Permalink
Browse files

Better fix to change_password.php - primary admin can change their OW…

…N password, the form displays the error for other admins trying to change the primary password (before it failed silently) and external auth admin change password works too!
  • Loading branch information...
mjollnir_
mjollnir_ committed Dec 4, 2005
1 parent 179736f commit 3abf63d47b4b2bc1827163460ef9cc4ee7546c86
Showing with 8 additions and 3 deletions.
  1. +1 −0 lang/en/moodle.php
  2. +7 −3 login/change_password.php
View
@@ -33,6 +33,7 @@
$string['addstudent'] = 'Add student';
$string['addteacher'] = 'Add teacher';
$string['admin'] = 'Admin';
+$string['adminprimarynoedit'] = 'You may not change the primary admin\'s password';
$string['adminhelpaddnewuser'] = 'To manually create a new user account';
$string['adminhelpassignadmins'] = 'Admins can do anything and go anywhere in the site';
$string['adminhelpassigncreators'] = 'Creators can create new courses and teach in them';
View
@@ -137,6 +137,10 @@
*****************************************************************************/
function validate_form($frm, &$err) {
+ global $USER;
+
+ $validpw = authenticate_user_login($frm->username, $frm->password);
+
if (empty($frm->username)){
$err->username = get_string('missingusername');
} else {
@@ -145,15 +149,15 @@ function validate_form($frm, &$err) {
} else {
if (!isadmin()) {
//require non adminusers to give valid password
- if(!authenticate_user_login($frm->username, $frm->password)) {
+ if(!$validpw) {
$err->password = get_string('wrongpassword');
}
}
else {
// don't allow anyone to change the primary admin's password
$mainadmin = get_admin();
- if($frm->username == $mainadmin->username) {
- $err->password = get_string('adminprimarynoedit');
+ if($frm->username == $mainadmin->username && $mainadmin->id != $USER->id) { // the primary admin can change their own password!
+ $err->username = get_string('adminprimarynoedit');
}
}
}

0 comments on commit 3abf63d

Please sign in to comment.