Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Set password form definition.
  19   *
  20   * @package    core
  21   * @subpackage auth
  22   * @copyright  2006 Petr Skoda {@link http://skodak.org}
  23   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  24   */
  25  
  26  defined('MOODLE_INTERNAL') || die();
  27  
  28  require_once($CFG->libdir.'/formslib.php');
  29  require_once($CFG->dirroot.'/user/lib.php');
  30  require_once ('lib.php');
  31  
  32  /**
  33   * Set forgotten password form definition.
  34   *
  35   * @package    core
  36   * @subpackage auth
  37   * @copyright  2006 Petr Skoda {@link http://skodak.org}
  38   * @copyright  2013 Peter Bulmer
  39   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  40   */
  41  class login_set_password_form extends moodleform {
  42  
  43      /**
  44       * Define the set password form.
  45       */
  46      public function definition() {
  47          global $CFG;
  48  
  49          $mform = $this->_form;
  50          $mform->setDisableShortforms(true);
  51          $mform->addElement('header', 'setpassword', get_string('setpassword'), '');
  52  
  53          // Include the username in the form so browsers will recognise that a password is being set.
  54          $mform->addElement('text', 'username', '', 'style="display: none;"');
  55          $mform->setType('username', PARAM_RAW);
  56          // Token gives authority to change password.
  57          $mform->addElement('hidden', 'token', '');
  58          $mform->setType('token', PARAM_ALPHANUM);
  59  
  60          // Visible elements.
  61          $mform->addElement('static', 'username2', get_string('username'));
  62  
  63          $policies = array();
  64          if (!empty($CFG->passwordpolicy)) {
  65              $policies[] = print_password_policy();
  66          }
  67          if (!empty($CFG->passwordreuselimit) and $CFG->passwordreuselimit > 0) {
  68              $policies[] = get_string('informminpasswordreuselimit', 'auth', $CFG->passwordreuselimit);
  69          }
  70          if ($policies) {
  71              $mform->addElement('static', 'passwordpolicyinfo', '', implode('<br />', $policies));
  72          }
  73          $mform->addElement('password', 'password', get_string('newpassword'));
  74          $mform->addRule('password', get_string('required'), 'required', null, 'client');
  75          $mform->setType('password', PARAM_RAW);
  76  
  77          $strpasswordagain = get_string('newpassword') . ' (' . get_string('again') . ')';
  78          $mform->addElement('password', 'password2', $strpasswordagain);
  79          $mform->addRule('password2', get_string('required'), 'required', null, 'client');
  80          $mform->setType('password2', PARAM_RAW);
  81  
  82          // Hook for plugins to extend form definition.
  83          $user = $this->_customdata;
  84          core_login_extend_set_password_form($mform, $user);
  85  
  86          $this->add_action_buttons(true);
  87      }
  88  
  89      /**
  90       * Perform extra password change validation.
  91       * @param array $data submitted form fields.
  92       * @param array $files submitted with the form.
  93       * @return array errors occuring during validation.
  94       */
  95      public function validation($data, $files) {
  96          $user = $this->_customdata;
  97  
  98          $errors = parent::validation($data, $files);
  99  
 100          // Extend validation for any form extensions from plugins.
 101          $errors = array_merge($errors, core_login_validate_extend_set_password_form($data, $user));
 102  
 103          // Ignore submitted username.
 104          if ($data['password'] !== $data['password2']) {
 105              $errors['password'] = get_string('passwordsdiffer');
 106              $errors['password2'] = get_string('passwordsdiffer');
 107              return $errors;
 108          }
 109  
 110          $errmsg = ''; // Prevents eclipse warnings.
 111          if (!check_password_policy($data['password'], $errmsg, $user)) {
 112              $errors['password'] = $errmsg;
 113              $errors['password2'] = $errmsg;
 114              return $errors;
 115          }
 116  
 117          if (user_is_previously_used_password($user->id, $data['password'])) {
 118              $errors['password'] = get_string('errorpasswordreused', 'core_auth');
 119              $errors['password2'] = get_string('errorpasswordreused', 'core_auth');
 120          }
 121  
 122          return $errors;
 123      }
 124  }