Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403] [Versions 401 and 403] [Versions 402 and 403]

   1  <?php
   2  
   3  // This file is part of Moodle - http://moodle.org/
   4  //
   5  // Moodle is free software: you can redistribute it and/or modify
   6  // it under the terms of the GNU General Public License as published by
   7  // the Free Software Foundation, either version 3 of the License, or
   8  // (at your option) any later version.
   9  //
  10  // Moodle is distributed in the hope that it will be useful,
  11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13  // GNU General Public License for more details.
  14  //
  15  // You should have received a copy of the GNU General Public License
  16  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  17  
  18  /**
  19   * Change password form definition.
  20   *
  21   * @package    core
  22   * @subpackage auth
  23   * @copyright  2006 Petr Skoda {@link http://skodak.org}
  24   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  25   */
  26  
  27  defined('MOODLE_INTERNAL') || die();
  28  
  29  require_once($CFG->libdir.'/formslib.php');
  30  require_once($CFG->dirroot.'/user/lib.php');
  31  require_once ('lib.php');
  32  
  33  class login_change_password_form extends moodleform {
  34  
  35      function definition() {
  36          global $USER, $CFG;
  37  
  38          $mform = $this->_form;
  39          $mform->setDisableShortforms(true);
  40  
  41          $mform->addElement('header', 'changepassword', get_string('changepassword'), '');
  42  
  43          // visible elements
  44          $mform->addElement('static', 'username', get_string('username'), $USER->username);
  45  
  46          $policies = array();
  47          if (!empty($CFG->passwordpolicy)) {
  48              $policies[] = print_password_policy();
  49          }
  50          if (!empty($CFG->passwordreuselimit) and $CFG->passwordreuselimit > 0) {
  51              $policies[] = get_string('informminpasswordreuselimit', 'auth', $CFG->passwordreuselimit);
  52          }
  53          if ($policies) {
  54              $mform->addElement('static', 'passwordpolicyinfo', '', implode('<br />', $policies));
  55          }
  56          $purpose = user_edit_map_field_purpose($USER->id, 'password');
  57          $mform->addElement('password', 'password', get_string('oldpassword'), $purpose);
  58          $mform->addRule('password', get_string('required'), 'required', null, 'client');
  59          $mform->setType('password', PARAM_RAW);
  60  
  61          $mform->addElement('password', 'newpassword1', get_string('newpassword'),
  62              ['autocomplete' => 'new-password', 'maxlength' => MAX_PASSWORD_CHARACTERS]);
  63          $mform->addRule('newpassword1', get_string('required'), 'required', null, 'client');
  64          $mform->addRule('password', get_string('maximumchars', '', MAX_PASSWORD_CHARACTERS),
  65              'maxlength', MAX_PASSWORD_CHARACTERS, 'client');
  66          $mform->setType('newpassword1', PARAM_RAW);
  67  
  68          $mform->addElement('password', 'newpassword2', get_string('newpassword').' ('.get_String('again').')',
  69              ['autocomplete' => 'new-password', 'maxlength' => MAX_PASSWORD_CHARACTERS]);
  70          $mform->addRule('newpassword2', get_string('required'), 'required', null, 'client');
  71          $mform->setType('newpassword2', PARAM_RAW);
  72  
  73          if (empty($CFG->passwordchangetokendeletion) and !empty(webservice::get_active_tokens($USER->id))) {
  74              $mform->addElement('advcheckbox', 'signoutofotherservices', get_string('signoutofotherservices'));
  75              $mform->addHelpButton('signoutofotherservices', 'signoutofotherservices');
  76              $mform->setDefault('signoutofotherservices', 1);
  77          }
  78  
  79          // hidden optional params
  80          $mform->addElement('hidden', 'id', 0);
  81          $mform->setType('id', PARAM_INT);
  82  
  83          // Hook for plugins to extend form definition.
  84          core_login_extend_change_password_form($mform, $USER);
  85  
  86          // buttons
  87          if (get_user_preferences('auth_forcepasswordchange')) {
  88              $this->add_action_buttons(false);
  89          } else {
  90              $this->add_action_buttons(true);
  91          }
  92      }
  93  
  94  /// perform extra password change validation
  95      function validation($data, $files) {
  96          global $USER;
  97          $errors = parent::validation($data, $files);
  98          $reason = null;
  99  
 100          // Extend validation for any form extensions from plugins.
 101          $errors = array_merge($errors, core_login_validate_extend_change_password_form($data, $USER));
 102  
 103          // ignore submitted username
 104          if (!$user = authenticate_user_login($USER->username, $data['password'], true, $reason, false)) {
 105              $errors['password'] = get_string('invalidlogin');
 106              return $errors;
 107          }
 108  
 109          if ($data['newpassword1'] <> $data['newpassword2']) {
 110              $errors['newpassword1'] = get_string('passwordsdiffer');
 111              $errors['newpassword2'] = get_string('passwordsdiffer');
 112              return $errors;
 113          }
 114  
 115          if ($data['password'] == $data['newpassword1']){
 116              $errors['newpassword1'] = get_string('mustchangepassword');
 117              $errors['newpassword2'] = get_string('mustchangepassword');
 118              return $errors;
 119          }
 120  
 121          if (user_is_previously_used_password($USER->id, $data['newpassword1'])) {
 122              $errors['newpassword1'] = get_string('errorpasswordreused', 'core_auth');
 123              $errors['newpassword2'] = get_string('errorpasswordreused', 'core_auth');
 124          }
 125  
 126          $errmsg = '';//prevents eclipse warnings
 127          if (!check_password_policy($data['newpassword1'], $errmsg, $USER)) {
 128              $errors['newpassword1'] = $errmsg;
 129              $errors['newpassword2'] = $errmsg;
 130              return $errors;
 131          }
 132  
 133          return $errors;
 134      }
 135  }