migrated signup.php over to using new formslib
[moodle.git] / login / change_password.php
CommitLineData
d35757eb 1<?PHP // $Id$
f9903ed0 2
80d8a1b8 3 require_once('../config.php');
f9903ed0 4
df193157 5 $id = optional_param('id', SITEID, PARAM_INT);
269eed64 6
dbe9e346 7 //HTTPS is potentially required in this page
8 httpsrequired();
9
80d8a1b8 10 if (!$course = get_record('course', 'id', $id)) {
11 error('No such course!');
269eed64 12 }
f9903ed0 13
fc23641e 14 // did we get here because of a force password change
15 $forcepassword = !empty($USER->preference['auth_forcepasswordchange']);
16
17 if (!$forcepassword) { // Don't redirect if they just got sent here
253e6474 18 require_login($id);
19 }
f9903ed0 20
00d94a20 21 if ($frm = data_submitted()) {
e83c419d 22 validate_form($frm, $err);
f9903ed0 23
e83c419d 24 update_login_count();
0bb2c9f7 25
e83c419d 26 if (!count((array)$err)) {
df193157 27 $user = get_complete_user_data('username', $frm->username);
0bb2c9f7 28
29 if (isguest($user->id)) {
80d8a1b8 30 error('Can\'t change guest password!');
0bb2c9f7 31 }
e83c419d 32
7cf66d65 33 if (is_internal_auth($user->auth)){
df193157 34 if (!update_internal_user_password($user, $frm->newpassword1)) {
80d8a1b8 35 error('Could not set the new password');
d35757eb 36 }
37 } else { // external users
38 // the relevant auth libs should be loaded already
39 // as validate_form() calls authenticate_user_login()
40 // check that we allow changes through moodle
7cf66d65 41 if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
42 if (function_exists('auth_user_update_password')){
43 // note that we pass cleartext password
44 if (auth_user_update_password($user->username, $frm->newpassword1)){
df193157 45 update_internal_user_password($user, $frm->newpassword1, false);
7cf66d65 46 } else {
47 error('Could not set the new password');
48 }
49 } else {
50 error('The authentication module is misconfigured (missing auth_user_update_password)');
51 }
d35757eb 52 } else {
80d8a1b8 53 error('You cannot change your password this way.');
d35757eb 54 }
f9903ed0 55 }
d35757eb 56
80d8a1b8 57 /// Are we admin logged in as someone else? If yes then we need to retain our real identity.
00684b54 58 if (!empty($USER->realuser)) {
59 $realuser = $USER->realuser;
60 }
80d8a1b8 61
00684b54 62 $USER = clone($user); // Get a fresh copy
f9903ed0 63
00684b54 64 if (!empty($realuser)) {
65 $USER->realuser = $realuser;
66 }
80d8a1b8 67
7123e12e 68 // register success changing password
9bf9910e 69 unset_user_preference('auth_forcepasswordchange', $user->id);
7123e12e 70
e83c419d 71 set_moodle_cookie($USER->username);
f9903ed0 72
e83c419d 73 reset_login_count();
f9903ed0 74
80d8a1b8 75 $strpasswordchanged = get_string('passwordchanged');
76
77 add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&amp;course=$course->id", "$user->id");
78
79 $fullname = fullname($USER, true);
269eed64 80
80d8a1b8 81 if ($course->id != SITEID) {
82 $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
269eed64 83 } else {
80d8a1b8 84 $navstr = '';
269eed64 85 }
80d8a1b8 86 $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strpasswordchanged";
87
88 print_header($strpasswordchanged, $strpasswordchanged, $navstr);
89
90 notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$id");
269eed64 91
e83c419d 92 print_footer();
93 exit;
94 }
95 }
f9903ed0 96
54598fb0 97 // We NEED to set this, because the form assumes it has a value!
98 $frm->id = empty($course->id) ? 0 : $course->id;
269eed64 99
42101fae 100 if (empty($frm->username) && !isguest()) {
80d8a1b8 101 $frm->username = $USER->username;
14217044 102 }
f9903ed0 103
80d8a1b8 104 $strchangepassword = get_string('changepassword');
105
106 $fullname = fullname($USER, true);
107
108 if ($course->id != SITEID) {
109 $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
269eed64 110 } else {
80d8a1b8 111 $navstr = '';
269eed64 112 }
80d8a1b8 113 $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string('participants')."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strchangepassword";
114
31aab450 115 print_header($strchangepassword, $strchangepassword, $navstr);
269eed64 116
80d8a1b8 117 print_simple_box_start('center');
118 include('change_password_form.html');
f9903ed0 119 print_simple_box_end();
e83c419d 120 print_footer();
f9903ed0 121
122
123
124
125/******************************************************************************
126 * FUNCTIONS
127 *****************************************************************************/
128function validate_form($frm, &$err) {
129
f3180d6e 130 global $USER;
131
132 $validpw = authenticate_user_login($frm->username, $frm->password);
133
d35757eb 134 if (empty($frm->username)){
80d8a1b8 135 $err->username = get_string('missingusername');
d35757eb 136 } else {
51792df0 137 if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and empty($frm->password)){
80d8a1b8 138 $err->password = get_string('missingpassword');
d35757eb 139 } else {
51792df0 140 if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) {
00d94a20 141 //require non adminusers to give valid password
f3180d6e 142 if(!$validpw) {
00d94a20 143 $err->password = get_string('wrongpassword');
144 }
145 }
146 else {
147 // don't allow anyone to change the primary admin's password
148 $mainadmin = get_admin();
f3180d6e 149 if($frm->username == $mainadmin->username && $mainadmin->id != $USER->id) { // the primary admin can change their own password!
150 $err->username = get_string('adminprimarynoedit');
00d94a20 151 }
d35757eb 152 }
153 }
154 }
f9903ed0 155
d35757eb 156 if (empty($frm->newpassword1)){
80d8a1b8 157 $err->newpassword1 = get_string('missingnewpassword');
d35757eb 158 }
f9903ed0 159
d35757eb 160 if (empty($frm->newpassword2)){
80d8a1b8 161 $err->newpassword2 = get_string('missingnewpassword');
d35757eb 162 } else {
163 if ($frm->newpassword1 <> $frm->newpassword2) {
80d8a1b8 164 $err->newpassword2 = get_string('passwordsdiffer');
d35757eb 165 } else {
51792df0 166 if(!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and ($frm->password === $frm->newpassword1)){
80d8a1b8 167 $err->newpassword1 = get_string('mustchangepassword');
d35757eb 168 }
169 }
170 }
171
f9903ed0 172 return;
173}
174
175?>