Automatically generated installer lang files
[moodle.git] / login / change_password.php
CommitLineData
8570cff0 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
c30949a9 19 * Change password page.
8570cff0 20 *
c30949a9
PS
21 * @package core
22 * @subpackage auth
23 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
8570cff0 25 */
26
c30949a9 27require('../config.php');
8570cff0 28require_once('change_password_form.php');
29
7ea77a57
PS
30$id = optional_param('id', SITEID, PARAM_INT); // current course
31$return = optional_param('return', 0, PARAM_BOOL); // redirect after password change
8570cff0 32
17c70aa0
PS
33//HTTPS is required in this page when $CFG->loginhttps enabled
34$PAGE->https_required();
35
7ea77a57 36$PAGE->set_url('/login/change_password.php', array('id'=>$id));
17c70aa0 37
c30949a9 38$PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));
8570cff0 39
7ea77a57
PS
40if ($return) {
41 // this redirect prevents security warning because https can not POST to http pages
42 if (empty($SESSION->wantsurl)
43 or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php') === 0)) {
44 $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id";
45 } else {
46 $returnto = $SESSION->wantsurl;
47 }
48 unset($SESSION->wantsurl);
49
50 redirect($returnto);
51}
52
8570cff0 53$strparticipants = get_string('participants');
54
8570cff0 55$systemcontext = get_context_instance(CONTEXT_SYSTEM);
56
57if (!$course = $DB->get_record('course', array('id'=>$id))) {
58 print_error('invalidcourseid');
59}
60
61// require proper login; guest user can not change password
4f0c2d00 62if (!isloggedin() or isguestuser()) {
8570cff0 63 if (empty($SESSION->wantsurl)) {
64 $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
1437f0a5 65 }
8570cff0 66 redirect(get_login_url());
67}
68
69// do not require change own password cap if change forced
70if (!get_user_preferences('auth_forcepasswordchange', false)) {
8570cff0 71 require_capability('moodle/user:changeownpassword', $systemcontext);
72}
73
74// do not allow "Logged in as" users to change any passwords
75if (session_is_loggedinas()) {
76 print_error('cannotcallscript');
77}
78
79if (is_mnet_remote_user($USER)) {
80 $message = get_string('usercannotchangepassword', 'mnet');
81 if ($idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) {
82 $message .= get_string('userchangepasswordlink', 'mnet', $idprovider);
1cb3da36 83 }
8570cff0 84 print_error('userchangepasswordlink', 'mnet', '', $message);
85}
1cb3da36 86
8570cff0 87// load the appropriate auth plugin
88$userauth = get_auth_plugin($USER->auth);
f9903ed0 89
8570cff0 90if (!$userauth->can_change_password()) {
91 print_error('nopasswordchange', 'auth');
92}
6bc1e5d5 93
8570cff0 94if ($changeurl = $userauth->change_password_url()) {
95 // this internal scrip not used
96 redirect($changeurl);
97}
210560e3 98
8570cff0 99$mform = new login_change_password_form();
100$mform->set_data(array('id'=>$course->id));
210560e3 101
8570cff0 102$navlinks = array();
103$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
f9903ed0 104
8570cff0 105if ($mform->is_cancelled()) {
106 redirect($CFG->wwwroot.'/user/view.php?id='.$USER->id.'&amp;course='.$course->id);
107} else if ($data = $mform->get_data()) {
0be6f678 108
8570cff0 109 if (!$userauth->user_update_password($USER, $data->newpassword1)) {
110 print_error('errorpasswordupdate', 'auth');
111 }
0bb2c9f7 112
8570cff0 113 // register success changing password
8bdb31ed
PS
114 unset_user_preference('auth_forcepasswordchange', $USER);
115 unset_user_preference('create_password', $USER);
80d8a1b8 116
8570cff0 117 $strpasswordchanged = get_string('passwordchanged');
80d8a1b8 118
8570cff0 119 add_to_log($course->id, 'user', 'change password', "view.php?id=$USER->id&amp;course=$course->id", "$USER->id");
269eed64 120
8570cff0 121 $fullname = fullname($USER, true);
80d8a1b8 122
a6855934 123 $PAGE->navbar->add($fullname, new moodle_url('/user/view.php', array('id'=>$USER->id, 'course'=>$course->id)));
8570cff0 124 $PAGE->navbar->add($strpasswordchanged);
125 $PAGE->set_title($strpasswordchanged);
c93fdc7b 126 $PAGE->set_heading($COURSE->fullname);
8570cff0 127 echo $OUTPUT->header();
269eed64 128
7ea77a57 129 notice($strpasswordchanged, new moodle_url($PAGE->url, array('return'=>1)));
269eed64 130
8570cff0 131 echo $OUTPUT->footer();
132 exit;
133}
f9903ed0 134
17c70aa0
PS
135// make sure we really are on the https page when https login required
136$PAGE->verify_https_required();
1437f0a5 137
8570cff0 138$strchangepassword = get_string('changepassword');
80d8a1b8 139
8570cff0 140$fullname = fullname($USER, true);
80d8a1b8 141
a6855934 142$PAGE->navbar->add($fullname, new moodle_url('/user/view.php', array('id'=>$USER->id, 'course'=>$course->id)));
8570cff0 143$PAGE->navbar->add($strchangepassword);
144$PAGE->set_title($strchangepassword);
c93fdc7b 145$PAGE->set_heading($COURSE->fullname);
8570cff0 146echo $OUTPUT->header();
f9903ed0 147
8570cff0 148if (get_user_preferences('auth_forcepasswordchange')) {
149 echo $OUTPUT->notification(get_string('forcepasswordchangenotice'));
150}
151$mform->display();
152echo $OUTPUT->footer();