From 61ee2327bff6598873c61afa7b817a9802e8d320 Mon Sep 17 00:00:00 2001
From: drlippman
Date: Wed, 27 Dec 2017 12:59:26 -0800
Subject: [PATCH] Feature to force password reset on first login after manual
reset
---
actions.php | 8 +++-----
admin/actions.php | 22 +---------------------
admin/forms.php | 10 ----------
admin/importstu.php | 4 ++--
course/listusers.php | 6 +++---
forms.php | 10 ++++++++--
includes/newusercommon.php | 5 ++++-
javascript/jquery.validate.min.js | 3 +++
validate.php | 8 ++++++--
9 files changed, 30 insertions(+), 46 deletions(-)
diff --git a/actions.php b/actions.php
index 51ee0bfb1a..f0d87e1d68 100644
--- a/actions.php
+++ b/actions.php
@@ -414,7 +414,7 @@
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
- } else if ($_GET['action']=="chgpwd") {
+ } else if ($_GET['action']=="chgpwd" || $_GET['action']=="forcechgpwd") {
//DB $query = "SELECT password FROM imas_users WHERE id = '$userid'";
//DB $result = mysql_query($query) or die("Query failed : " . mysql_error());
//DB $line = mysql_fetch_array($result, MYSQL_ASSOC);
@@ -427,12 +427,10 @@
} else {
$newpw =md5($_POST['pw1']);
}
- //DB $query = "UPDATE imas_users SET password='$md5pw' WHERE id='$userid'";
- //DB mysql_query($query) or die("Query failed : " . mysql_error());
- $stm = $DBH->prepare("UPDATE imas_users SET password=:newpw WHERE id=:uid LIMIT 1");
+ $stm = $DBH->prepare("UPDATE imas_users SET password=:newpw,forcepwreset=0 WHERE id=:uid LIMIT 1");
$stm->execute(array(':uid'=>$userid, ':newpw'=>$newpw));
} else {
- echo "Password change failed. Try Again\n";
+ echo "Password change failed. Try Again\n";
echo "\n";
exit;
}
diff --git a/admin/actions.php b/admin/actions.php
index ae233f153d..5ebac77c2e 100644
--- a/admin/actions.php
+++ b/admin/actions.php
@@ -108,7 +108,7 @@
$query .= ',SID=:SID';
}
if (isset($_POST['doresetpw'])) {
- $query .= ',password=:password';
+ $query .= ',password=:password,forcepwreset=1';
}
$query .= " WHERE id=:id";
$stm = $DBH->prepare($query);
@@ -212,26 +212,6 @@
deletealluserfiles($_GET['id']);
//todo: delete courses if any
break;
- case "chgpwd":
- $stm = $DBH->prepare("SELECT password FROM imas_users WHERE id=:id");
- $stm->execute(array(':id'=>$userid));
- $line = $stm->fetch(PDO::FETCH_ASSOC);
-
- if ((md5($_POST['oldpw'])==$line['password'] || (isset($CFG['GEN']['newpasswords']) && password_verify($_POST['oldpw'], $line['password'])) ) && ($_POST['newpw1'] == $_POST['newpw2'])) {
- $md5pw =md5($_POST['newpw1']);
- if (isset($CFG['GEN']['newpasswords'])) {
- $md5pw = password_hash($_POST['newpw1'], PASSWORD_DEFAULT);
- } else {
- $md5pw = md5($_POST['newpw1']);
- }
- $stm = $DBH->prepare("UPDATE imas_users SET password=:password WHERE id=:id");
- $stm->execute(array(':password'=>$md5pw, ':id'=>$userid));
- } else {
- echo "Password change failed. Try Again\n";
- echo "\n";
- exit;
- }
- break;
case "newadmin":
if ($myrights < 75 && ($myspecialrights&16)!=16 && ($myspecialrights&32)!=32) { echo "You don't have the authority for this action"; break;}
if ($_POST['newrights']>$myrights) {
diff --git a/admin/forms.php b/admin/forms.php
index c277001b85..694bccf391 100644
--- a/admin/forms.php
+++ b/admin/forms.php
@@ -67,16 +67,6 @@
echo "
\n";
echo '';
break;
- case "chgpwd":
- echo '';
- echo "';
- break;
-
case "chgrights":
case "newadmin":
echo "