/** * Set new password for current user. * * @since 2.0.0 * @access public */ public function Password() { $this->Permission('Garden.SignIn.Allow'); // Don't allow password editing if using SSO Connect ONLY. // This is for security. We encountered the case where a customer charges // for membership using their external application and use SSO to let // their customers into Vanilla. If you allow those people to change their // password in Vanilla, they will then be able to log into Vanilla using // Vanilla's login form regardless of the state of their membership in the // external app. if (C('Garden.Registration.Method') == 'Connect') { Gdn::Dispatcher()->Dispatch('DefaultPermission'); exit; } Gdn::UserModel()->AddPasswordStrength($this); // Get user data and set up form $this->GetUserInfo(); $this->Form->SetModel($this->UserModel); $this->AddDefinition('Username', $this->User->Name); if ($this->Form->AuthenticatedPostBack() === TRUE) { $this->Form->SetFormValue('UserID', $this->User->UserID); $this->UserModel->DefineSchema(); // $this->UserModel->Validation->AddValidationField('OldPassword', $this->Form->FormValues()); // No password may have been set if they have only signed in with a connect plugin if (!$this->User->HashMethod || $this->User->HashMethod == "Vanilla") { $this->UserModel->Validation->ApplyRule('OldPassword', 'Required'); $this->UserModel->Validation->ApplyRule('OldPassword', 'OldPassword', 'Your old password was incorrect.'); } $this->UserModel->Validation->ApplyRule('Password', 'Required'); $this->UserModel->Validation->ApplyRule('Password', 'Strength'); $this->UserModel->Validation->ApplyRule('Password', 'Match'); if ($this->Form->Save()) { $this->InformMessage(Sprite('Check', 'InformSprite') . T('Your password has been changed.'), 'Dismissable AutoDismiss HasSprite'); $this->Form->ClearInputs(); Logger::event('password_change', Logger::INFO, '{InsertName} changed password.'); } else { Logger::event('password_change_failure', Logger::INFO, '{InsertName} failed to change password.', array('Error' => $this->Form->ErrorString())); } } $this->Title(T('Change My Password')); $this->_SetBreadcrumbs(T('Change My Password'), '/profile/password'); $this->Render(); }