/** * Set new password for current user. * * @since 2.0.0 * @access public */ public function password() { $this->permission('Garden.SignIn.Allow'); // Don't allow password editing if using SSO Connect ONLY. // This is for security. We encountered the case where a customer charges // for membership using their external application and use SSO to let // their customers into Vanilla. If you allow those people to change their // password in Vanilla, they will then be able to log into Vanilla using // Vanilla's login form regardless of the state of their membership in the // external app. if (c('Garden.Registration.Method') == 'Connect') { Gdn::dispatcher()->dispatch('DefaultPermission'); exit; } Gdn::userModel()->addPasswordStrength($this); // Get user data and set up form $this->getUserInfo(); $this->Form->setModel($this->UserModel); $this->addDefinition('Username', $this->User->Name); if ($this->Form->authenticatedPostBack() === true) { $this->Form->setFormValue('UserID', $this->User->UserID); $this->UserModel->defineSchema(); // $this->UserModel->Validation->AddValidationField('OldPassword', $this->Form->formValues()); // No password may have been set if they have only signed in with a connect plugin if (!$this->User->HashMethod || $this->User->HashMethod == "Vanilla") { $this->UserModel->Validation->applyRule('OldPassword', 'Required'); $this->UserModel->Validation->applyRule('OldPassword', 'OldPassword', 'Your old password was incorrect.'); } $this->UserModel->Validation->applyRule('Password', 'Required'); $this->UserModel->Validation->applyRule('Password', 'Strength'); $this->UserModel->Validation->applyRule('Password', 'Match'); if ($this->Form->save()) { $this->informMessage(sprite('Check', 'InformSprite') . t('Your password has been changed.'), 'Dismissable AutoDismiss HasSprite'); $this->Form->clearInputs(); Logger::event('password_change', Logger::INFO, '{InsertName} changed password.'); } else { Logger::event('password_change_failure', Logger::INFO, '{InsertName} failed to change password.', array('Error' => $this->Form->errorString())); } } $this->title(t('Change My Password')); $this->_setBreadcrumbs(t('Change My Password'), '/profile/password'); $this->render(); }