MDL-22388 Added some checks to kill these scripts dead with an unequivocal notice...
[moodle.git] / login / change_password_form.php
1 <?php
3 if (!defined('MOODLE_INTERNAL')) {
4     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
5 }
7 require_once $CFG->libdir.'/formslib.php';
9 class login_change_password_form extends moodleform {
11     function definition() {
12         global $USER, $CFG;
14         $mform =& $this->_form;
16         $mform->addElement('header', '', get_string('changepassword'), '');
18         // visible elements
19         $mform->addElement('static', 'username', get_string('username'), $USER->username);
21         if (!empty($CFG->passwordpolicy)){
22             $mform->addElement('static', 'passwordpolicyinfo', '', print_password_policy());
23         }
24         $mform->addElement('password', 'password', get_string('oldpassword'));
25         $mform->addRule('password', get_string('required'), 'required', null, 'client');
26         $mform->setType('password', PARAM_RAW);
28         $mform->addElement('password', 'newpassword1', get_string('newpassword'));
29         $mform->addRule('newpassword1', get_string('required'), 'required', null, 'client');
30         $mform->setType('newpassword1', PARAM_RAW);
32         $mform->addElement('password', 'newpassword2', get_string('newpassword').' ('.get_String('again').')');
33         $mform->addRule('newpassword2', get_string('required'), 'required', null, 'client');
34         $mform->setType('newpassword2', PARAM_RAW);
37         // hidden optional params
38         $mform->addElement('hidden', 'id', 0);
39         $mform->setType('id', PARAM_INT);
41         // buttons
42         if (get_user_preferences('auth_forcepasswordchange')) {
43             $this->add_action_buttons(false);
44         } else {
45             $this->add_action_buttons(true);
46         }
47     }
49 /// perform extra password change validation
50     function validation($data, $files) {
51         global $USER;
52         $errors = parent::validation($data, $files);
54         update_login_count();
56         // ignore submitted username
57         if (!$user = authenticate_user_login($USER->username, $data['password'])) {
58             $errors['password'] = get_string('invalidlogin');
59             return $errors;
60         }
62         reset_login_count();
64         if ($data['newpassword1'] <> $data['newpassword2']) {
65             $errors['newpassword1'] = get_string('passwordsdiffer');
66             $errors['newpassword2'] = get_string('passwordsdiffer');
67             return $errors;
68         }
70         if ($data['password'] == $data['newpassword1']){
71             $errors['newpassword1'] = get_string('mustchangepassword');
72             $errors['newpassword2'] = get_string('mustchangepassword');
73             return $errors;
74         }
76         $errmsg = '';//prevents eclipse warnings
77         if (!check_password_policy($data['newpassword1'], $errmsg)) {
78             $errors['newpassword1'] = $errmsg;
79             $errors['newpassword2'] = $errmsg;
80             return $errors;
81         }
83         return $errors;
84     }
85 }