← Back to branch summary

~ubuntu-branches/ubuntu/breezy/moodle/breezy

« back to all changes in this revision

Viewing changes to login/change_password.php

  • Committer: Bazaar Package Importer
  • Author(s): Andrew Mitchell
  • Date: 2005-10-13 02:00:59 UTC
  • mfrom: (1.1.2 upstream)
  • Revision ID: james.westby@ubuntu.com-20051013020059-y2qcyo41t7nqppcg
Tags: 1.5.2-1ubuntu1
* Resync with debian (security update)
* changed dependencys to php5
* changed apache dependency to apache2 
* References
  CAN-2005-2247

Show diffs side-by-side

added added

removed removed

Lines of Context:
login/change_password.php
1
 
<?PHP // $Id: change_password.php,v 1.17.8.1 2004/12/16 21:32:14 mjollnir_ Exp $
2
 
 
3
 
    require_once("../config.php");
4
 
 
5
 
    optional_variable($id);
6
 
 
7
 
    if ($id) {
8
 
        if (!$course = get_record("course", "id", $id)) {
9
 
            error("No such course!");
10
 
        }
11
 
    }
12
 
 
 
1
<?PHP // $Id: change_password.php,v 1.30.2.1 2005/07/15 00:16:30 stronk7 Exp $
 
2
 
 
3
    require_once('../config.php');
 
4
 
 
5
    $id = optional_param('id', SITEID);
 
6
 
 
7
    //HTTPS is potentially required in this page
 
8
    httpsrequired();
 
9
 
 
10
    if (!$course = get_record('course', 'id', $id)) {
 
11
        error('No such course!');
 
12
    }
 
13
 
 
14
    if (empty($USER->preference['auth_forcepasswordchange'])) {  // Don't redirect if they just got sent here
 
15
        require_login($id);
 
16
    }
 
17
    
13
18
    if ($frm = data_submitted()) {
14
19
 
15
20
        validate_form($frm, $err);
22
27
            $username = $frm->username;
23
28
            $password = md5($frm->newpassword1);
24
29
 
25
 
            $user = get_user_info_from_db("username", $username);
 
30
            $user = get_complete_user_data('username', $username);
26
31
 
27
32
            if (isguest($user->id)) {
28
 
                error("Can't change guest password!");
29
 
            }
30
 
            
31
 
            if (set_field("user", "password", $password, "username", $username)) {
32
 
                $user->password = $password;
33
 
            } else {
34
 
                error("Could not set the new password");
35
 
            }
36
 
 
 
33
                error('Can\'t change guest password!');
 
34
            }
 
35
            
 
36
            if (is_internal_auth($user->auth)){
 
37
                if (set_field('user', 'password', $password, 'username', $username)) {
 
38
                    $user->password = $password;
 
39
                } else {
 
40
                    error('Could not set the new password');
 
41
                }
 
42
            } else { // external users
 
43
                // the relevant auth libs should be loaded already 
 
44
                // as validate_form() calls authenticate_user_login()
 
45
                // check that we allow changes through moodle
 
46
                if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
 
47
                    if (function_exists('auth_user_update_password')){
 
48
                        // note that we pass cleartext password 
 
49
                        if (auth_user_update_password($user->username, $frm->newpassword1)){
 
50
                            $user->password = $password;
 
51
                        } else {
 
52
                            error('Could not set the new password');
 
53
                        }
 
54
                    } else {
 
55
                        error('The authentication module is misconfigured (missing auth_user_update_password)'); 
 
56
                    } 
 
57
                } else {
 
58
                    error('You cannot change your password this way.');
 
59
                }
 
60
            }
 
61
            
 
62
            /// Are we admin logged in as someone else? If yes then we need to retain our real identity.
 
63
            if (!empty($USER->realuser)) $realuser = $USER->realuser;
 
64
            
37
65
            $USER = $user;
38
 
            $USER->loggedin = true;
39
 
            $USER->site = $CFG->wwwroot;   // for added security
 
66
 
 
67
            if (!empty($realuser)) $USER->realuser = $realuser;
 
68
 
 
69
            // register success changing password
 
70
            unset_user_preference('auth_forcepasswordchange');
40
71
 
41
72
            set_moodle_cookie($USER->username);
42
73
 
43
74
            reset_login_count();
44
75
 
45
 
            $strpasswordchanged = get_string("passwordchanged");
46
 
 
47
 
            if (!empty($course->id)) {
48
 
                add_to_log($course->id, "user", "change password", "view.php?id=$user->id&course=$course->id", "$user->id");
49
 
                $fullname = fullname($USER, true);
50
 
                print_header($strpasswordchanged, $strpasswordchanged,
51
 
                             "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> ->
52
 
                              <A HREF=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</A> ->
53
 
                              <A HREF=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</A> -> $strpasswordchanged", $focus);
54
 
                notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id");
 
76
            $strpasswordchanged = get_string('passwordchanged');
 
77
 
 
78
            add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&amp;course=$course->id", "$user->id");
 
79
 
 
80
            $fullname = fullname($USER, true);
 
81
 
 
82
            if ($course->id != SITEID) {
 
83
                $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
55
84
            } else {
56
 
                $site = get_site();
57
 
                add_to_log($site->id, "user", "change password", "view.php?id=$user->id&course=$site->id", "$course->id");
58
 
                print_header($strpasswordchanged, $strpasswordchanged, $strpasswordchanged, "");
59
 
                notice($strpasswordchanged, "$CFG->wwwroot/");
 
85
                $navstr = '';
60
86
            }
 
87
            $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strpasswordchanged";
 
88
 
 
89
            print_header($strpasswordchanged, $strpasswordchanged, $navstr);
 
90
 
 
91
            notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$id");
61
92
 
62
93
            print_footer();
63
94
            exit;
68
99
    $frm->id = empty($course->id) ? 0 : $course->id;
69
100
 
70
101
    if (empty($frm->username)) {
71
 
        $frm->username = get_moodle_cookie();
 
102
        $frm->username = $USER->username;
72
103
    }
73
104
 
74
105
    if (!empty($frm->username)) {
75
 
        $focus = "form.password";
76
 
    } else {
77
 
        $focus = "form.username";
78
 
    }
79
 
 
80
 
    $strchangepassword = get_string("changepassword");
81
 
    if (!empty($course->id)) {
82
 
        $fullname = fullname($USER, true);
83
 
        print_header($strchangepassword, $strchangepassword,
84
 
                     "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> ->
85
 
                      <A HREF=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</A> ->
86
 
                      <A HREF=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</A> -> $strchangepassword", $focus);
87
 
    } else {
88
 
        print_header($strchangepassword, $strchangepassword, $strchangepassword, $focus);
89
 
    }
90
 
 
91
 
    print_simple_box_start("center", "", $THEME->cellheading);
92
 
    include("change_password_form.html");
 
106
        $focus = 'form.password';
 
107
    } else {
 
108
        $focus = 'form.username';
 
109
    }
 
110
 
 
111
    $strchangepassword = get_string('changepassword');
 
112
 
 
113
    $fullname = fullname($USER, true);
 
114
 
 
115
    if ($course->id != SITEID) {
 
116
        $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
 
117
    } else {
 
118
        $navstr = '';
 
119
    }
 
120
    $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string('participants')."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strchangepassword";
 
121
 
 
122
    print_header($strchangepassword, $strchangepassword, $navstr, $focus);
 
123
 
 
124
    print_simple_box_start('center');
 
125
    include('change_password_form.html');
93
126
    print_simple_box_end();
94
127
    print_footer();
95
128
 
101
134
 *****************************************************************************/
102
135
function validate_form($frm, &$err) {
103
136
 
104
 
    if (empty($frm->username))
105
 
        $err->username = get_string("missingusername");
106
 
 
107
 
    else if (empty($frm->password))
108
 
        $err->password = get_string("missingpassword");
109
 
 
110
 
    else if (!authenticate_user_login($frm->username, $frm->password))
111
 
        $err->password = get_string("wrongpassword");
112
 
 
113
 
    if (empty($frm->newpassword1))
114
 
        $err->newpassword1 = get_string("missingnewpassword");
115
 
 
116
 
    if (empty($frm->newpassword2))
117
 
        $err->newpassword2 = get_string("missingnewpassword");
118
 
 
119
 
    else if ($frm->newpassword1 <> $frm->newpassword2)
120
 
        $err->newpassword2 = get_string("passwordsdiffer");
121
 
 
 
137
    if (empty($frm->username)){
 
138
        $err->username = get_string('missingusername');
 
139
    } else {
 
140
        if (!isadmin() and empty($frm->password)){
 
141
            $err->password = get_string('missingpassword');
 
142
        } else {  
 
143
            //require non adminusers to give valid password
 
144
            if (!isadmin() && !authenticate_user_login($frm->username, $frm->password)){
 
145
                $err->password = get_string('wrongpassword');
 
146
            }
 
147
        }
 
148
    }
 
149
 
 
150
    if (empty($frm->newpassword1)){
 
151
        $err->newpassword1 = get_string('missingnewpassword');
 
152
    }
 
153
 
 
154
    if (empty($frm->newpassword2)){
 
155
        $err->newpassword2 = get_string('missingnewpassword');
 
156
    } else {
 
157
        if ($frm->newpassword1 <> $frm->newpassword2) {
 
158
            $err->newpassword2 = get_string('passwordsdiffer');
 
159
        } else {
 
160
            if(!isadmin() and ($frm->password === $frm->newpassword1)){
 
161
                $err->newpassword1 = get_string('mustchangepassword');
 
162
            }
 
163
        }
 
164
    }
 
165
    
122
166
    return;
123
167
}
124
168