PageRenderTime 31ms CodeModel.GetById 9ms RepoModel.GetById 0ms app.codeStats 0ms

/login/change_password_form.php

https://bitbucket.org/moodle/moodle
PHP | 134 lines | 81 code | 24 blank | 29 comment | 13 complexity | b44022d6c788fcb124185c1e86cd2c91 MD5 | raw file
Possible License(s): Apache-2.0, LGPL-2.1, BSD-3-Clause, MIT, GPL-3.0 
    

  1. <?php
    2. 

  2. 

  3. // This file is part of Moodle - http://moodle.org/
    4. 

  4. //
    5. 

  5. // Moodle is free software: you can redistribute it and/or modify
    6. 

  6. // it under the terms of the GNU General Public License as published by
    7. 

  7. // the Free Software Foundation, either version 3 of the License, or
    8. 

  8. // (at your option) any later version.
    9. 

  9. //
    10. 

  10. // Moodle is distributed in the hope that it will be useful,
    11. 

  11. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13. // GNU General Public License for more details.
    14. 

  14. //
    15. 

  15. // You should have received a copy of the GNU General Public License
    16. 

  16. // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17. 

  18. /**
    19. 

  19.  * Change password form definition.
    20. 

  20.  *
    21. 

  21.  * @package    core
    22. 

  22.  * @subpackage auth
    23. 

  23.  * @copyright  2006 Petr Skoda {@link http://skodak.org}
    24. 

  24.  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
    25. 

  25.  */
    26. 

  26. 

  27. defined('MOODLE_INTERNAL') || die();
    28. 

  28. 

  29. require_once($CFG->libdir.'/formslib.php');
    30. 

  30. require_once($CFG->dirroot.'/user/lib.php');
    31. 

  31. require_once('lib.php');
    32. 

  32. 

  33. class login_change_password_form extends moodleform {
    34. 

  34. 

  35.     function definition() {
    36. 

  36.         global $USER, $CFG;
    37. 

  37. 

  38.         $mform = $this->_form;
    39. 

  39.         $mform->setDisableShortforms(true);
    40. 

  40. 

  41.         $mform->addElement('header', 'changepassword', get_string('changepassword'), '');
    42. 

  42. 

  43.         // visible elements
    44. 

  44.         $mform->addElement('static', 'username', get_string('username'), $USER->username);
    45. 

  45. 

  46.         $policies = array();
    47. 

  47.         if (!empty($CFG->passwordpolicy)) {
    48. 

  48.             $policies[] = print_password_policy();
    49. 

  49.         }
    50. 

  50.         if (!empty($CFG->passwordreuselimit) and $CFG->passwordreuselimit > 0) {
    51. 

  51.             $policies[] = get_string('informminpasswordreuselimit', 'auth', $CFG->passwordreuselimit);
    52. 

  52.         }
    53. 

  53.         if ($policies) {
    54. 

  54.             $mform->addElement('static', 'passwordpolicyinfo', '', implode('<br />', $policies));
    55. 

  55.         }
    56. 

  56.         $purpose = user_edit_map_field_purpose($USER->id, 'password');
    57. 

  57.         $mform->addElement('password', 'password', get_string('oldpassword'), $purpose);
    58. 

  58.         $mform->addRule('password', get_string('required'), 'required', null, 'client');
    59. 

  59.         $mform->setType('password', PARAM_RAW);
    60. 

  60. 

  61.         $mform->addElement('password', 'newpassword1', get_string('newpassword'),
    62. 

  62.                             ['autocomplete' => 'new-password']);
    63. 

  63.         $mform->addRule('newpassword1', get_string('required'), 'required', null, 'client');
    64. 

  64.         $mform->setType('newpassword1', PARAM_RAW);
    65. 

  65. 

  66.         $mform->addElement('password', 'newpassword2',
    67. 

  67.                             get_string('newpassword').' ('.get_String('again').')',
    68. 

  68.                             ['autocomplete' => 'new-password']);
    69. 

  69.         $mform->addRule('newpassword2', get_string('required'), 'required', null, 'client');
    70. 

  70.         $mform->setType('newpassword2', PARAM_RAW);
    71. 

  71. 

  72.         if (empty($CFG->passwordchangetokendeletion) and !empty(webservice::get_active_tokens($USER->id))) {
    73. 

  73.             $mform->addElement('advcheckbox', 'signoutofotherservices', get_string('signoutofotherservices'));
    74. 

  74.             $mform->addHelpButton('signoutofotherservices', 'signoutofotherservices');
    75. 

  75.             $mform->setDefault('signoutofotherservices', 1);
    76. 

  76.         }
    77. 

  77. 

  78.         // hidden optional params
    79. 

  79.         $mform->addElement('hidden', 'id', 0);
    80. 

  80.         $mform->setType('id', PARAM_INT);
    81. 

  81. 

  82.         // Hook for plugins to extend form definition.
    83. 

  83.         core_login_extend_change_password_form($mform, $USER);
    84. 

  84. 

  85.         // buttons
    86. 

  86.         if (get_user_preferences('auth_forcepasswordchange')) {
    87. 

  87.             $this->add_action_buttons(false);
    88. 

  88.         } else {
    89. 

  89.             $this->add_action_buttons(true);
    90. 

  90.         }
    91. 

  91.     }
    92. 

  92. 

  93. /// perform extra password change validation
    94. 

  94.     function validation($data, $files) {
    95. 

  95.         global $USER;
    96. 

  96.         $errors = parent::validation($data, $files);
    97. 

  97.         $reason = null;
    98. 

  98. 

  99.         // Extend validation for any form extensions from plugins.
    100. 

  100.         $errors = array_merge($errors, core_login_validate_extend_change_password_form($data, $USER));
    101. 

  101. 

  102.         // ignore submitted username
    103. 

  103.         if (!$user = authenticate_user_login($USER->username, $data['password'], true, $reason, false)) {
    104. 

  104.             $errors['password'] = get_string('invalidlogin');
    105. 

  105.             return $errors;
    106. 

  106.         }
    107. 

  107. 

  108.         if ($data['newpassword1'] <> $data['newpassword2']) {
    109. 

  109.             $errors['newpassword1'] = get_string('passwordsdiffer');
    110. 

  110.             $errors['newpassword2'] = get_string('passwordsdiffer');
    111. 

  111.             return $errors;
    112. 

  112.         }
    113. 

  113. 

  114.         if ($data['password'] == $data['newpassword1']){
    115. 

  115.             $errors['newpassword1'] = get_string('mustchangepassword');
    116. 

  116.             $errors['newpassword2'] = get_string('mustchangepassword');
    117. 

  117.             return $errors;
    118. 

  118.         }
    119. 

  119. 

  120.         if (user_is_previously_used_password($USER->id, $data['newpassword1'])) {
    121. 

  121.             $errors['newpassword1'] = get_string('errorpasswordreused', 'core_auth');
    122. 

  122.             $errors['newpassword2'] = get_string('errorpasswordreused', 'core_auth');
    123. 

  123.         }
    124. 

  124. 

  125.         $errmsg = '';//prevents eclipse warnings
    126. 

  126.         if (!check_password_policy($data['newpassword1'], $errmsg, $USER)) {
    127. 

  127.             $errors['newpassword1'] = $errmsg;
    128. 

  128.             $errors['newpassword2'] = $errmsg;
    129. 

  129.             return $errors;
    130. 

  130.         }
    131. 

  131. 

  132.         return $errors;
    133. 

  133.     }
    134. 

  134. }
    135. 

  135.