/** * Change the password of the current user. This must be performed over SSL. * @param string $oldPassword The new password * @param string $newPassword The old password * * @return bool * * @throws AdldapException * @throws PasswordPolicyException * @throws WrongPasswordException */ public function changePassword($oldPassword, $newPassword) { if (!$this->connection->isUsingSSL() && !$this->connection->isUsingTLS()) { $message = 'SSL or TLS must be configured on your web server and enabled to change passwords.'; throw new AdldapException($message); } $attribute = ActiveDirectory::UNICODE_PASSWORD; $this->setModification($attribute, LDAP_MODIFY_BATCH_REMOVE, Utilities::encodePassword($oldPassword)); $this->setModification($attribute, LDAP_MODIFY_BATCH_ADD, Utilities::encodePassword($newPassword)); $result = $this->save(); if ($result === false) { $error = $this->connection->getExtendedError(); if ($error) { $errorCode = $this->connection->getExtendedErrorCode(); $message = 'Error: ' . $error; if ($errorCode == '0000052D') { $message = "Error: {$errorCode}. Your new password might not match the password policy."; throw new PasswordPolicyException($message); } elseif ($errorCode == '00000056') { $message = "Error: {$errorCode}. Your old password might be wrong."; throw new WrongPasswordException($message); } throw new AdldapException($message); } else { return false; } } return $result; }
/** * Change the password of the current user. This must be performed over SSL. * * @param string $oldPassword The new password * @param string $newPassword The old password * @param bool $replaceNotRemove Alternative password change method. Set to true if you're receiving 'CONSTRAINT' * errors. * * @throws AdldapException * @throws PasswordPolicyException * @throws WrongPasswordException * * @return bool */ public function changePassword($oldPassword, $newPassword, $replaceNotRemove = false) { $connection = $this->query->getConnection(); if (!$connection->isUsingSSL() && !$connection->isUsingTLS()) { $message = 'SSL or TLS must be configured on your web server and enabled to change passwords.'; throw new AdldapException($message); } $attribute = ActiveDirectory::UNICODE_PASSWORD; if ($replaceNotRemove === true) { $replace = new BatchModification(); $replace->setAttribute($attribute); $replace->setType(LDAP_MODIFY_BATCH_REPLACE); $replace->setValues([Utilities::encodePassword($newPassword)]); $this->addModification($replace); } else { $remove = new BatchModification(); $remove->setAttribute($attribute); $remove->setType(LDAP_MODIFY_BATCH_REMOVE); $remove->setValues([Utilities::encodePassword($oldPassword)]); $add = new BatchModification(); $add->setAttribute($attribute); $add->setType(LDAP_MODIFY_BATCH_ADD); $add->setValues([Utilities::encodePassword($newPassword)]); $this->addModification($remove); $this->addModification($add); } $result = $this->update(); if ($result === false) { $error = $connection->getExtendedError(); if ($error) { $errorCode = $connection->getExtendedErrorCode(); $message = 'Error: ' . $error; if ($errorCode == '0000052D') { $message = "Error: {$errorCode}. Your new password might not match the password policy."; throw new PasswordPolicyException($message); } elseif ($errorCode == '00000056') { $message = "Error: {$errorCode}. Your old password might be wrong."; throw new WrongPasswordException($message); } throw new AdldapException($message); } else { return false; } } return $result; }