Permalink
Browse files

MDL-29092 login/change password: backporting to 1.9 for MDL-26381 and…

… set form action to user https when loginhttps is enable
  • Loading branch information...
1 parent f28a448 commit 01dd64a8c8aa95f793accea371b2392e662663c5 @rwijaya rwijaya committed Oct 31, 2011
Showing with 16 additions and 2 deletions.
  1. +16 −2 login/change_password.php
@@ -4,6 +4,7 @@
require_once('change_password_form.php');
$id = optional_param('id', SITEID, PARAM_INT); // current course
+ $return = optional_param('return', 0, PARAM_BOOL); // redirect after password change
$strparticipants = get_string('participants');
@@ -12,14 +13,27 @@
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
+ if ($return) {
+ // this redirect prevents security warning because https can not POST to http pages
+ if (empty($SESSION->wantsurl)
+ or stripos(str_replace('https://', 'http://', $SESSION->wantsurl), str_replace('https://', 'http://', $CFG->wwwroot.'/login/change_password.php') === 0)) {
+ $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id";
+ } else {
+ $returnto = $SESSION->wantsurl;
+ }
+ unset($SESSION->wantsurl);
+
+ redirect($returnto);
+ }
+
if (!$course = get_record('course', 'id', $id)) {
error('No such course!');
}
// require proper login; guest user can not change password
if (empty($USER->id) or isguestuser()) {
if (empty($SESSION->wantsurl)) {
- $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
+ $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php?id=' . $id;
}
redirect($CFG->httpswwwroot.'/login/index.php');
}
@@ -54,7 +68,7 @@
redirect($changeurl);
}
- $mform = new login_change_password_form();
+ $mform = new login_change_password_form($CFG->httpswwwroot . '/login/change_password.php');
$mform->set_data(array('id'=>$course->id));
$navlinks = array();

0 comments on commit 01dd64a

Please sign in to comment.