mirrored from git://git.moodle.org/moodle.git
/
change_password.php
122 lines (90 loc) · 4.21 KB
/
change_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?PHP // $Id$
require_once('../config.php');
require_once('change_password_form.php');
$id = optional_param('id', SITEID, PARAM_INT); // current course
//HTTPS is potentially required in this page
httpsrequired();
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
if (!$course = get_record('course', 'id', $id)) {
error('No such course!');
}
// require proper login; guest user can not change password
if (empty($USER->id) or isguestuser()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
}
redirect($CFG->httpswwwroot.'/login/index.php');
}
// do not require change own password cap if change forced
if (!get_user_preferences('auth_forcepasswordchange', false)) {
require_capability('moodle/user:changeownpassword', $systemcontext);
}
// do not allow "Logged in as" users to change any passwords
if (!empty($USER->realuser)) {
error('Can not use this script when "Logged in as"!');
}
if (is_mnet_remote_user($USER)) {
$message = get_string('usercannotchangepassword', 'mnet');
if ($idprovider = get_record('mnet_host', 'id', $USER->mnethostid)) {
$message .= get_string('userchangepasswordlink', 'mnet', $idprovider);
}
error($message);
}
// load the appropriate auth plugin
$userauth = get_auth_plugin($USER->auth);
if (!$userauth->can_change_password()) {
error(get_string('nopasswordchange', 'auth'));
}
if ($changeurl = $userauth->change_password_url()) {
// this internal scrip not used
redirect($changeurl);
}
$mform = new login_change_password_form();
$mform->set_data(array('id'=>$course->id));
if ($mform->is_cancelled()) {
redirect($CFG->wwwroot.'/user/view.php?id='.$USER->id.'&course='.$course->id);
} else if ($data = $mform->get_data()) {
if (!$userauth->user_update_password(addslashes_recursive($USER), $data->newpassword1)) {
error(get_string('errorpasswordupdate', 'auth'));
}
// register success changing password
unset_user_preference('auth_forcepasswordchange', $USER->id);
$strpasswordchanged = get_string('passwordchanged');
// MDL-9983
$eventdata = new object();
$eventdata -> user = $USER;
$eventdata -> newpassword = $data -> newpassword1;
events_trigger('password_changed', $eventdata);
add_to_log($course->id, 'user', 'change password', "view.php?id=$USER->id&course=$course->id", "$USER->id");
$fullname = fullname($USER, true);
if ($course->id != SITEID) {
$navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
} else {
$navstr = '';
}
$navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string("participants")."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</a> -> $strpasswordchanged";
print_header($strpasswordchanged, $strpasswordchanged, $navstr);
if (empty($SESSION->wantsurl) or $SESSION->wantsurl == $CFG->httpswwwroot.'/login/change_password.php') {
$returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id";
} else {
$returnto = $SESSION->wantsurl;
}
notice($strpasswordchanged, $returnto);
print_footer();
exit;
}
$strchangepassword = get_string('changepassword');
$fullname = fullname($USER, true);
if ($course->id != SITEID) {
$navstr = "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> -> ";
} else {
$navstr = '';
}
$navstr .= "<a href=\"$CFG->wwwroot/user/index.php?id=$course->id\">".get_string('participants')."</a> -> <a href=\"$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id\">$fullname</a> -> $strchangepassword";
print_header($strchangepassword, $strchangepassword, $navstr);
if (get_user_preferences('auth_forcepasswordchange')) {
notify(get_string('forcepasswordchangenotice'));
}
$mform->display();
print_footer();
?>