/**
* Sign up a new user ready for confirmation.
* Password is passed in plaintext.
*
* @param object $user new user object
* @param boolean $notify print notice with link and terminate
*/
public function user_signup($user, $notify = true)
{
global $CFG, $DB;
require_once $CFG->dirroot . '/user/profile/lib.php';
require_once $CFG->dirroot . '/user/lib.php';
$plainpassword = $user->password;
$user->password = hash_internal_user_password($user->password);
if (empty($user->calendartype)) {
$user->calendartype = $CFG->calendartype;
}
$user->id = user_create_user($user, false, false);
user_add_password_history($user->id, $plainpassword);
// Save any custom profile field information.
profile_save_data($user);
// Trigger event.
\core\event\user_created::create_from_userid($user->id)->trigger();
if (!send_confirmation_email($user)) {
print_error('auth_emailnoemail, auth_email');
}
if ($notify) {
global $CFG, $PAGE, $OUTPUT;
$emailconfirm = get_string('emailconfirm');
$PAGE->navbar->add($emailconfirm);
$PAGE->set_title($emailconfirm);
$PAGE->set_heading($PAGE->course->fullname);
echo $OUTPUT->header();
notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php");
} else {
return true;
}
}
/**
* Test that password history is deleted together with user.
*/
public function test_delete_of_hashes_on_user_delete()
{
global $DB;
$this->resetAfterTest();
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$DB->delete_records('user_password_history', array());
set_config('passwordreuselimit', 3);
user_add_password_history($user1->id, 'pokus');
user_add_password_history($user2->id, 'pokus1');
user_add_password_history($user2->id, 'pokus2');
$this->assertEquals(3, $DB->count_records('user_password_history'));
$this->assertEquals(1, $DB->count_records('user_password_history', array('userid' => $user1->id)));
$this->assertEquals(2, $DB->count_records('user_password_history', array('userid' => $user2->id)));
delete_user($user2);
$this->assertEquals(1, $DB->count_records('user_password_history'));
$this->assertEquals(1, $DB->count_records('user_password_history', array('userid' => $user1->id)));
$this->assertEquals(0, $DB->count_records('user_password_history', array('userid' => $user2->id)));
}
/**
* Sign up a new user ready for confirmation.
* Password is passed in plaintext.
*
* @param object $user new user object
* @param boolean $notify print notice with link and terminate
* @return boolean success
*/
function user_signup($user, $notify = true)
{
global $CFG, $DB, $PAGE, $OUTPUT;
require_once $CFG->dirroot . '/user/profile/lib.php';
require_once $CFG->dirroot . '/user/lib.php';
if ($this->user_exists($user->username)) {
print_error('auth_ldap_user_exists', 'auth_ldap');
}
$plainslashedpassword = $user->password;
unset($user->password);
if (!$this->user_create($user, $plainslashedpassword)) {
print_error('auth_ldap_create_error', 'auth_ldap');
}
$user->id = user_create_user($user, false, false);
user_add_password_history($user->id, $plainslashedpassword);
// Save any custom profile field information
profile_save_data($user);
$this->update_user_record($user->username);
// This will also update the stored hash to the latest algorithm
// if the existing hash is using an out-of-date algorithm (or the
// legacy md5 algorithm).
update_internal_user_password($user, $plainslashedpassword);
$user = $DB->get_record('user', array('id' => $user->id));
\core\event\user_created::create_from_userid($user->id)->trigger();
if (!send_confirmation_email($user)) {
print_error('noemail', 'auth_ldap');
}
if ($notify) {
$emailconfirm = get_string('emailconfirm');
$PAGE->set_url('/auth/ldap/auth.php');
$PAGE->navbar->add($emailconfirm);
$PAGE->set_title($emailconfirm);
$PAGE->set_heading($emailconfirm);
echo $OUTPUT->header();
notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php");
} else {
return true;
}
}
/**
* Sign up a new user ready for confirmation.
* Password is passed in plaintext.
*
* @param object $user new user object
* @param boolean $notify print notice with link and terminate
*/
function user_signup($user, $notify = true)
{
global $CFG, $DB, $SESSION;
require_once $CFG->dirroot . '/user/profile/lib.php';
require_once $CFG->dirroot . '/user/lib.php';
if (isset($SESSION->wantsurl)) {
$wantsurl = $SESSION->wantsurl;
}
$plainpassword = $user->password;
$user->password = hash_internal_user_password($user->password);
if (empty($user->calendartype)) {
$user->calendartype = $CFG->calendartype;
}
$user->confirmed = 1;
$user->id = user_create_user($user, false, false);
user_add_password_history($user->id, $plainpassword);
// Save any custom profile field information.
profile_save_data($user);
// Trigger event.
\core\event\user_created::create_from_userid($user->id)->trigger();
$thisuser = authenticate_user_login($user->username, $plainpassword, false, $errorcode);
if ($thisuser == false) {
print_error('authfailure');
} else {
complete_user_login($thisuser);
if (isset($wantsurl)) {
$urltogo = $wantsurl;
if (isset($_SESSION["fiaction"]) && isset($_SESSION["ficourseid"]) && is_numeric($_SESSION["ficourseid"]) && $_SESSION["fiaction"] == "enroll") {
$urltogo = $CFG->wwwroot . '/course/enrol.php?id=' . $_SESSION["ficourseid"];
unset($_SESSION['fiaction']);
unset($_SESSION['ficourseid']);
unset($SESSION->wantsurl);
}
} else {
$urltogo = $CFG->wwwroot . '/';
}
redirect($urltogo);
}
// if ($notify) {
// global $CFG, $PAGE, $OUTPUT;
// $emailconfirm = get_string('emailconfirm');
// $PAGE->navbar->add($emailconfirm);
// $PAGE->set_title($emailconfirm);
// $PAGE->set_heading($PAGE->course->fullname);
// echo $OUTPUT->header();
// notice(get_string('emailconfirmsent', '', $user->email), "$CFG->wwwroot/index.php");
// } else {
// return true;
// }
}
/**
* This function processes a user's submitted token to validate the request to set a new password.
* If the user's token is validated, they are prompted to set a new password.
* @param string $token the one-use identifier which should verify the password reset request as being valid.
* @return void
*/
function core_login_process_password_set($token)
{
global $DB, $CFG, $OUTPUT, $PAGE, $SESSION;
require_once $CFG->dirroot . '/user/lib.php';
$pwresettime = isset($CFG->pwresettime) ? $CFG->pwresettime : 1800;
$sql = "SELECT u.*, upr.token, upr.timerequested, upr.id as tokenid\n FROM {user} u\n JOIN {user_password_resets} upr ON upr.userid = u.id\n WHERE upr.token = ?";
$user = $DB->get_record_sql($sql, array($token));
$forgotpasswordurl = "{$CFG->httpswwwroot}/login/forgot_password.php";
if (empty($user) or $user->timerequested < time() - $pwresettime - DAYSECS) {
// There is no valid reset request record - not even a recently expired one.
// (suspicious)
// Direct the user to the forgot password page to request a password reset.
echo $OUTPUT->header();
notice(get_string('noresetrecord'), $forgotpasswordurl);
die;
// Never reached.
}
if ($user->timerequested < time() - $pwresettime) {
// There is a reset record, but it's expired.
// Direct the user to the forgot password page to request a password reset.
$pwresetmins = floor($pwresettime / MINSECS);
echo $OUTPUT->header();
notice(get_string('resetrecordexpired', '', $pwresetmins), $forgotpasswordurl);
die;
// Never reached.
}
if ($user->auth === 'nologin' or !is_enabled_auth($user->auth)) {
// Bad luck - user is not able to login, do not let them set password.
echo $OUTPUT->header();
print_error('forgotteninvalidurl');
die;
// Never reached.
}
// Check this isn't guest user.
if (isguestuser($user)) {
print_error('cannotresetguestpwd');
}
// Token is correct, and unexpired.
$mform = new login_set_password_form(null, $user, 'post', '', 'autocomplete="yes"');
$data = $mform->get_data();
if (empty($data)) {
// User hasn't submitted form, they got here directly from email link.
// Next, display the form.
$setdata = new stdClass();
$setdata->username = $user->username;
$setdata->username2 = $user->username;
$setdata->token = $user->token;
$mform->set_data($setdata);
$PAGE->verify_https_required();
echo $OUTPUT->header();
echo $OUTPUT->box(get_string('setpasswordinstructions'), 'generalbox boxwidthnormal boxaligncenter');
$mform->display();
echo $OUTPUT->footer();
return;
} else {
// User has submitted form.
// Delete this token so it can't be used again.
$DB->delete_records('user_password_resets', array('id' => $user->tokenid));
$userauth = get_auth_plugin($user->auth);
if (!$userauth->user_update_password($user, $data->password)) {
print_error('errorpasswordupdate', 'auth');
}
user_add_password_history($user->id, $data->password);
if (!empty($CFG->passwordchangelogout)) {
\core\session\manager::kill_user_sessions($user->id, session_id());
}
// Reset login lockout (if present) before a new password is set.
login_unlock_account($user);
// Clear any requirement to change passwords.
unset_user_preference('auth_forcepasswordchange', $user);
unset_user_preference('create_password', $user);
if (!empty($user->lang)) {
// Unset previous session language - use user preference instead.
unset($SESSION->lang);
}
complete_user_login($user);
// Triggers the login event.
\core\session\manager::apply_concurrent_login_limit($user->id, session_id());
$urltogo = core_login_get_return_url();
unset($SESSION->wantsurl);
redirect($urltogo, get_string('passwordset'), 1);
}
}
$mform = new login_change_password_form();
$mform->set_data(array('id'=>$course->id));
$navlinks = array();
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
if ($mform->is_cancelled()) {
redirect($CFG->wwwroot.'/user/preferences.php?userid='.$USER->id.'&course='.$course->id);
} else if ($data = $mform->get_data()) {
if (!$userauth->user_update_password($USER, $data->newpassword1)) {
print_error('errorpasswordupdate', 'auth');
}
user_add_password_history($USER->id, $data->newpassword1);
if (!empty($CFG->passwordchangelogout)) {
\core\session\manager::kill_user_sessions($USER->id, session_id());
}
// Reset login lockout - we want to prevent any accidental confusion here.
login_unlock_account($USER);
// register success changing password
unset_user_preference('auth_forcepasswordchange', $USER);
unset_user_preference('create_password', $USER);
$strpasswordchanged = get_string('passwordchanged');
$fullname = fullname($USER, true);
/**
* Update details for the current user
* Password is passed in plaintext.
*
* @param object $user current user object
* @param boolean $notify print notice with link and terminate
*/
public function user_update_details($user)
{
global $CFG, $DB, $USER;
require_once $CFG->dirroot . '/user/profile/lib.php';
require_once $CFG->dirroot . '/user/lib.php';
if ($user->password == $user->confirmpassword and !empty($user->password)) {
$plainpassword = $user->password;
echo $plainpassword;
$user->password = hash_internal_user_password($user->password);
$this->user_update_password($user, $user->password);
user_add_password_history($user->id, $plainpassword);
}
if (empty($user->calendartype)) {
$user->calendartype = $CFG->calendartype;
}
try {
$transaction = $DB->start_delegated_transaction();
user_update_user($user, false, false);
$user->profile_field_yearlevel = empty($user->profile_field_yearlevel) ? 'N/A' : $user->profile_field_yearlevel;
$user->profile_field_yearofbirth = empty($user->profile_field_yearofbirth) ? 'N/A' : $user->profile_field_yearofbirth;
$user->profile_field_whereareyoufrom = empty($user->profile_field_whereareyoufrom) ? 'Perth' : $user->profile_field_whereareyoufrom;
$USER->profile['yearlevel'] = $user->profile_field_yearlevel;
$USER->profile['yearofbirth'] = $user->profile_field_yearofbirth;
$USER->profile['whereareyoufrom'] = $user->profile_field_whereareyoufrom;
profile_save_data($user);
// Trigger event.
\core\event\user_updated::create_from_userid($user->id)->trigger();
// Assuming the both inserts work, we get to the following line.
$transaction->allow_commit();
} catch (Exception $e) {
$transaction->rollback($e);
return false;
}
return $this->update_user_session($user);
}
