/** * Sign up a new user ready for confirmation. * Password is passed in plaintext. * * @param object $user new user object * @param boolean $notify print notice with link and terminate */ public function user_signup($user, $notify = true) { global $CFG, $DB; require_once $CFG->dirroot . '/user/profile/lib.php'; require_once $CFG->dirroot . '/user/lib.php'; $plainpassword = $user->password; $user->password = hash_internal_user_password($user->password); if (empty($user->calendartype)) { $user->calendartype = $CFG->calendartype; } $user->id = user_create_user($user, false, false); user_add_password_history($user->id, $plainpassword); // Save any custom profile field information. profile_save_data($user); // Trigger event. \core\event\user_created::create_from_userid($user->id)->trigger(); if (!send_confirmation_email($user)) { print_error('auth_emailnoemail, auth_email'); } if ($notify) { global $CFG, $PAGE, $OUTPUT; $emailconfirm = get_string('emailconfirm'); $PAGE->navbar->add($emailconfirm); $PAGE->set_title($emailconfirm); $PAGE->set_heading($PAGE->course->fullname); echo $OUTPUT->header(); notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php"); } else { return true; } }
/** * Test that password history is deleted together with user. */ public function test_delete_of_hashes_on_user_delete() { global $DB; $this->resetAfterTest(); $user1 = $this->getDataGenerator()->create_user(); $user2 = $this->getDataGenerator()->create_user(); $DB->delete_records('user_password_history', array()); set_config('passwordreuselimit', 3); user_add_password_history($user1->id, 'pokus'); user_add_password_history($user2->id, 'pokus1'); user_add_password_history($user2->id, 'pokus2'); $this->assertEquals(3, $DB->count_records('user_password_history')); $this->assertEquals(1, $DB->count_records('user_password_history', array('userid' => $user1->id))); $this->assertEquals(2, $DB->count_records('user_password_history', array('userid' => $user2->id))); delete_user($user2); $this->assertEquals(1, $DB->count_records('user_password_history')); $this->assertEquals(1, $DB->count_records('user_password_history', array('userid' => $user1->id))); $this->assertEquals(0, $DB->count_records('user_password_history', array('userid' => $user2->id))); }
/** * Sign up a new user ready for confirmation. * Password is passed in plaintext. * * @param object $user new user object * @param boolean $notify print notice with link and terminate * @return boolean success */ function user_signup($user, $notify = true) { global $CFG, $DB, $PAGE, $OUTPUT; require_once $CFG->dirroot . '/user/profile/lib.php'; require_once $CFG->dirroot . '/user/lib.php'; if ($this->user_exists($user->username)) { print_error('auth_ldap_user_exists', 'auth_ldap'); } $plainslashedpassword = $user->password; unset($user->password); if (!$this->user_create($user, $plainslashedpassword)) { print_error('auth_ldap_create_error', 'auth_ldap'); } $user->id = user_create_user($user, false, false); user_add_password_history($user->id, $plainslashedpassword); // Save any custom profile field information profile_save_data($user); $this->update_user_record($user->username); // This will also update the stored hash to the latest algorithm // if the existing hash is using an out-of-date algorithm (or the // legacy md5 algorithm). update_internal_user_password($user, $plainslashedpassword); $user = $DB->get_record('user', array('id' => $user->id)); \core\event\user_created::create_from_userid($user->id)->trigger(); if (!send_confirmation_email($user)) { print_error('noemail', 'auth_ldap'); } if ($notify) { $emailconfirm = get_string('emailconfirm'); $PAGE->set_url('/auth/ldap/auth.php'); $PAGE->navbar->add($emailconfirm); $PAGE->set_title($emailconfirm); $PAGE->set_heading($emailconfirm); echo $OUTPUT->header(); notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php"); } else { return true; } }
/** * Sign up a new user ready for confirmation. * Password is passed in plaintext. * * @param object $user new user object * @param boolean $notify print notice with link and terminate */ function user_signup($user, $notify = true) { global $CFG, $DB, $SESSION; require_once $CFG->dirroot . '/user/profile/lib.php'; require_once $CFG->dirroot . '/user/lib.php'; if (isset($SESSION->wantsurl)) { $wantsurl = $SESSION->wantsurl; } $plainpassword = $user->password; $user->password = hash_internal_user_password($user->password); if (empty($user->calendartype)) { $user->calendartype = $CFG->calendartype; } $user->confirmed = 1; $user->id = user_create_user($user, false, false); user_add_password_history($user->id, $plainpassword); // Save any custom profile field information. profile_save_data($user); // Trigger event. \core\event\user_created::create_from_userid($user->id)->trigger(); $thisuser = authenticate_user_login($user->username, $plainpassword, false, $errorcode); if ($thisuser == false) { print_error('authfailure'); } else { complete_user_login($thisuser); if (isset($wantsurl)) { $urltogo = $wantsurl; if (isset($_SESSION["fiaction"]) && isset($_SESSION["ficourseid"]) && is_numeric($_SESSION["ficourseid"]) && $_SESSION["fiaction"] == "enroll") { $urltogo = $CFG->wwwroot . '/course/enrol.php?id=' . $_SESSION["ficourseid"]; unset($_SESSION['fiaction']); unset($_SESSION['ficourseid']); unset($SESSION->wantsurl); } } else { $urltogo = $CFG->wwwroot . '/'; } redirect($urltogo); } // if ($notify) { // global $CFG, $PAGE, $OUTPUT; // $emailconfirm = get_string('emailconfirm'); // $PAGE->navbar->add($emailconfirm); // $PAGE->set_title($emailconfirm); // $PAGE->set_heading($PAGE->course->fullname); // echo $OUTPUT->header(); // notice(get_string('emailconfirmsent', '', $user->email), "$CFG->wwwroot/index.php"); // } else { // return true; // } }
/** * This function processes a user's submitted token to validate the request to set a new password. * If the user's token is validated, they are prompted to set a new password. * @param string $token the one-use identifier which should verify the password reset request as being valid. * @return void */ function core_login_process_password_set($token) { global $DB, $CFG, $OUTPUT, $PAGE, $SESSION; require_once $CFG->dirroot . '/user/lib.php'; $pwresettime = isset($CFG->pwresettime) ? $CFG->pwresettime : 1800; $sql = "SELECT u.*, upr.token, upr.timerequested, upr.id as tokenid\n FROM {user} u\n JOIN {user_password_resets} upr ON upr.userid = u.id\n WHERE upr.token = ?"; $user = $DB->get_record_sql($sql, array($token)); $forgotpasswordurl = "{$CFG->httpswwwroot}/login/forgot_password.php"; if (empty($user) or $user->timerequested < time() - $pwresettime - DAYSECS) { // There is no valid reset request record - not even a recently expired one. // (suspicious) // Direct the user to the forgot password page to request a password reset. echo $OUTPUT->header(); notice(get_string('noresetrecord'), $forgotpasswordurl); die; // Never reached. } if ($user->timerequested < time() - $pwresettime) { // There is a reset record, but it's expired. // Direct the user to the forgot password page to request a password reset. $pwresetmins = floor($pwresettime / MINSECS); echo $OUTPUT->header(); notice(get_string('resetrecordexpired', '', $pwresetmins), $forgotpasswordurl); die; // Never reached. } if ($user->auth === 'nologin' or !is_enabled_auth($user->auth)) { // Bad luck - user is not able to login, do not let them set password. echo $OUTPUT->header(); print_error('forgotteninvalidurl'); die; // Never reached. } // Check this isn't guest user. if (isguestuser($user)) { print_error('cannotresetguestpwd'); } // Token is correct, and unexpired. $mform = new login_set_password_form(null, $user, 'post', '', 'autocomplete="yes"'); $data = $mform->get_data(); if (empty($data)) { // User hasn't submitted form, they got here directly from email link. // Next, display the form. $setdata = new stdClass(); $setdata->username = $user->username; $setdata->username2 = $user->username; $setdata->token = $user->token; $mform->set_data($setdata); $PAGE->verify_https_required(); echo $OUTPUT->header(); echo $OUTPUT->box(get_string('setpasswordinstructions'), 'generalbox boxwidthnormal boxaligncenter'); $mform->display(); echo $OUTPUT->footer(); return; } else { // User has submitted form. // Delete this token so it can't be used again. $DB->delete_records('user_password_resets', array('id' => $user->tokenid)); $userauth = get_auth_plugin($user->auth); if (!$userauth->user_update_password($user, $data->password)) { print_error('errorpasswordupdate', 'auth'); } user_add_password_history($user->id, $data->password); if (!empty($CFG->passwordchangelogout)) { \core\session\manager::kill_user_sessions($user->id, session_id()); } // Reset login lockout (if present) before a new password is set. login_unlock_account($user); // Clear any requirement to change passwords. unset_user_preference('auth_forcepasswordchange', $user); unset_user_preference('create_password', $user); if (!empty($user->lang)) { // Unset previous session language - use user preference instead. unset($SESSION->lang); } complete_user_login($user); // Triggers the login event. \core\session\manager::apply_concurrent_login_limit($user->id, session_id()); $urltogo = core_login_get_return_url(); unset($SESSION->wantsurl); redirect($urltogo, get_string('passwordset'), 1); } }
$mform = new login_change_password_form(); $mform->set_data(array('id'=>$course->id)); $navlinks = array(); $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc'); if ($mform->is_cancelled()) { redirect($CFG->wwwroot.'/user/preferences.php?userid='.$USER->id.'&course='.$course->id); } else if ($data = $mform->get_data()) { if (!$userauth->user_update_password($USER, $data->newpassword1)) { print_error('errorpasswordupdate', 'auth'); } user_add_password_history($USER->id, $data->newpassword1); if (!empty($CFG->passwordchangelogout)) { \core\session\manager::kill_user_sessions($USER->id, session_id()); } // Reset login lockout - we want to prevent any accidental confusion here. login_unlock_account($USER); // register success changing password unset_user_preference('auth_forcepasswordchange', $USER); unset_user_preference('create_password', $USER); $strpasswordchanged = get_string('passwordchanged'); $fullname = fullname($USER, true);
/** * Update details for the current user * Password is passed in plaintext. * * @param object $user current user object * @param boolean $notify print notice with link and terminate */ public function user_update_details($user) { global $CFG, $DB, $USER; require_once $CFG->dirroot . '/user/profile/lib.php'; require_once $CFG->dirroot . '/user/lib.php'; if ($user->password == $user->confirmpassword and !empty($user->password)) { $plainpassword = $user->password; echo $plainpassword; $user->password = hash_internal_user_password($user->password); $this->user_update_password($user, $user->password); user_add_password_history($user->id, $plainpassword); } if (empty($user->calendartype)) { $user->calendartype = $CFG->calendartype; } try { $transaction = $DB->start_delegated_transaction(); user_update_user($user, false, false); $user->profile_field_yearlevel = empty($user->profile_field_yearlevel) ? 'N/A' : $user->profile_field_yearlevel; $user->profile_field_yearofbirth = empty($user->profile_field_yearofbirth) ? 'N/A' : $user->profile_field_yearofbirth; $user->profile_field_whereareyoufrom = empty($user->profile_field_whereareyoufrom) ? 'Perth' : $user->profile_field_whereareyoufrom; $USER->profile['yearlevel'] = $user->profile_field_yearlevel; $USER->profile['yearofbirth'] = $user->profile_field_yearofbirth; $USER->profile['whereareyoufrom'] = $user->profile_field_whereareyoufrom; profile_save_data($user); // Trigger event. \core\event\user_updated::create_from_userid($user->id)->trigger(); // Assuming the both inserts work, we get to the following line. $transaction->allow_commit(); } catch (Exception $e) { $transaction->rollback($e); return false; } return $this->update_user_session($user); }