migrated signup.php over to using new formslib
[moodle.git] / login / change_password.php
1 <?PHP // $Id$
3     require_once('../config.php');
5     $id = optional_param('id', SITEID, PARAM_INT);
7     //HTTPS is potentially required in this page
8     httpsrequired();
10     if (!$course = get_record('course', 'id', $id)) {
11         error('No such course!');
12     }
14     // did we get here because of a force password change
15     $forcepassword = !empty($USER->preference['auth_forcepasswordchange']);
17     if (!$forcepassword) {  // Don't redirect if they just got sent here
18         require_login($id);
19     }
21     if ($frm = data_submitted()) {
22         validate_form($frm, $err);
24         update_login_count();
26         if (!count((array)$err)) {
27             $user = get_complete_user_data('username', $frm->username);
29             if (isguest($user->id)) {
30                 error('Can\'t change guest password!');
31             }
32             
33             if (is_internal_auth($user->auth)){
34                 if (!update_internal_user_password($user, $frm->newpassword1)) {
35                     error('Could not set the new password');
36                 }
37             } else { // external users
38                 // the relevant auth libs should be loaded already 
39                 // as validate_form() calls authenticate_user_login()
40                 // check that we allow changes through moodle
41                 if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
42                     if (function_exists('auth_user_update_password')){
43                         // note that we pass cleartext password 
44                         if (auth_user_update_password($user->username, $frm->newpassword1)){
45                             update_internal_user_password($user, $frm->newpassword1, false);
46                         } else {
47                             error('Could not set the new password');
48                         }
49                     } else {
50                         error('The authentication module is misconfigured (missing auth_user_update_password)'); 
51                     } 
52                 } else {
53                     error('You cannot change your password this way.');
54                 }
55             }
56             
57             /// Are we admin logged in as someone else? If yes then we need to retain our real identity.
58             if (!empty($USER->realuser)) {
59                 $realuser = $USER->realuser;
60             }
61             
62             $USER = clone($user); // Get a fresh copy
64             if (!empty($realuser)) {
65                 $USER->realuser = $realuser;
66             }
68             // register success changing password
69             unset_user_preference('auth_forcepasswordchange', $user->id);
71             set_moodle_cookie($USER->username);
73             reset_login_count();
75             $strpasswordchanged = get_string('passwordchanged');
77             add_to_log($course->id, 'user', 'change password', "view.php?id=$user->id&amp;course=$course->id", "$user->id");
79             $fullname = fullname($USER, true);
81             if ($course->id != SITEID) {
82                 $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
83             } else {
84                 $navstr = '';
85             }
86             $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strpasswordchanged";
88             print_header($strpasswordchanged, $strpasswordchanged, $navstr);
90             notice($strpasswordchanged, "$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$id");
92             print_footer();
93             exit;
94         }
95     }
97     // We NEED to set this, because the form assumes it has a value!
98     $frm->id = empty($course->id) ? 0 : $course->id;
100     if (empty($frm->username) && !isguest()) {
101         $frm->username = $USER->username;
102     }
104     $strchangepassword = get_string('changepassword');
106     $fullname = fullname($USER, true);
108     if ($course->id != SITEID) {
109         $navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
110     } else {
111         $navstr = '';
112     }
113     $navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string('participants')."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$course->id\">$fullname</a> -> $strchangepassword";
115     print_header($strchangepassword, $strchangepassword, $navstr);
117     print_simple_box_start('center');
118     include('change_password_form.html');
119     print_simple_box_end();
120     print_footer();
125 /******************************************************************************
126  * FUNCTIONS
127  *****************************************************************************/
128 function validate_form($frm, &$err) {
130     global $USER;
132     $validpw = authenticate_user_login($frm->username, $frm->password);
134     if (empty($frm->username)){
135         $err->username = get_string('missingusername');
136     } else {
137         if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and empty($frm->password)){
138             $err->password = get_string('missingpassword');
139         } else {  
140             if (!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID))) {
141                 //require non adminusers to give valid password
142                 if(!$validpw) {
143                     $err->password = get_string('wrongpassword');
144                 }
145             }
146             else {
147                 // don't allow anyone to change the primary admin's password
148                 $mainadmin = get_admin();
149                 if($frm->username == $mainadmin->username && $mainadmin->id != $USER->id) { // the primary admin can change their own password!
150                     $err->username = get_string('adminprimarynoedit');
151                 }
152             }
153         }
154     }
156     if (empty($frm->newpassword1)){
157         $err->newpassword1 = get_string('missingnewpassword');
158     }
160     if (empty($frm->newpassword2)){
161         $err->newpassword2 = get_string('missingnewpassword');
162     } else {
163         if ($frm->newpassword1 <> $frm->newpassword2) {
164             $err->newpassword2 = get_string('passwordsdiffer');
165         } else {
166             if(!has_capability('moodle/user:update',get_context_instance(CONTEXT_SYSTEM, SITEID)) and ($frm->password === $frm->newpassword1)){
167                 $err->newpassword1 = get_string('mustchangepassword');
168             }
169         }
170     }
171     
172     return;
175 ?>