/**
* Save password form
*
*/
public function savePassword()
{
global $tpl, $lng, $ilCtrl, $ilUser, $ilSetting;
// normally we should not end up here
if (!$this->allowPasswordChange()) {
$ilCtrl->redirect($this, "showPersonalData");
return;
}
$this->initPasswordForm();
if ($this->form->checkInput()) {
$cp = $this->form->getItemByPostVar("current_password");
$np = $this->form->getItemByPostVar("new_password");
$error = false;
// The old password needs to be checked for verification
// unless the user uses Shibboleth authentication with additional
// local authentication for WebDAV.
#if ($ilUser->getAuthMode(true) != AUTH_SHIBBOLETH || ! $ilSetting->get("shib_auth_allow_local"))
if ($ilUser->getAuthMode(true) == AUTH_LOCAL) {
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
if (!ilUserPasswordManager::getInstance()->verifyPassword($ilUser, ilUtil::stripSlashes($_POST['current_password']))) {
$error = true;
$cp->setAlert($this->lng->txt('passwd_wrong'));
}
}
// select password from auto generated passwords
if ($this->ilias->getSetting("passwd_auto_generate") == 1 && !ilUtil::isPassword($_POST["new_password"])) {
$error = true;
$np->setAlert($this->lng->txt("passwd_not_selected"));
}
if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPassword($_POST["new_password"], $custom_error)) {
$error = true;
if ($custom_error != '') {
$np->setAlert($custom_error);
} else {
$np->setAlert($this->lng->txt("passwd_invalid"));
}
}
$error_lng_var = '';
if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPasswordValidForUserContext($_POST["new_password"], $ilUser, $error_lng_var)) {
ilUtil::sendFailure($this->lng->txt('form_input_not_valid'));
$np->setAlert($this->lng->txt($error_lng_var));
$error = true;
}
if ($this->ilias->getSetting("passwd_auto_generate") != 1 && ($ilUser->isPasswordExpired() || $ilUser->isPasswordChangeDemanded()) && $_POST["current_password"] == $_POST["new_password"]) {
$error = true;
$np->setAlert($this->lng->txt("new_pass_equals_old_pass"));
}
if (!$error) {
$ilUser->resetPassword($_POST["new_password"], $_POST["new_password"]);
if ($_POST["current_password"] != $_POST["new_password"]) {
$ilUser->setLastPasswordChangeToNow();
}
if (ilSession::get('orig_request_target')) {
ilUtil::sendSuccess($this->lng->txt('saved_successfully'), true);
$target = ilSession::get('orig_request_target');
ilSession::set('orig_request_target', '');
ilUtil::redirect($target);
} else {
ilUtil::sendSuccess($this->lng->txt('saved_successfully'));
$this->showPassword(true, true);
return;
}
}
}
$this->form->setValuesByPost();
$this->showPassword(true);
}
/**
* Check input, strip slashes etc. set alert, if input is not ok.
*
* @return boolean Input ok, true/false
*/
function checkInput()
{
global $lng;
$_POST[$this->getPostVar()] = ilUtil::stripSlashes($_POST[$this->getPostVar()]);
$_POST[$this->getPostVar() . "_retype"] = ilUtil::stripSlashes($_POST[$this->getPostVar() . "_retype"]);
if ($this->getRequired() && trim($_POST[$this->getPostVar()]) == "") {
$this->setAlert($lng->txt("msg_input_is_required"));
return false;
}
if ($this->getValidateAuthPost() != "") {
$auth = ilAuthUtils::_getAuthMode($_POST[$this->getValidateAuthPost()]);
// check, if password is required dependent on auth mode
if ($this->getRequiredOnAuth() && ilAuthUtils::_allowPasswordModificationByAuthMode($auth) && trim($_POST[$this->getPostVar()]) == "") {
$this->setAlert($lng->txt("form_password_required_for_auth"));
return false;
}
// check, if password is allowed to be set for given auth mode
if (trim($_POST[$this->getPostVar()]) != "" && !ilAuthUtils::_allowPasswordModificationByAuthMode($auth)) {
$this->setAlert($lng->txt("form_password_not_allowed_for_auth"));
return false;
}
}
if ($this->getRetype() && !$this->getPreSelection() && $_POST[$this->getPostVar()] != $_POST[$this->getPostVar() . "_retype"]) {
$this->setAlert($lng->txt("passwd_not_match"));
return false;
}
if (!$this->getSkipSyntaxCheck() && !ilUtil::isPassword($_POST[$this->getPostVar()], $custom_error) && $_POST[$this->getPostVar()] != "") {
if ($custom_error != '') {
$this->setAlert($custom_error);
} else {
$this->setAlert($lng->txt("passwd_invalid"));
}
return false;
}
return $this->checkSubItemsInput();
}
/** Reads the submitted data from the password assistance form.
*
* The following form fields are read as HTTP POST parameters:
* key
* username
* password1
* password2
*
* The key is used to retrieve the password assistance session.
* If the key is missing, or if the password assistance session has expired, the
* password assistance form will be shown instead of this form.
*
* If the password assistance session is valid, and if the username matches the
* username, for which the password assistance has been requested, and if the
* new password is valid, ILIAS assigns the password to the user.
*
* Note: To prevent replay attacks, the session is deleted when the
* password has been assigned successfully.
*/
function submitAssignPasswordForm()
{
global $tpl, $ilias, $lng, $rbacadmin, $rbacreview;
require_once "include/inc.pwassist_session_handler.php";
// Retrieve form data
$pwassist_id = ilUtil::stripSlashes($_POST["key"]);
$username = ilUtil::stripSlashes($_POST["username"]);
$password1 = ilUtil::stripSlashes($_POST["password1"]);
$password2 = ilUtil::stripSlashes($_POST["password2"]);
// Retrieve the session
$pwassist_session = db_pwassist_session_read($pwassist_id);
if (count($pwassist_session) == 0 || $pwassist_session["expires"] < time()) {
$this->showAssistanceForm($lng->txt("pwassist_session_expired"));
} else {
$is_successful = true;
$message = "";
$userObj = new ilObjUser($pwassist_session["user_id"]);
// Validate the entries of the user
// ----------------------------------
// check if the user still exists
if ($userObj == null) {
$message = $lng->txt("user_does_not_exist");
$is_successful = false;
}
// check if the username entered by the user matches the
// one of the user object.
if ($is_successful && strcasecmp($userObj->getLogin(), $username) != 0) {
$message = $lng->txt("pwassist_login_not_match");
$is_successful = false;
}
// check if the user entered the password correctly into the
// two entry fields.
if ($is_successful && $password1 != $password2) {
$message = $lng->txt("passwd_not_match");
$is_successful = false;
}
// validate the password
if ($is_successful && !ilUtil::isPassword($password1)) {
$message = $lng->txt("passwd_invalid");
$is_successful = false;
}
// End of validation
// If the validation was successful, we change the password of the
// user.
// ------------------
if ($is_successful) {
$is_successful = $userObj->resetPassword($password1, $password2);
if (!$is_successful) {
$message = $lng->txt("passwd_invalid");
}
}
// If we are successful so far, we update the user object.
// ------------------
if ($is_successful) {
$is_successfull = $userObj->update();
if (!$is_successful) {
$message = $lng->txt("update_error");
}
}
// If we are successful, we destroy the password assistance
// session and redirect to the login page.
// Else we display the form again along with an error message.
// ------------------
if ($is_successful) {
db_pwassist_session_destroy($pwassist_id);
$this->showMessageForm(null, sprintf($lng->txt("pwassist_password_assigned"), $username));
} else {
$this->showAssignPasswordForm($message, $username, $password1, $password2, $pwassist_id);
}
}
}
function __validateUserData(&$user_data, $check_complete = true)
{
global $lng, $styleDefinition, $ilLog;
$this->__setMessage('');
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
$allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($user_data['auth_mode']));
if ($check_complete) {
if (!isset($user_data['login'])) {
$this->__appendMessage('No login given.');
}
if (!isset($user_data['passwd']) and !$allow_empty_password) {
$this->__appendMessage('No password given.');
}
if (!isset($user_data['email'])) {
$this->__appendMessage('No email given');
}
if (!isset($user_data['user_language'])) {
$user_data['user_language'] = $lng->getDefaultLanguage();
}
}
foreach ($user_data as $field => $value) {
switch ($field) {
case 'login':
if (!ilUtil::isLogin($value)) {
$this->__appendMessage('Login invalid.');
}
// check loginname
if ($check_complete) {
if (ilObjUser::_loginExists($value)) {
$this->__appendMessage('Login already exists.');
}
}
break;
case 'passwd':
if (!strlen($value) and $allow_empty_password) {
break;
}
if (!ilUtil::isPassword($value)) {
$this->__appendMessage('Password invalid.');
}
break;
case 'email':
if (!ilUtil::is_email($value)) {
$this->__appendMessage('Email invalid.');
}
break;
case 'time_limit_unlimited':
if ($value != 1) {
if ($user_data['time_limit_from'] >= $user_data['time_limit_until']) {
$this->__appendMessage('Time limit invalid');
}
}
break;
case 'user_language':
$lang_inst = $lng->getInstalledLanguages();
if (!in_array($user_data['user_language'], $lang_inst)) {
$this->__appendMessage('Language: ' . $user_data['user_language'] . ' is not installed');
}
break;
case 'user_skin':
case 'user_style':
if ($user_data['user_skin'] and !$user_data['user_style'] or !$user_data['user_skin'] and $user_data['user_style']) {
$this->__appendMessage('user_skin, user_style not valid.');
} elseif ($user_data['user_skin'] and $user_data['user_style']) {
$ok = false;
$templates = $styleDefinition->getAllTemplates();
if (count($templates) > 0 && is_array($templates)) {
foreach ($templates as $template) {
$styleDef =& new ilStyleDefinition($template["id"]);
$styleDef->startParsing();
$styles = $styleDef->getStyles();
foreach ($styles as $style) {
if ($user_data['user_skin'] == $template["id"] && $user_data['user_style'] == $style["id"]) {
$ok = true;
}
}
}
if (!$ok) {
$this->__appendMessage('user_skin, user_style not valid.');
}
}
}
break;
case 'time_limit_owner':
$type = ilObject::_lookupType($user_data['time_limit_owner'], true);
if ($type != 'cat' and $type != 'usrf') {
$this->__appendMessage('time_limit_owner must be ref_id of category or user folder' . $type);
}
break;
default:
continue;
}
}
return strlen($this->__getMessage()) ? false : true;
}
/**
* Does input checks and updates a user account if everything is fine.
* @access public
*/
function updateObjectOld()
{
global $ilias, $rbacsystem, $rbacadmin, $ilUser;
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
//load ILIAS settings
$settings = $ilias->getAllSettings();
// User folder
if ($this->usrf_ref_id == USER_FOLDER_ID and !$rbacsystem->checkAccess('visible,read,write', $this->usrf_ref_id)) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE);
}
// if called from local administration $this->usrf_ref_id is category id
// Todo: this has to be fixed. Do not mix user folder id and category id
if ($this->usrf_ref_id != USER_FOLDER_ID) {
// check if user is assigned to category
if (!$rbacsystem->checkAccess('cat_administrate_users', $this->object->getTimeLimitOwner())) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE);
}
}
foreach ($_POST["Fobject"] as $key => $val) {
$_POST["Fobject"][$key] = ilUtil::stripSlashes($val);
}
// check dynamically required fields
foreach ($settings as $key => $val) {
$field = substr($key, 8);
switch ($field) {
case 'passwd':
case 'passwd2':
if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
$require_keys[] = $field;
}
break;
default:
$require_keys[] = $field;
break;
}
}
foreach ($require_keys as $key => $val) {
// exclude required system and registration-only fields
$system_fields = array("default_role");
if (!in_array($val, $system_fields)) {
if (isset($settings["require_" . $val]) && $settings["require_" . $val]) {
if (empty($_POST["Fobject"][$val])) {
$this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt($val), $this->ilias->error_obj->MESSAGE);
}
}
}
}
if (!$this->__checkUserDefinedRequiredFields()) {
$this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"), $this->ilias->error_obj->MESSAGE);
}
// validate login
if ($this->object->getLogin() != $_POST["Fobject"]["login"] && !ilUtil::isLogin($_POST["Fobject"]["login"])) {
$this->ilias->raiseError($this->lng->txt("login_invalid"), $this->ilias->error_obj->MESSAGE);
}
// check loginname
if (ilObjUser::_loginExists($_POST["Fobject"]["login"], $this->id)) {
$this->ilias->raiseError($this->lng->txt("login_exists"), $this->ilias->error_obj->MESSAGE);
}
if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
if ($_POST['Fobject']['passwd'] == "********" and !strlen($this->object->getPasswd())) {
$this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt('password'), $this->ilias->error_obj->MESSAGE);
}
// check passwords
if ($_POST["Fobject"]["passwd"] != $_POST["Fobject"]["passwd2"]) {
$this->ilias->raiseError($this->lng->txt("passwd_not_match"), $this->ilias->error_obj->MESSAGE);
}
// validate password
if (!ilUtil::isPassword($_POST["Fobject"]["passwd"])) {
$this->ilias->raiseError($this->lng->txt("passwd_invalid"), $this->ilias->error_obj->MESSAGE);
}
} else {
// Password will not be changed...
$_POST['Fobject']['passwd'] = "********";
}
if (ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
if (!strlen($_POST['Fobject']['ext_account'])) {
$this->ilias->raiseError($this->lng->txt('ext_acccount_required'), $this->ilias->error_obj->MESSAGE);
}
}
if ($_POST['Fobject']['ext_account'] && ($elogin = ilObjUser::_checkExternalAuthAccount($_POST['Fobject']['auth_mode'], $_POST['Fobject']['ext_account']))) {
if ($elogin != $this->object->getLogin()) {
$this->ilias->raiseError(sprintf($this->lng->txt("err_auth_ext_user_exists"), $_POST["Fobject"]["ext_account"], $_POST['Fobject']['auth_mode'], $elogin), $this->ilias->error_obj->MESSAGE);
}
}
// The password type is not passed with the post data. Therefore we
// append it here manually.
include_once './Services/User/classes/class.ilObjUser.php';
$_POST["Fobject"]["passwd_type"] = IL_PASSWD_PLAIN;
// validate email
if (strlen($_POST['Fobject']['email']) and !ilUtil::is_email($_POST["Fobject"]["email"])) {
$this->ilias->raiseError($this->lng->txt("email_not_valid"), $this->ilias->error_obj->MESSAGE);
}
$start = $this->__toUnix($_POST["time_limit"]["from"]);
$end = $this->__toUnix($_POST["time_limit"]["until"]);
// validate time limit
if (!$_POST["time_limit"]["unlimited"] and $start > $end) {
$this->ilias->raiseError($this->lng->txt("time_limit_not_valid"), $this->ilias->error_obj->MESSAGE);
}
if (!$this->ilias->account->getTimeLimitUnlimited()) {
if ($start < $this->ilias->account->getTimeLimitFrom() or $end > $this->ilias->account->getTimeLimitUntil() or $_POST['time_limit']['unlimited']) {
$_SESSION['error_post_vars'] = $_POST;
ilUtil::sendFailure($this->lng->txt('time_limit_not_within_owners'));
$this->editObject();
return false;
}
}
// TODO: check length of login and passwd
// checks passed. save user
$_POST['Fobject']['time_limit_owner'] = $this->object->getTimeLimitOwner();
$_POST['Fobject']['time_limit_unlimited'] = (int) $_POST['time_limit']['unlimited'];
$_POST['Fobject']['time_limit_from'] = $this->__toUnix($_POST['time_limit']['from']);
$_POST['Fobject']['time_limit_until'] = $this->__toUnix($_POST['time_limit']['until']);
if ($_POST['Fobject']['time_limit_unlimited'] != $this->object->getTimeLimitUnlimited() or $_POST['Fobject']['time_limit_from'] != $this->object->getTimeLimitFrom() or $_POST['Fobject']['time_limit_until'] != $this->object->getTimeLimitUntil()) {
$_POST['Fobject']['time_limit_message'] = 0;
} else {
$_POST['Fobject']['time_limit_message'] = $this->object->getTimeLimitMessage();
}
$this->object->assignData($_POST["Fobject"]);
$this->object->setUserDefinedData($_POST['udf']);
try {
$this->object->updateLogin($_POST['Fobject']['login']);
} catch (ilUserException $e) {
ilUtil::sendFailure($e->getMessage());
$this->form_gui->setValuesByPost();
return $tpl->setContent($this->form_gui->getHtml());
}
$this->object->setTitle($this->object->getFullname());
$this->object->setDescription($this->object->getEmail());
$this->object->setLanguage($_POST["Fobject"]["language"]);
//set user skin and style
$sknst = explode(":", $_POST["Fobject"]["skin_style"]);
if ($this->object->getPref("style") != $sknst[1] || $this->object->getPref("skin") != $sknst[0]) {
$this->object->setPref("skin", $sknst[0]);
$this->object->setPref("style", $sknst[1]);
}
// set hits per pages
$this->object->setPref("hits_per_page", $_POST["Fobject"]["hits_per_page"]);
// set show users online
$this->object->setPref("show_users_online", $_POST["Fobject"]["show_users_online"]);
// set hide_own_online_status
if ($_POST["Fobject"]["hide_own_online_status"]) {
$this->object->setPref("hide_own_online_status", $_POST["Fobject"]["hide_own_online_status"]);
} else {
$this->object->setPref("hide_own_online_status", "n");
}
$this->update = $this->object->update();
//$rbacadmin->updateDefaultRole($_POST["Fobject"]["default_role"], $this->object->getId());
// BEGIN DiskQuota: Remember the state of the "send info mail" checkbox
global $ilUser;
$ilUser->setPref('send_info_mails', $_POST['send_mail'] == 'y' ? 'y' : 'n');
$ilUser->writePrefs();
// END DiskQuota: Remember the state of the "send info mail" checkbox
$mail_message = $this->__sendProfileMail();
$msg = $this->lng->txt('saved_successfully') . $mail_message;
// feedback
ilUtil::sendSuccess($msg, true);
if (strtolower($_GET["baseClass"]) == 'iladministrationgui') {
$this->ctrl->redirectByClass("ilobjuserfoldergui", "view");
} else {
$this->ctrl->redirectByClass('ilobjcategorygui', 'listUsers');
}
}
/**
* Save password form
*
*/
public function savePassword()
{
global $tpl, $lng, $ilCtrl, $ilUser, $ilSetting;
// normally we should not end up here
if (!$this->allowPasswordChange()) {
$ilCtrl->redirect($this, "showPersonalData");
return;
}
$this->initPasswordForm();
if ($this->form->checkInput()) {
$cp = $this->form->getItemByPostVar("current_password");
$np = $this->form->getItemByPostVar("new_password");
$error = false;
// The old password needs to be checked for verification
// unless the user uses Shibboleth authentication with additional
// local authentication for WebDAV.
#if ($ilUser->getAuthMode(true) != AUTH_SHIBBOLETH || ! $ilSetting->get("shib_auth_allow_local"))
if ($ilUser->getAuthMode(true) == AUTH_LOCAL) {
// check current password
if (md5($_POST["current_password"]) != $ilUser->getPasswd() and $ilUser->getPasswd()) {
$error = true;
$cp->setAlert($this->lng->txt("passwd_wrong"));
}
}
// select password from auto generated passwords
if ($this->ilias->getSetting("passwd_auto_generate") == 1 && !ilUtil::isPassword($_POST["new_password"])) {
$error = true;
$np->setAlert($this->lng->txt("passwd_not_selected"));
}
if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPassword($_POST["new_password"], $custom_error)) {
$error = true;
if ($custom_error != '') {
$np->setAlert($custom_error);
} else {
$np->setAlert($this->lng->txt("passwd_invalid"));
}
}
if ($this->ilias->getSetting("passwd_auto_generate") != 1 && ($ilUser->isPasswordExpired() || $ilUser->isPasswordChangeDemanded()) && $_POST["current_password"] == $_POST["new_password"]) {
$error = true;
$np->setAlert($this->lng->txt("new_pass_equals_old_pass"));
}
if (!$error) {
ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
$ilUser->resetPassword($_POST["new_password"], $_POST["new_password"]);
if ($_POST["current_password"] != $_POST["new_password"]) {
$ilUser->setLastPasswordChangeToNow();
}
$ilCtrl->redirect($this, "showPassword");
}
}
$this->form->setValuesByPost();
$this->showPassword(true);
}
/**
* change user password
*/
function changeFeedSettings()
{
global $ilCtrl, $lng, $ilUser;
// Deactivate private Feed - just delete the password
if (empty($_POST["enable_private_feed"])) {
ilUtil::sendSuccess($lng->txt("priv_feed_disabled"), true);
$ilUser->_setFeedPass($_SESSION["AccountId"], "");
$ilCtrl->returnToParent($this);
} else {
// check old password
if ($_POST["desired_password"] != $_POST["retype_password"]) {
ilUtil::sendFailure($lng->txt("passwd_not_match"), true);
$ilCtrl->redirectByClass("ilPDNewsBlockGUI", "editSettings");
} else {
if (!ilUtil::isPassword($_POST["desired_password"])) {
ilUtil::sendFailure($lng->txt("passwd_invalid"), true);
$ilCtrl->redirectByClass("ilPDNewsBlockGUI", "editSettings");
} else {
if (md5($_POST["desired_password"]) == $ilUser->getPasswd()) {
ilUtil::sendFailure($lng->txt("passwd_equals_ilpasswd"), true);
$ilCtrl->redirectByClass("ilPDNewsBlockGUI", "editSettings");
} else {
if ($_POST["desired_password"] != "") {
ilUtil::sendSuccess($lng->txt("saved_successfully"), true);
$ilUser->_setFeedPass($_SESSION["AccountId"], $_POST["desired_password"]);
$ilCtrl->returnToParent($this);
}
}
}
}
}
}
