + error('Could not set the new password'); + } } else { - error('You cannot change your password this way.'); + error('The authentication module is misconfigured (missing auth_user_update_password)'); } + } else { + error('You cannot change your password this way.'); } - - /// Are we admin logged in as someone else? If yes then we need to retain our real identity. - if (!empty($USER->realuser)) { - $realuser = $USER->realuser; - } - - $USER = clone($user); // Get a fresh copy - - if (!empty($realuser)) { - $USER->realuser = $realuser; - } - - // register success changing password - unset_user_preference('auth_forcepasswordchange', $user->id); - - set_moodle_cookie($USER->username); - - reset_login_count(); + } - $strpasswordchanged = get_string('passwordchanged'); + // register success changing password + unset_user_preference('auth_forcepasswordchange', $user->id); - add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&course=$course->id", "$user->id"); + $strpasswordchanged = get_string('passwordchanged'); - $fullname = fullname($USER, true); + add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&course=$course->id", "$user->id"); - if ($course->id != SITEID) { - $navstr = "wwwroot/course/view.php?id=$course->id\">$course->shortname -> "; - } else { - $navstr = ''; - } - $navstr .= "wwwroot/user/index.php?id=$course->id\">".get_string("participants")." -> wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname -> $strpasswordchanged"; + $fullname = fullname($USER, true); - print_header($strpasswordchanged, $strpasswordchanged, $navstr); + if ($course->id != SITEID) { + $navstr = "wwwroot/course/view.php?id=$course->id\">$course->shortname -> "; + } else { + $navstr = ''; + } + $navstr .= "wwwroot/user/index.php?id=$course->id\">".get_string("participants")." -> wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname -> $strpasswordchanged"; - notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id"); + print_header($strpasswordchanged, $strpasswordchanged, $navstr); - print_footer(); - exit; + if (empty($SESSION->wantsurl)) { + $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id"; + } else { + $returnto = $SESSION->wantsurl; } - } - // We NEED to set this, because the form assumes it has a value! - $frm->id = empty($course->id) ? 0 : $course->id; + notice($strpasswordchanged, $returnto); - if (empty($frm->username) && !isguest()) { - $frm->username = $USER->username; + print_footer(); + exit; } + $strchangepassword = get_string('changepassword'); $fullname = fullname($USER, true); @@ -112,65 +110,12 @@ } $navstr .= "wwwroot/user/index.php?id=$course->id\">".get_string('participants')." -> wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname -> $strchangepassword"; - print_header($strchangepassword, $strchangepassword, $navstr); - - echo '
'; - print_simple_box_start('center'); - include('change_password_form.html'); - print_simple_box_end(); - print_footer(); - - - - -/****************************************************************************** - * FUNCTIONS - *****************************************************************************/ -function validate_form($frm, &$err) { - - global $USER; - - $validpw = authenticate_user_login($frm->username, $frm->password); - - if (empty($frm->username)){ - $err->username = get_string('missingusername'); - } else { - if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and empty($frm->password)){ - $err->password = get_string('missingpassword'); - } else { - if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) { - //require non adminusers to give valid password - if(!$validpw) { - $err->password = get_string('wrongpassword'); - } - } - else { - // don't allow anyone to change the primary admin's password - $mainadmin = get_admin(); - if($frm->username == $mainadmin->username && $mainadmin->id != $USER->id) { // the primary admin can change their own password! - $err->username = get_string('adminprimarynoedit'); - } - } - } - } - - if (empty($frm->newpassword1)){ - $err->newpassword1 = get_string('missingnewpassword'); - } - if (empty($frm->newpassword2)){ - $err->newpassword2 = get_string('missingnewpassword'); - } else { - if ($frm->newpassword1 <> $frm->newpassword2) { - $err->newpassword2 = get_string('passwordsdiffer'); - } else { - if(!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and ($frm->password === $frm->newpassword1)){ - $err->newpassword1 = get_string('mustchangepassword'); - } - } + print_header($strchangepassword, $strchangepassword, $navstr); + if (!empty($USER->preference['auth_forcepasswordchange'])) { + notify(get_string('forcepasswordchangenotice')); } - - return; -} + $mform->display(); + print_footer(); ?> diff --git a/login/change_password_form.html b/login/change_password_form.html deleted file mode 100644 index 182c286ccd..0000000000 --- a/login/change_password_form.html +++ /dev/null @@ -1,70 +0,0 @@ - - -

-username)) { - $frm->username = ""; - } - if (empty($frm->password)) { - $frm->password = ""; - } - if (empty($frm->newpassword1)) { - $frm->newpassword1 = ""; - } - if (empty($frm->newpassword2)) { - $frm->newpassword2 = ""; - } -?> -
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
- username)) { ?> - - - username)?> - - username)) { formerr($err->username); } ?> -
- password)) { formerr($err->password); } ?> -
- newpassword1)) { formerr($err->newpassword1); } ?> -
- newpassword2)) { formerr($err->newpassword2); } ?> -
- " /> - - - -
-
diff --git a/login/change_password_form.php b/login/change_password_form.php new file mode 100644 index 0000000000..93c185ac30 --- /dev/null +++ b/login/change_password_form.php @@ -0,0 +1,103 @@ +libdir.'/formslib.php'; + +class change_password_form extends moodleform { + + function definition() { + global $USER; + + $mform =& $this->_form; + $renderer =& $mform->defaultRenderer(); + + $mform->addElement('header', '', get_string('changepassword'), ''); + $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); + + // visible elements + if (has_capability('moodle/user:update', $sitecontext)) { + $mform->addElement('text', 'username', get_string('username')); + $mform->addRule('username', get_string('required'), 'required', null, 'client'); + $mform->setType('username', PARAM_RAW); + } else { + $mform->addElement('hidden', 'username'); + $mform->setType('username', PARAM_RAW); + } + + if (has_capability('moodle/user:update', $sitecontext)) { + $mform->addElement('hidden', 'password'); + $mform->setType('username', PARAM_RAW); + } else { + $mform->addElement('password', 'password', get_string('oldpassword')); + $mform->addRule('password', get_string('required'), 'required', null, 'client'); + $mform->setType('password', PARAM_RAW); + } + + $mform->addElement('password', 'newpassword1', get_string('newpassword')); + $mform->addRule('newpassword1', get_string('required'), 'required', null, 'client'); + $mform->setType('newpassword1', PARAM_RAW); + + $mform->addElement('password', 'newpassword2', get_string('newpassword').' ('.get_String('again').')'); + $mform->addRule('newpassword2', get_string('required'), 'required', null, 'client'); + $mform->setType('newpassword2', PARAM_RAW); + + + // hidden optional params + $mform->addElement('hidden', 'id', 0); + $mform->setType('id', PARAM_INT); + + // buttons + $mform->addelement('submit', 'submitbutton', get_string('changepassword')); + + $renderer->addStopFieldsetElements('submitbutton'); + } + +/// perform extra password change validation + function validation($data){ + global $USER; + $sitecontext = get_context_instance(CONTEXT_SYSTEM, SITEID); + $errors = array(); + + if (has_capability('moodle/user:update', $sitecontext)) { + if (!$user = get_record('user', 'username', $data['username'])) { + $errors['username'] = get_string('invalidlogin'); + return $errors; + } + } else { + update_login_count(); + + // ignore submitted username + if (!$user = authenticate_user_login($USER->username, $data['password'])) { + $errors['password'] = get_string('invalidlogin'); + return $errors; + } + + reset_login_count(); + } + + // can not change guest user password + if ($user->username == 'guest') { + $errors['username'] = get_string('invalidlogin'); + return $errors; + } + + // can not change password of primary admin + $mainadmin = get_admin(); + if ($user->id == $mainadmin->id and $USER->id != $mainadmin->id) { + $errors['username'] = get_string('adminprimarynoedit'); + return $errors; + } + + if ($data['newpassword1'] <> $data['newpassword2']) { + $errors['newpassword1'] = get_string('passwordsdiffer'); + $errors['newpassword2'] = get_string('passwordsdiffer'); + return $errors; + } else if (!has_capability('moodle/user:update', $sitecontext) and ($data['password'] == $data['newpassword1'])){ + $errors['newpassword1'] = get_string('mustchangepassword'); + $errors['newpassword2'] = get_string('mustchangepassword'); + return $errors; + } + + return true; + } +} +?> diff --git a/user/view.php b/user/view.php index 825c4eb397..73aaf35ff4 100644 --- a/user/view.php +++ b/user/view.php @@ -342,7 +342,12 @@ if ($internalpassword ) { echo "
"; echo "id\" />"; - echo ""; + if (!empty($USER->realuser)) { + // changing of password when "Logged in as" is not allowed + echo ""; + } else { + echo ""; + } echo "
"; } else if ( strlen($CFG->changepassword) > 1 ) { echo "
changepassword\" method=\"get\">"; -- 2.39.5