MDL-20937 different fix for problems with forcing passsword change fo…

…r admins with external auth
moodle · Nov 23, 2009 · 90cb3f7 · 90cb3f7
1 parent 993c4fe
commit 90cb3f7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 31 deletions.
diff --git a/lib/db/upgrade.php b/lib/db/upgrade.php
@@ -781,10 +781,6 @@ function xmldb_main_upgrade($oldversion=0) {
     }
 
     if ($result && $oldversion < 2007021599.11) {
-
-        //NOTE: this is a wrong location for forcing of admin password change,
-        //      it should have been done from each auth plugin separately
-
         $messagesubject = get_string('upgrade1811noticesubject', 'admin');
         $message  = addslashes(get_string('upgrade1811notice', 'admin'));
         if (empty($CFG->passwordmainsalt)) {
@@ -794,33 +790,19 @@ function xmldb_main_upgrade($oldversion=0) {
 
         notify($message, 'notifysuccess');
 
-        $systemcontext = get_context_instance(CONTEXT_SYSTEM);
         // Force administrators to change password on next login
+        $systemcontext = get_context_instance(CONTEXT_SYSTEM);
         $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, u.password, u.auth
               FROM {$CFG->prefix}role_capabilities rc
               JOIN {$CFG->prefix}role_assignments ra ON (ra.contextid = rc.contextid AND ra.roleid = rc.roleid)
               JOIN {$CFG->prefix}user u ON u.id = ra.userid
              WHERE rc.capability = 'moodle/site:doanything'
                    AND rc.permission = ".CAP_ALLOW."
                    AND u.deleted = 0
-                   AND rc.contextid = ".$systemcontext->id."";
+                   AND rc.contextid = ".$systemcontext->id." AND (u.auth='manual' OR u.auth='email')";
 
         $adminusers = get_records_sql($sql);
-        $permittedstates = array('email', 'manual');
         foreach ($adminusers as $adminuser) {
-            if ($adminuser->password === 'not cached' || !in_array($adminuser->auth, $permittedstates)) {
-                // no need to change password if stored only outside of moodle - most probably ldap auth
-                continue;
-            }
-            if (!$auth = get_auth_plugin($adminuser->auth)) { // very ugly hack, we are not supposed to use any plugins from main upgrade!!
-                continue;
-            }
-            // let's hope no auth plugin is going to end with fatal error here
-            if (!@$auth->can_change_password()) { // very ugly hack, we are not supposed to use any plugins from main upgrade!!
-                // do not force admin to change password if there is no way to actually change it
-                continue;
-            }
-
             if ($preference = get_record('user_preferences', 'userid', $adminuser->id, 'name', 'auth_forcepasswordchange')) {
                 if ($preference->value == '1') {
                     continue;
@@ -844,30 +826,24 @@ function xmldb_main_upgrade($oldversion=0) {
         unset($messagesubject);
     }
 
-    if ($result && $oldversion < 2007021599.14) {
+    if ($result && $oldversion < 2007021599.15) {
         // this block tries to undo incorrect forcing of new passwords for admins that have no
         // way to change passwords MDL-20933
         $systemcontext = get_context_instance(CONTEXT_SYSTEM);
-        $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, u.password, u.auth
+        $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, u.password
                   FROM {$CFG->prefix}role_capabilities rc
                   JOIN {$CFG->prefix}role_assignments ra ON (ra.contextid = rc.contextid AND ra.roleid = rc.roleid)
                   JOIN {$CFG->prefix}user u ON u.id = ra.userid
                  WHERE rc.capability = 'moodle/site:doanything'
                        AND rc.permission = ".CAP_ALLOW."
                        AND u.deleted = 0
-                       AND rc.contextid = ".$systemcontext->id."";
+                       AND rc.contextid = ".$systemcontext->id." AND u.auth<>'manual' AND u.auth<>'email'";
 
         $adminusers = get_records_sql($sql);
         foreach ($adminusers as $adminuser) {
-            if ($adminuser->password === 'not cached') {
-                // no need to change password if stored only outside of moodle - most probably ldap auth
-                continue;
-            }
-            if ($auth = get_auth_plugin($adminuser->auth) and @$auth->can_change_password()) { // very ugly hack, we are not supposed to use any plugins from main upgrade!!
-                continue;
-            }
             delete_records('user_preferences', 'userid', $adminuser->id, 'name', 'auth_forcepasswordchange');
         }
+        unset($adminusers);
     }
 
     return $result;

diff --git a/version.php b/version.php
@@ -6,7 +6,7 @@
 // This is compared against the values stored in the database to determine
 // whether upgrades should be performed (see lib/db/*.php)
 
-   $version = 2007021599.14; // YYYYMMDD      = date of the 1.8 branch (don't change)
+   $version = 2007021599.15; // YYYYMMDD      = date of the 1.8 branch (don't change)
                               //         99    = we reached a .10 release! (don't change)
                               //          .XX  = release number 1.8.[10,11,12,..]