Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Changes to allow admin to control the "forgot password" function

and a bug fix for set_config
  • Loading branch information...
commit 466558e349a6ba157ef6a9ece3d5cab3ec1d2719 1 parent caa963b
moodler authored
View
29 admin/auth.php
@@ -25,18 +25,8 @@
if (count($err) == 0) {
print_header();
foreach ($config as $name => $value) {
- unset($conf);
- $conf->name = $name;
- $conf->value = $value;
- if ($current = get_record("config", "name", $name)) {
- $conf->id = $current->id;
- if (! update_record("config", $conf)) {
- notify("Could not update $name to $value");
- }
- } else {
- if (! insert_record("config", $conf)) {
- notify("Error: could not add new variable $name !");
- }
+ if (! set_config($name, $value)) {
+ notify("Problem saving config $name as $value");
}
}
redirect("auth.php", get_string("changessaved"), 1);
@@ -103,6 +93,20 @@
require("$CFG->dirroot/auth/$auth/config.html");
+ if ($auth != "email" and $auth != "none") {
+ echo "<tr valign=\"top\">";
+ echo "<td align=right nowrap><p>";
+ print_string("changepassword", "auth");
+ echo ":</p></td>";
+ echo "<td>";
+ echo "<INPUT TYPE=\"text\" NAME=\"changepassword\" SIZE=40 VALUE=\"$config->changepassword\">";
+ echo "</td>";
+ echo "<td>";
+ print_string("changepasswordhelp","auth");
+ echo "</td></tr>";
+
+ }
+
echo "<tr valign=\"top\">";
echo "<td align=right nowrap><p>";
print_string("guestloginbutton", "auth");
@@ -114,6 +118,7 @@
print_string("showguestlogin","auth");
echo "</td></tr></table>";
+
echo "<CENTER><P><INPUT TYPE=\"submit\" VALUE=\"";
print_string("savechanges");
echo "\"></P></CENTER></FORM>";
View
5 auth/imap/config.html
@@ -13,7 +13,10 @@
<TD ALIGN=RIGHT><P>auth_imaptype:</TD>
<TD>
<? $imaptypes = array("imap","imapssl", "imapcert", "imaptls");
- choose_from_menu($imaptypes, "auth_imaptype", $config->auth_imaptype, "");
+ foreach($imaptypes as $imaptype) {
+ $imapoptions[$imaptype] = $imaptype;
+ }
+ choose_from_menu($imapoptions, "auth_imaptype", $config->auth_imaptype, "");
?>
</TD>
<TD>
View
5 auth/pop3/config.html
@@ -13,7 +13,10 @@
<TD ALIGN=RIGHT><P>auth_pop3type:</TD>
<TD>
<? $pop3types = array("pop3","pop3cert");
- choose_from_menu($pop3types, "auth_pop3type", $config->auth_pop3type, "");
+ foreach($pop3types as $pop3type) {
+ $pop3options[$pop3type] = $pop3type;
+ }
+ choose_from_menu($pop3options, "auth_pop3type", $config->auth_pop3type, "");
?>
<? formerr($err["auth_pop3type"]); ?>
</TD>
View
4 doc/release.html
@@ -18,7 +18,7 @@
authentication against user-specified fields in ANY
external database table. In addition, Moodle now sports a cool
new admin GUI for configuring all of this, so it should be pretty
- easy to configure all of this.
+ easy to configure external authentication.
Thanks to contributor Petri Asikainen for his work on the GUI.<BR><BR>
<DT> Languages
@@ -39,7 +39,7 @@
<LI> User pictures are now uploaded even if other fields have errors
<LI> Submitted assignments were sometimes having their owner changed - fixed.
<LI> Admin can always log in regardless of external authentication
- <LI> User log graphs are now translatable
+ <LI> User log graphs are now faster, cleaner and translatable
</UL>
</DL></UL>
View
2  lang/en/auth.php
@@ -48,6 +48,8 @@
$string['auth_pop3type'] = "Server type. If your server uses certificate security, choose pop3cert.";
$string['authenticationoptions'] = "Authentication options";
$string['authinstructions'] = "Here you can provide instructions for your users, so they know which username and password they should be using. The text you enter here will appear on the login page. If you leave this blank then no instructions will be printed.";
+$string['changepassword'] = "Change password URL";
+$string['changepasswordhelp'] = "Here you can specify a location at which your users can recover or change their username/password if they've forgotten it. This will be provided to users as a button on the login page. if you leave this blank the button will not be printed.";
$string['chooseauthmethod'] = "Choose an authentication method: ";
$string['guestloginbutton'] = "Guest login button";
$string['showguestlogin'] = "You can hide or show the guest login button on the login page.";
View
1  lang/en/moodle.php
@@ -384,6 +384,7 @@
$string['password'] = "Password";
$string['passwordchanged'] = "Password has been changed";
$string['passwordsdiffer'] = "These passwords do not match";
+$string['passwordrecovery'] = "Yes, help me log in";
$string['passwordsent'] = "Password has been sent";
$string['passwordsenttext'] = "
<P>An email has been sent to your address at \$a->email.
View
29 lib/moodlelib.php
@@ -980,7 +980,7 @@ function set_field($table, $field, $newvalue, $selector, $value) {
function set_config($name, $value) {
// No need for get_config because they are usually always available in $CFG
- if (get_field("config", "value", "name", $name)) {
+ if (get_field("config", "name", "name", $name)) {
return set_field("config", "value", $value, "name", $name);
} else {
$config->name = $name;
@@ -1432,17 +1432,31 @@ function authenticate_user_login($username, $password) {
global $CFG;
+ $md5password = md5($password);
+
if (!isset($CFG->auth)) {
$CFG->auth = "email"; // Default authentication module
}
+ if ($username == "guest") {
+ $CFG->auth = "none"; // Guest account always internal
+ }
+
+ // If this is the admin, then just use internal methods
+ if ($user = get_record_sql("SELECT u.id FROM user u, user_admins a
+ WHERE u.id = a.user
+ AND u.username = '$username'
+ AND u.password = '$md5password'")) {
+ return get_user_info_from_db("username", $username);
+ }
+
require_once("$CFG->dirroot/auth/$CFG->auth/lib.php");
if (auth_user_login($username, $password)) { // Successful authentication
if ($user = get_user_info_from_db("username", $username)) {
- if (md5($password) <> $user->password) {
- set_field("user", "password", md5($password), "username", $username);
+ if ($md5password <> $user->password) {
+ set_field("user", "password", $md5password, "username", $username);
}
return $user;
@@ -1451,15 +1465,6 @@ function authenticate_user_login($username, $password) {
}
}
- // It's possible that the user is the admin user, defined locally.
- $password = md5($password);
- if ($user = get_record_sql("SELECT u.id FROM user u, user_admins a
- WHERE u.id = a.user
- AND u.username = '$username'
- AND u.password = '$password'")) {
- return get_user_info_from_db("username", $username);
- }
-
return false;
}
View
25 login/index_form.html
@@ -53,13 +53,24 @@
</FORM>
</CENTER>
<? } ?>
- <HR>
- <P ALIGN=CENTER><? print_string("forgotten") ?></P>
- <CENTER>
- <FORM NAME="form3" ACTION="forgot_password.php" METHOD=post>
- <INPUT type="submit" NAME="Submit" VALUE="<? print_string("senddetails") ?>">
- </FORM>
- </CENTER>
+ <? if ($CFG->changepassword or $CFG->auth == "email" or $CFG->auth == "none") {
+ if ($CFG->auth == "email" or $CFG->auth == "none") {
+ $changepassword = "forgot_password.php";
+ $changebuttonname = get_string("senddetails");
+ } else {
+ $changepassword = $CFG->changepassword;
+ $changebuttonname = get_string("passwordrecovery");
+ }
+
+ ?>
+ <HR>
+ <P ALIGN=CENTER><? print_string("forgotten") ?></P>
+ <CENTER>
+ <FORM NAME="form3" ACTION="<?=$changepassword ?>" METHOD=post>
+ <INPUT type="submit" NAME="Submit" VALUE="<?=$changebuttonname?>">
+ </FORM>
+ </CENTER>
+ <? } ?>
</BLOCKQUOTE>
</FONT> </TD>
<? if ($show_instructions) { ?>
Please sign in to comment.
Something went wrong with that request. Please try again.