From 210560e3d7e03eb905e32f2cff1df42e2cf6524d Mon Sep 17 00:00:00 2001 From: skodak Date: Wed, 21 Feb 2007 21:53:28 +0000 Subject: [PATCH] MDL-8590 auth cleanup - part 8 --- login/change_password.php | 33 +++++++++----------- login/forgot_password.php | 65 +++++++++++++++------------------------ login/index.php | 12 +++++--- user/view.php | 43 ++++++++++++-------------- 4 files changed, 65 insertions(+), 88 deletions(-) diff --git a/login/change_password.php b/login/change_password.php index 08896e4b0d..e7f78e6a58 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -22,9 +22,9 @@ error($message); } - // require proper login; guest can not change passwords anymore! + // require proper login; guest can not change password // TODO: add change password capability so that we can prevent participants to change password - if (empty($USER->id) or $USER->username=='guest' or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) { + if (empty($USER->id) or isguestuser() or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) { if (empty($SESSION->wantsurl)) { $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php'; } @@ -36,6 +36,18 @@ error('Can not use this script when "Logged in as"!'); } + // load the appropriate auth plugin + $userauth = get_auth_plugin($USER->auth); + + if (!$userauth->can_change_password()) { + error(get_string('nopasswordchange', 'auth')); + } + + if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) { + // this internal scrip not used + redirect($userauth->change_password_url()); + } + $mform = new login_change_password_form(); $mform->set_data(array('id'=>$course->id, 'username'=>$USER->username)); @@ -54,23 +66,6 @@ $user = get_complete_user_data('username', $data->username); } - // load the appropriate auth plugin - $userauth = get_auth_plugin($user->auth); - if ($userauth->can_change_password()){ - if ($userauth->user_update_password($user, $data->newpassword1)) { - } else { - error('Could not set the new password'); - } - } else { // external users - $message = 'You cannot change your password this way.'; - if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) { - $message .= '

' . get_string('passwordextlink') - . '

' . '' - . $userauth->change_password_url() . ''; error('You cannot change your password this way.'); - } - error($message); - } - // register success changing password unset_user_preference('auth_forcepasswordchange', $user->id); diff --git a/login/forgot_password.php b/login/forgot_password.php index 520b413781..d0d5309fc9 100644 --- a/login/forgot_password.php +++ b/login/forgot_password.php @@ -29,7 +29,6 @@ $strinvalidurl = get_string('forgotteninvalidurl'); $strlogin = get_string('login'); $strloginalready = get_string('loginalready'); $strok = get_string('ok'); -$strpasswordextlink = get_string('passwordextlink'); $strpasswordnohelp = get_string('passwordnohelp'); $strsecretalreadyused = get_string('secretalreadyused'); $strsenddetails = get_string('senddetails'); @@ -99,14 +98,16 @@ if ($action == 'find' and $param = $mform->get_data()) { // if user located (and no errors) take the appropriate action if (empty($errors) and !empty($user)) { + + $userauth = get_auth_plugin($user->auth); + // check this user isn't 'unconfirmed' if (empty($user->confirmed)) { $errors[] = $strconfirmednot; + } else { - // what to do depends on the authentication method - $userauth = get_auth_plugin($user->auth); - if ($userauth->is_internal() or $userauth->can_change_password()) { - // handle internal authentication + if (method_exists($userauth, 'can_reset_password') and $userauth->can_reset_password()) { + // reset internal password and notify user // set 'secret' string $user->secret = random_string(15); @@ -122,37 +123,28 @@ if ($action == 'find' and $param = $mform->get_data()) { // display confirm message $page = 'emailconfirm'; + } else { - // handle some 'external' authentication - // if help text defined then we are going to display another page - $strextmessage = ''; - $continue = false; - if (!empty($userauth->config->changepasswordhelp)) { - $txt->extmessage = $userauth->config->changepasswordhelp .'

'; - } - // if url defined then add that to the message (with a standard message) - if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) { - $strextmessage .= $strpasswordextlink . '

'; - $strextmessage .= '' . $userauth->change_password_url() . ''; - } - // if nothing to display, just do message that we can't help - if (empty($strextmessage)) { - $strextmessage = $strpasswordextlink; - $continue = true; + // send email (make sure mail block is off) + $user->mailstop = 0; + if (!send_password_change_info($user)) { + error('error sending password change confirmation email'); } - $page = 'external'; + + // display confirm message + $page = 'emailconfirm'; } } } - if ($page != 'external' and !empty($CFG->protectusernames)) { + if (!empty($CFG->protectusernames)) { // do not give any hints about usernames or email! $errors = array(); $page = 'emailmaybeconfirmed'; } - // nothing supplied - show error in any case if (empty($param->username) and empty($param->email)) { + // nothing supplied - show error in any case $errors[] = 'no email or username'; $page = ''; } @@ -169,13 +161,14 @@ if ($action == 'find' and $param = $mform->get_data()) { if (!empty($user) and $user->secret === '') { $errors[] = $strsecretalreadyused; + } else if (!empty($user) and $user->secret == stripslashes($p_secret)) { // make sure that url relates to a valid user // check this isn't guest user // TODO: add change password capability so that we can prevent participants to change password - if ($user->username == 'guest' or has_capability('moodle/legacy:guest', $sitecontext, $user->id, false)) { - error('You cannot change the guest password'); + if (isguestuser($user) or has_capability('moodle/legacy:guest', $sitecontext, $user->id, false)) { + error('You cannot reset the guest password'); } // override email stop and mail new password @@ -227,15 +220,6 @@ if ($page == 'emailconfirm') { $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail); notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php'); -} else if ($page == 'external') { - // display change password help text - print_simple_box($strextmessage, 'center', '50%', '', '20', 'noticebox'); - - // only print continue button if it makes sense - if ($continue) { - print_continue($CFG->wwwroot.'/index.php'); - } - } else if ($page == 'emailsent') { // mail sent with new password notice($stremailpasswordsent, $changepasswordurl); @@ -245,11 +229,9 @@ if ($page == 'emailconfirm') { notice($strforgottenduplicate, $CFG->wwwroot.'/index.php'); } else { - echo '
'; - print_simple_box_start('center', '50%', '', '20'); - // display any errors if (!empty($errors)) { + print_box_start('generalbox boxwidthnormal boxaligncenter'); $s = $strerror; $s .= ''; notify($s, 'notifyproblem'); + print_box_end(); } - } -if(!$mform->get_data()) { +if(!$mform->get_data() or !empty($errors)) { + print_box_start('generalbox boxwidthnormal boxaligncenter'); echo $strforgotteninstruct; + print_box_end(); $mform->display(); } -print_simple_box_end(); print_footer(); diff --git a/login/index.php b/login/index.php index 52bb75a03e..68953a2da5 100644 --- a/login/index.php +++ b/login/index.php @@ -162,9 +162,13 @@ if (!isset($CFG->auth_instructions)) { //Select password change url $userauth = get_auth_plugin($USER->auth); if ($userauth->can_change_password()) { - $passwordchangeurl=$CFG->wwwroot.'/login/change_password.php'; + if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) { + $passwordchangeurl = $userauth->change_password_url(); + } else { + $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; + } } else { - $passwordchangeurl = $userauth->change_password_url(); + $passwordchangeurl = ''; } // check whether the user should be changing password @@ -172,9 +176,7 @@ if (!isset($CFG->auth_instructions)) { if ($passwordchangeurl != '') { redirect($passwordchangeurl); } else { - error("You cannot proceed without changing your password. - However there is no available page for changing it. - Please contact your Moodle Administrator."); + error(get_strin('nopasswordchangeforced', 'auth')); } } diff --git a/user/view.php b/user/view.php index 42976165c3..3994ad07eb 100644 --- a/user/view.php +++ b/user/view.php @@ -343,39 +343,36 @@ echo ""; - $internalpassword = false; $userauth = get_auth_plugin($user->auth); - if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) { - if (empty($CFG->loginhttps)) { - $internalpassword = "$CFG->wwwroot/login/change_password.php"; + + $passwordchangeurl = false; + if ($userauth->can_change_password()) { + if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) { + $passwordchangeurl = $userauth->change_password_url(); } else { - $internalpassword = str_replace('http:','https:',$CFG->wwwroot.'/login/change_password.php'); + if (empty($CFG->loginhttps)) { + $passwordchangeurl = "$CFG->wwwroot/login/change_password.php"; + } else { + $passwordchangeurl = str_replace('http:', 'https:', $CFG->wwwroot.'/login/change_password.php'); + } } } // Print other functions echo '
'; - if ($currentuser and !isguest()) { - if ($internalpassword ) { - echo "
"; - echo "
"; - echo "id\" />"; - if (!empty($USER->realuser)) { - // changing of password when "Logged in as" is not allowed - echo ""; - } else { - echo ""; - } - echo "
"; - echo "
"; - } elseif ( method_exists($userauth, 'change_password_url') and strlen($userauth->change_password_url())) { - echo "
change_password_url()."\" method=\"get\">"; - echo "
"; + if ($currentuser and $passwordchangeurl and !isguest()) { //TODO: add proper capability for password changing + echo ""; + echo "
"; + echo "id\" />"; + if (!empty($USER->realuser)) { + // changing of password when "Logged in as" is not allowed + echo ""; + } else { echo ""; - echo "
"; - echo ""; } + echo "
"; + echo ""; } if ($course->id != SITEID && empty($course->metacourse)) { // Mostly only useful at course level -- 2.39.5