1
<?PHP // $Id: change_password.php,v 1.17.8.1 2004/12/16 21:32:14 mjollnir_ Exp $
3
require_once("../config.php");
5
optional_variable($id);
8
if (!$course = get_record("course", "id", $id)) {
9
error("No such course!");
1
<?PHP // $Id: change_password.php,v 1.30.2.1 2005/07/15 00:16:30 stronk7 Exp $
3
require_once('../config.php');
5
$id = optional_param('id', SITEID);
7
//HTTPS is potentially required in this page
10
if (!$course = get_record('course', 'id', $id)) {
11
error('No such course!');
14
if (empty($USER->preference['auth_forcepasswordchange'])) { // Don't redirect if they just got sent here
13
18
if ($frm = data_submitted()) {
15
20
validate_form($frm, $err);
22
27
$username = $frm->username;
23
28
$password = md5($frm->newpassword1);
25
$user = get_user_info_from_db("username", $username);
30
$user = get_complete_user_data('username', $username);
27
32
if (isguest($user->id)) {
28
error("Can't change guest password!");
31
if (set_field("user", "password", $password, "username", $username)) {
32
$user->password = $password;
34
error("Could not set the new password");
33
error('Can\'t change guest password!');
36
if (is_internal_auth($user->auth)){
37
if (set_field('user', 'password', $password, 'username', $username)) {
38
$user->password = $password;
40
error('Could not set the new password');
42
} else { // external users
43
// the relevant auth libs should be loaded already
44
// as validate_form() calls authenticate_user_login()
45
// check that we allow changes through moodle
46
if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
47
if (function_exists('auth_user_update_password')){
48
// note that we pass cleartext password
49
if (auth_user_update_password($user->username, $frm->newpassword1)){
50
$user->password = $password;
52
error('Could not set the new password');
55
error('The authentication module is misconfigured (missing auth_user_update_password)');
58
error('You cannot change your password this way.');
62
/// Are we admin logged in as someone else? If yes then we need to retain our real identity.
63
if (!empty($USER->realuser)) $realuser = $USER->realuser;
38
$USER->loggedin = true;
39
$USER->site = $CFG->wwwroot; // for added security
67
if (!empty($realuser)) $USER->realuser = $realuser;
69
// register success changing password
70
unset_user_preference('auth_forcepasswordchange');
41
72
set_moodle_cookie($USER->username);
43
74
reset_login_count();
45
$strpasswordchanged = get_string("passwordchanged");
47
if (!empty($course->id)) {
48
add_to_log($course->id, "user", "change password", "view.php?id=$user->id&course=$course->id", "$user->id");
49
$fullname = fullname($USER, true);
50
print_header($strpasswordchanged, $strpasswordchanged,
51
"<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> ->
52
<A HREF=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</A> ->
53
<A HREF=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</A> -> $strpasswordchanged", $focus);
54
notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id");
76
$strpasswordchanged = get_string('passwordchanged');
78
add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&course=$course->id", "$user->id");
80
$fullname = fullname($USER, true);
82
if ($course->id != SITEID) {
83
$navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
57
add_to_log($site->id, "user", "change password", "view.php?id=$user->id&course=$site->id", "$course->id");
58
print_header($strpasswordchanged, $strpasswordchanged, $strpasswordchanged, "");
59
notice($strpasswordchanged, "$CFG->wwwroot/");
87
$navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</a> -> $strpasswordchanged";
89
print_header($strpasswordchanged, $strpasswordchanged, $navstr);
91
notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id");
68
99
$frm->id = empty($course->id) ? 0 : $course->id;
70
101
if (empty($frm->username)) {
71
$frm->username = get_moodle_cookie();
102
$frm->username = $USER->username;
74
105
if (!empty($frm->username)) {
75
$focus = "form.password";
77
$focus = "form.username";
80
$strchangepassword = get_string("changepassword");
81
if (!empty($course->id)) {
82
$fullname = fullname($USER, true);
83
print_header($strchangepassword, $strchangepassword,
84
"<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> ->
85
<A HREF=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</A> ->
86
<A HREF=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</A> -> $strchangepassword", $focus);
88
print_header($strchangepassword, $strchangepassword, $strchangepassword, $focus);
91
print_simple_box_start("center", "", $THEME->cellheading);
92
include("change_password_form.html");
106
$focus = 'form.password';
108
$focus = 'form.username';
111
$strchangepassword = get_string('changepassword');
113
$fullname = fullname($USER, true);
115
if ($course->id != SITEID) {
116
$navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
120
$navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string('participants')."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</a> -> $strchangepassword";
122
print_header($strchangepassword, $strchangepassword, $navstr, $focus);
124
print_simple_box_start('center');
125
include('change_password_form.html');
93
126
print_simple_box_end();
101
134
*****************************************************************************/
102
135
function validate_form($frm, &$err) {
104
if (empty($frm->username))
105
$err->username = get_string("missingusername");
107
else if (empty($frm->password))
108
$err->password = get_string("missingpassword");
110
else if (!authenticate_user_login($frm->username, $frm->password))
111
$err->password = get_string("wrongpassword");
113
if (empty($frm->newpassword1))
114
$err->newpassword1 = get_string("missingnewpassword");
116
if (empty($frm->newpassword2))
117
$err->newpassword2 = get_string("missingnewpassword");
119
else if ($frm->newpassword1 <> $frm->newpassword2)
120
$err->newpassword2 = get_string("passwordsdiffer");
137
if (empty($frm->username)){
138
$err->username = get_string('missingusername');
140
if (!isadmin() and empty($frm->password)){
141
$err->password = get_string('missingpassword');
143
//require non adminusers to give valid password
144
if (!isadmin() && !authenticate_user_login($frm->username, $frm->password)){
145
$err->password = get_string('wrongpassword');
150
if (empty($frm->newpassword1)){
151
$err->newpassword1 = get_string('missingnewpassword');
154
if (empty($frm->newpassword2)){
155
$err->newpassword2 = get_string('missingnewpassword');
157
if ($frm->newpassword1 <> $frm->newpassword2) {
158
$err->newpassword2 = get_string('passwordsdiffer');
160
if(!isadmin() and ($frm->password === $frm->newpassword1)){
161
$err->newpassword1 = get_string('mustchangepassword');