login/set_password_form.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Set password form definition.
  19  *
  20  * @package    core
  21  * @subpackage auth
  22  * @copyright  2006 Petr Skoda {@link http://skodak.org}
  23  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  24  */
  25
  26 defined('MOODLE_INTERNAL') || die();
  27
  28 require_once($CFG->libdir.'/formslib.php');
  29 require_once($CFG->dirroot.'/user/lib.php');
  30 require_once('lib.php');
  31
  32 /**
  33  * Set forgotten password form definition.
  34  *
  35  * @package    core
  36  * @subpackage auth
  37  * @copyright  2006 Petr Skoda {@link http://skodak.org}
  38  * @copyright  2013 Peter Bulmer
  39  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  40  */
  41 class login_set_password_form extends moodleform {
  42
  43     /**
  44      * Define the set password form.
  45      */
  46     public function definition() {
  47         global $CFG;
  48
  49         $mform = $this->_form;
  50         $mform->setDisableShortforms(true);
  51         $mform->addElement('header', 'setpassword', get_string('setpassword'), '');
  52
  53         // Include the username in the form so browsers will recognise that a password is being set.
  54         $mform->addElement('text', 'username', '', 'style="display: none;"');
  55         $mform->setType('username', PARAM_RAW);
  56         // Token gives authority to change password.
  57         $mform->addElement('hidden', 'token', '');
  58         $mform->setType('token', PARAM_ALPHANUM);
  59
  60         // Visible elements.
  61         $mform->addElement('static', 'username2', get_string('username'));
  62
  63         $policies = array();
  64         if (!empty($CFG->passwordpolicy)) {
  65             $policies[] = print_password_policy();
  66         }
  67         if (!empty($CFG->passwordreuselimit) and $CFG->passwordreuselimit > 0) {
  68             $policies[] = get_string('informminpasswordreuselimit', 'auth', $CFG->passwordreuselimit);
  69         }
  70         if ($policies) {
  71             $mform->addElement('static', 'passwordpolicyinfo', '', implode('<br />', $policies));
  72         }
  73         $mform->addElement('password', 'password', get_string('newpassword'),
  74             ['maxlength' => MAX_PASSWORD_CHARACTERS]);
  75         $mform->addRule('password', get_string('required'), 'required', null, 'client');
  76         $mform->addRule('password', get_string('maximumchars', '', MAX_PASSWORD_CHARACTERS),
  77             'maxlength', MAX_PASSWORD_CHARACTERS, 'client');
  78         $mform->setType('password', PARAM_RAW);
  79
  80         $strpasswordagain = get_string('newpassword') . ' (' . get_string('again') . ')';
  81         $mform->addElement('password', 'password2', $strpasswordagain,
  82             ['maxlength' => MAX_PASSWORD_CHARACTERS]);
  83         $mform->addRule('password2', get_string('required'), 'required', null, 'client');
  84         $mform->setType('password2', PARAM_RAW);
  85
  86         // Hook for plugins to extend form definition.
  87         $user = $this->_customdata;
  88         core_login_extend_set_password_form($mform, $user);
  89
  90         $this->add_action_buttons(true);
  91     }
  92
  93     /**
  94      * Perform extra password change validation.
  95      * @param array $data submitted form fields.
  96      * @param array $files submitted with the form.
  97      * @return array errors occuring during validation.
  98      */
  99     public function validation($data, $files) {
 100         $user = $this->_customdata;
 101
 102         $errors = parent::validation($data, $files);
 103
 104         // Extend validation for any form extensions from plugins.
 105         $errors = array_merge($errors, core_login_validate_extend_set_password_form($data, $user));
 106
 107         // Ignore submitted username.
 108         if ($data['password'] !== $data['password2']) {
 109             $errors['password'] = get_string('passwordsdiffer');
 110             $errors['password2'] = get_string('passwordsdiffer');
 111             return $errors;
 112         }
 113
 114         $errmsg = ''; // Prevents eclipse warnings.
 115         if (!check_password_policy($data['password'], $errmsg, $user)) {
 116             $errors['password'] = $errmsg;
 117             $errors['password2'] = $errmsg;
 118             return $errors;
 119         }
 120
 121         if (user_is_previously_used_password($user->id, $data['password'])) {
 122             $errors['password'] = get_string('errorpasswordreused', 'core_auth');
 123             $errors['password2'] = get_string('errorpasswordreused', 'core_auth');
 124         }
 125
 126         return $errors;
 127     }
 128 }