Changes to allow admin to control the "forgot password" function

and a bug fix for set_config
moodle · Nov 22, 2002 · 466558e · 466558e
1 parent caa963b
commit 466558e
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 35 deletions.
diff --git a/admin/auth.php b/admin/auth.php
@@ -25,18 +25,8 @@
         if (count($err) == 0) {
             print_header();
             foreach ($config as $name => $value) {
-                unset($conf);
+                if (! set_config($name, $value)) {
-                $conf->name  = $name;
+                    notify("Problem saving config $name as $value");
-                $conf->value = $value;
-                if ($current = get_record("config", "name", $name)) {
-                    $conf->id = $current->id;
-                    if (! update_record("config", $conf)) {
-                        notify("Could not update $name to $value");
-                    }
-                } else {
-                    if (! insert_record("config", $conf)) {
-                        notify("Error: could not add new variable $name !");
-                    }
                 }
             }
             redirect("auth.php", get_string("changessaved"), 1);
@@ -103,6 +93,20 @@
 
     require("$CFG->dirroot/auth/$auth/config.html");
 
+    if ($auth != "email" and $auth != "none") {
+        echo "<tr valign=\"top\">";
+	    echo "<td align=right nowrap><p>";
+        print_string("changepassword", "auth");
+        echo ":</p></td>";
+	    echo "<td>";
+        echo "<INPUT TYPE=\"text\" NAME=\"changepassword\" SIZE=40 VALUE=\"$config->changepassword\">";
+        echo "</td>";
+        echo "<td>";
+        print_string("changepasswordhelp","auth");
+        echo "</td></tr>";
+
+    }
+
     echo "<tr valign=\"top\">";
 	echo "<td align=right nowrap><p>";
     print_string("guestloginbutton", "auth");
@@ -114,6 +118,7 @@
     print_string("showguestlogin","auth");
     echo "</td></tr></table>";
 
+
     echo "<CENTER><P><INPUT TYPE=\"submit\" VALUE=\"";
     print_string("savechanges");
     echo "\"></P></CENTER></FORM>";

diff --git a/auth/imap/config.html b/auth/imap/config.html
@@ -13,7 +13,10 @@
 	<TD ALIGN=RIGHT><P>auth_imaptype:</TD>
 	<TD>
     <? $imaptypes = array("imap","imapssl", "imapcert", "imaptls");
-       choose_from_menu($imaptypes, "auth_imaptype", $config->auth_imaptype, "");
+       foreach($imaptypes as $imaptype) {
+           $imapoptions[$imaptype] = $imaptype;
+       }
+       choose_from_menu($imapoptions, "auth_imaptype", $config->auth_imaptype, "");
     ?>
     </TD>
     <TD>

diff --git a/auth/pop3/config.html b/auth/pop3/config.html
@@ -13,7 +13,10 @@
 	<TD ALIGN=RIGHT><P>auth_pop3type:</TD>
 	<TD>
     <? $pop3types = array("pop3","pop3cert");
-       choose_from_menu($pop3types, "auth_pop3type", $config->auth_pop3type, "");
+       foreach($pop3types as $pop3type) {
+           $pop3options[$pop3type] = $pop3type;
+       }
+       choose_from_menu($pop3options, "auth_pop3type", $config->auth_pop3type, "");
     ?>
     <? formerr($err["auth_pop3type"]); ?>
     </TD>

diff --git a/doc/release.html b/doc/release.html
@@ -18,7 +18,7 @@ <H2>Release notes</H2>
      authentication against user-specified fields in ANY 
      external database table.  In addition, Moodle now sports a cool 
      new admin GUI for configuring all of this, so it should be pretty 
-     easy to configure all of this.
+     easy to configure external authentication.
      Thanks to contributor Petri Asikainen for his work on the GUI.<BR><BR>
 
 <DT> Languages
@@ -39,7 +39,7 @@ <H2>Release notes</H2>
      <LI> User pictures are now uploaded even if other fields have errors
      <LI> Submitted assignments were sometimes having their owner changed - fixed.
      <LI> Admin can always log in regardless of external authentication
-     <LI> User log graphs are now translatable
+     <LI> User log graphs are now faster, cleaner and translatable
      </UL>
 
 </DL></UL>

diff --git a/lang/en/auth.php b/lang/en/auth.php
@@ -48,6 +48,8 @@
 $string['auth_pop3type'] = "Server type. If your server uses certificate security, choose pop3cert.";
 $string['authenticationoptions'] = "Authentication options";
 $string['authinstructions'] = "Here you can provide instructions for your users, so they know which username and password they should be using.  The text you enter here will appear on the login page.  If you leave this blank then no instructions will be printed.";
+$string['changepassword'] = "Change password URL";
+$string['changepasswordhelp'] = "Here you can specify a location at which your users can recover or change their username/password if they've forgotten it.  This will be provided to users as a button on the login page.  if you leave this blank the button will not be printed.";
 $string['chooseauthmethod'] = "Choose an authentication method: ";
 $string['guestloginbutton'] = "Guest login button";
 $string['showguestlogin'] = "You can hide or show the guest login button on the login page.";

diff --git a/lang/en/moodle.php b/lang/en/moodle.php
@@ -384,6 +384,7 @@
 $string['password'] = "Password";
 $string['passwordchanged'] = "Password has been changed";
 $string['passwordsdiffer'] = "These passwords do not match";
+$string['passwordrecovery'] = "Yes, help me log in";
 $string['passwordsent'] = "Password has been sent";
 $string['passwordsenttext'] = "
    <P>An email has been sent to your address at \$a->email.

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -980,7 +980,7 @@ function set_field($table, $field, $newvalue, $selector, $value) {
 function set_config($name, $value) {
 // No need for get_config because they are usually always available in $CFG
 
-    if (get_field("config", "value", "name", $name)) {
+    if (get_field("config", "name", "name", $name)) {
         return set_field("config", "value", $value, "name", $name);
     } else {
         $config->name = $name;
@@ -1432,17 +1432,31 @@ function authenticate_user_login($username, $password) {
 
     global $CFG;
 
+    $md5password = md5($password);
+
     if (!isset($CFG->auth)) {
         $CFG->auth = "email";    // Default authentication module
     }
 
+    if ($username == "guest") {
+        $CFG->auth = "none";     // Guest account always internal
+    }
+
+    // If this is the admin, then just use internal methods
+    if ($user = get_record_sql("SELECT u.id FROM user u, user_admins a 
+                                WHERE u.id = a.user 
+                                  AND u.username = '$username' 
+                                  AND u.password = '$md5password'")) {
+        return get_user_info_from_db("username", $username);
+    }
+
     require_once("$CFG->dirroot/auth/$CFG->auth/lib.php");
 
     if (auth_user_login($username, $password)) {  // Successful authentication
 
         if ($user = get_user_info_from_db("username", $username)) {
-            if (md5($password) <> $user->password) {
+            if ($md5password <> $user->password) {
-                set_field("user", "password", md5($password), "username", $username);
+                set_field("user", "password", $md5password, "username", $username);
             }
             return $user;
 
@@ -1451,15 +1465,6 @@ function authenticate_user_login($username, $password) {
         }
     }
 
-    // It's possible that the user is the admin user, defined locally.
-    $password = md5($password);
-    if ($user = get_record_sql("SELECT u.id FROM user u, user_admins a 
-                                WHERE u.id = a.user 
-                                  AND u.username = '$username' 
-                                  AND u.password = '$password'")) {
-        return get_user_info_from_db("username", $username);
-    }
-
     return false;
 }
 

diff --git a/login/index_form.html b/login/index_form.html
@@ -53,13 +53,24 @@
             </FORM>
             </CENTER>
     <? } ?>
-      <HR>
+    <? if ($CFG->changepassword or $CFG->auth == "email" or $CFG->auth == "none") {
-        <P ALIGN=CENTER><? print_string("forgotten") ?></P> 
+          if ($CFG->auth == "email" or $CFG->auth == "none") {
-        <CENTER>
+              $changepassword = "forgot_password.php";
-        <FORM NAME="form3" ACTION="forgot_password.php" METHOD=post>
+              $changebuttonname = get_string("senddetails");
-        <INPUT type="submit" NAME="Submit" VALUE="<? print_string("senddetails") ?>">
+          } else {
-        </FORM>
+              $changepassword = $CFG->changepassword;
-        </CENTER>
+              $changebuttonname = get_string("passwordrecovery");
+          }
+
+    ?>
+          <HR>
+            <P ALIGN=CENTER><? print_string("forgotten") ?></P> 
+            <CENTER>
+            <FORM NAME="form3" ACTION="<?=$changepassword ?>" METHOD=post>
+            <INPUT type="submit" NAME="Submit" VALUE="<?=$changebuttonname?>">
+            </FORM>
+            </CENTER>
+    <? } ?>
         </BLOCKQUOTE>
       </FONT> </TD>
     <? if ($show_instructions) { ?>