search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Automatic installer.php lang files by installer_builder (20080315)
[moodle.git] / login / change_password.php
blob49bc2df074a85e8f32998cd8c97adb2504341f44
1 <?PHP // $Id$
2
3 require_once('../config.php');
4
5 $id = optional_param('id', SITEID, PARAM_INT);
6
7 //HTTPS is potentially required in this page
8 httpsrequired();
9
10 if (!$course = get_record('course', 'id', $id)) {
11 error('No such course!');
12 }
13
14 // did we get here because of a force password change
15 $forcepassword = !empty($USER->preference['auth_forcepasswordchange']);
16
17 if (!$forcepassword) { // Don't redirect if they just got sent here
18 require_login($id);
19 }
20
21 if ($frm = data_submitted()) {
22 validate_form($frm, $err);
23
24 update_login_count();
25
26 if (!count((array)$err)) {
27 $user = get_complete_user_data('username', $frm->username);
28
29 if (isguest($user->id)) {
30 error('Can\'t change guest password!');
31 }
32
33 if (is_internal_auth($user->auth)){
34 if (!update_internal_user_password($user, $frm->newpassword1)) {
35 error('Could not set the new password');
36 }
37 } else { // external users
38 // the relevant auth libs should be loaded already
39 // as validate_form() calls authenticate_user_login()
40 // check that we allow changes through moodle
41 if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
42 if (function_exists('auth_user_update_password')){
43 // note that we pass cleartext password
44 if (auth_user_update_password($user->username, $frm->newpassword1)){
45 update_internal_user_password($user, $frm->newpassword1, false);
46 } else {
47 error('Could not set the new password');
48 }
49 } else {
50 error('The authentication module is misconfigured (missing auth_user_update_password)');
51 }
52 } else {
53 error('You cannot change your password this way.');
54 }
55 }
56
57 /// Are we admin logged in as someone else? If yes then we need to retain our real identity.
58 if (!empty($USER->realuser)) {
59 $realuser = $USER->realuser;
60 }
61
62 $USER = clone($user); // Get a fresh copy
63
64 if (!empty($realuser)) {
65 $USER->realuser = $realuser;
66 }
67
68 // register success changing password
69 unset_user_preference('auth_forcepasswordchange', $user->id);
70
71 set_moodle_cookie($USER->username);
72
73 reset_login_count();
74
75 $strpasswordchanged = get_string('passwordchanged');
76
77 add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&amp;course=$course->id", "$user->id");
78
79 $fullname = fullname($USER, true);
80
81 if ($course->id != SITEID) {
82 $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
83 } else {
84 $navstr = '';
85 }
86 $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strpasswordchanged";
87
88 print_header($strpasswordchanged, $strpasswordchanged, $navstr);
89
90 notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$id");
91
92 print_footer();
93 exit;
94 }
95 }
96
97 // We NEED to set this, because the form assumes it has a value!
98 $frm->id = empty($course->id) ? 0 : $course->id;
99
100 if (empty($frm->username) && !isguest()) {
101 $frm->username = $USER->username;
102 }
103
104 $strchangepassword = get_string('changepassword');
105
106 $fullname = fullname($USER, true);
107
108 if ($course->id != SITEID) {
109 $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
110 } else {
111 $navstr = '';
112 }
113 $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string('participants')."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strchangepassword";
114
115 print_header($strchangepassword, $strchangepassword, $navstr);
116
117 print_simple_box_start('center');
118 include('change_password_form.html');
119 print_simple_box_end();
120 print_footer();
121
122
123
124
125 /******************************************************************************
126 * FUNCTIONS
127 *****************************************************************************/
128 function validate_form($frm, &$err) {
129
130 global $USER;
131
132 $validpw = authenticate_user_login($frm->username, $frm->password);
133
134 if (empty($frm->username)){
135 $err->username = get_string('missingusername');
136 } else {
137 if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and empty($frm->password)){
138 $err->password = get_string('missingpassword');
139 } else {
140 if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) {
141 //require non adminusers to give valid password
142 if(!$validpw) {
143 $err->password = get_string('wrongpassword');
144 }
145 }
146 else {
147 // don't allow anyone to change the primary admin's password
148 $mainadmin = get_admin();
149 if($frm->username == $mainadmin->username && $mainadmin->id != $USER->id) { // the primary admin can change their own password!
150 $err->username = get_string('adminprimarynoedit');
151 }
152 }
153 }
154 }
155
156 if (empty($frm->newpassword1)){
157 $err->newpassword1 = get_string('missingnewpassword');
158 }
159
160 if (empty($frm->newpassword2)){
161 $err->newpassword2 = get_string('missingnewpassword');
162 } else {
163 if ($frm->newpassword1 <> $frm->newpassword2) {
164 $err->newpassword2 = get_string('passwordsdiffer');
165 } else {
166 if(!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and ($frm->password === $frm->newpassword1)){
167 $err->newpassword1 = get_string('mustchangepassword');
168 }
169 }
170 }
171
172 return;
173 }
174
175 ?>
Read-only mirror of the Moodle CVS