/**
* Change the password of the current user. This must be performed over SSL.
* @param string $oldPassword The new password
* @param string $newPassword The old password
*
* @return bool
*
* @throws AdldapException
* @throws PasswordPolicyException
* @throws WrongPasswordException
*/
public function changePassword($oldPassword, $newPassword)
{
if (!$this->connection->isUsingSSL() && !$this->connection->isUsingTLS()) {
$message = 'SSL or TLS must be configured on your web server and enabled to change passwords.';
throw new AdldapException($message);
}
$attribute = ActiveDirectory::UNICODE_PASSWORD;
$this->setModification($attribute, LDAP_MODIFY_BATCH_REMOVE, Utilities::encodePassword($oldPassword));
$this->setModification($attribute, LDAP_MODIFY_BATCH_ADD, Utilities::encodePassword($newPassword));
$result = $this->save();
if ($result === false) {
$error = $this->connection->getExtendedError();
if ($error) {
$errorCode = $this->connection->getExtendedErrorCode();
$message = 'Error: ' . $error;
if ($errorCode == '0000052D') {
$message = "Error: {$errorCode}. Your new password might not match the password policy.";
throw new PasswordPolicyException($message);
} elseif ($errorCode == '00000056') {
$message = "Error: {$errorCode}. Your old password might be wrong.";
throw new WrongPasswordException($message);
}
throw new AdldapException($message);
} else {
return false;
}
}
return $result;
}
/**
* Change the password of the current user. This must be performed over SSL.
*
* @param string $oldPassword The new password
* @param string $newPassword The old password
* @param bool $replaceNotRemove Alternative password change method. Set to true if you're receiving 'CONSTRAINT'
* errors.
*
* @throws AdldapException
* @throws PasswordPolicyException
* @throws WrongPasswordException
*
* @return bool
*/
public function changePassword($oldPassword, $newPassword, $replaceNotRemove = false)
{
$connection = $this->query->getConnection();
if (!$connection->isUsingSSL() && !$connection->isUsingTLS()) {
$message = 'SSL or TLS must be configured on your web server and enabled to change passwords.';
throw new AdldapException($message);
}
$attribute = ActiveDirectory::UNICODE_PASSWORD;
if ($replaceNotRemove === true) {
$replace = new BatchModification();
$replace->setAttribute($attribute);
$replace->setType(LDAP_MODIFY_BATCH_REPLACE);
$replace->setValues([Utilities::encodePassword($newPassword)]);
$this->addModification($replace);
} else {
$remove = new BatchModification();
$remove->setAttribute($attribute);
$remove->setType(LDAP_MODIFY_BATCH_REMOVE);
$remove->setValues([Utilities::encodePassword($oldPassword)]);
$add = new BatchModification();
$add->setAttribute($attribute);
$add->setType(LDAP_MODIFY_BATCH_ADD);
$add->setValues([Utilities::encodePassword($newPassword)]);
$this->addModification($remove);
$this->addModification($add);
}
$result = $this->update();
if ($result === false) {
$error = $connection->getExtendedError();
if ($error) {
$errorCode = $connection->getExtendedErrorCode();
$message = 'Error: ' . $error;
if ($errorCode == '0000052D') {
$message = "Error: {$errorCode}. Your new password might not match the password policy.";
throw new PasswordPolicyException($message);
} elseif ($errorCode == '00000056') {
$message = "Error: {$errorCode}. Your old password might be wrong.";
throw new WrongPasswordException($message);
}
throw new AdldapException($message);
} else {
return false;
}
}
return $result;
}
