From 61ee2327bff6598873c61afa7b817a9802e8d320 Mon Sep 17 00:00:00 2001
From: drlippman <drlippman@yahoo.com>
Date: Wed, 27 Dec 2017 12:59:26 -0800
Subject: [PATCH] Feature to force password reset on first login after manual
 reset

---
 actions.php                       |  8 +++-----
 admin/actions.php                 | 22 +---------------------
 admin/forms.php                   | 10 ----------
 admin/importstu.php               |  4 ++--
 course/listusers.php              |  6 +++---
 forms.php                         | 10 ++++++++--
 includes/newusercommon.php        |  5 ++++-
 javascript/jquery.validate.min.js |  3 +++
 validate.php                      |  8 ++++++--
 9 files changed, 30 insertions(+), 46 deletions(-)

diff --git a/actions.php b/actions.php
index 51ee0bfb1a..f0d87e1d68 100644
--- a/actions.php
+++ b/actions.php
@@ -414,7 +414,7 @@
 			setcookie(session_name(), '', time()-42000, '/');
 		}
 		session_destroy();
-	} else if ($_GET['action']=="chgpwd") {
+	} else if ($_GET['action']=="chgpwd" || $_GET['action']=="forcechgpwd") {
 		//DB $query = "SELECT password FROM imas_users WHERE id = '$userid'";
 		//DB $result = mysql_query($query) or die("Query failed : " . mysql_error());
 		//DB $line = mysql_fetch_array($result, MYSQL_ASSOC);
@@ -427,12 +427,10 @@
 			} else {
 				$newpw =md5($_POST['pw1']);
 			}
-			//DB $query = "UPDATE imas_users SET password='$md5pw' WHERE id='$userid'";
-			//DB mysql_query($query) or die("Query failed : " . mysql_error());
-			$stm = $DBH->prepare("UPDATE imas_users SET password=:newpw WHERE id=:uid LIMIT 1");
+			$stm = $DBH->prepare("UPDATE imas_users SET password=:newpw,forcepwreset=0 WHERE id=:uid LIMIT 1");
 			$stm->execute(array(':uid'=>$userid, ':newpw'=>$newpw));
 		} else {
-			echo "<html><body>Password change failed.  <A HREF=\"forms.php?action=chgpwd$gb\">Try Again</a>\n";
+			echo "<html><body>Password change failed.  <a href=\"forms.php?action=".Sanitize::simpleString($_GET['action']).$gb."\">Try Again</a>\n";
 			echo "</body></html>\n";
 			exit;
 		}
diff --git a/admin/actions.php b/admin/actions.php
index ae233f153d..5ebac77c2e 100644
--- a/admin/actions.php
+++ b/admin/actions.php
@@ -108,7 +108,7 @@
 				$query .= ',SID=:SID';
 			}
 			if (isset($_POST['doresetpw'])) {
-				$query .= ',password=:password';
+				$query .= ',password=:password,forcepwreset=1';
 			}
 			$query .= " WHERE id=:id";
 			$stm = $DBH->prepare($query);
@@ -212,26 +212,6 @@
 		deletealluserfiles($_GET['id']);
 		//todo: delete courses if any
 		break;
-	case "chgpwd":
-		$stm = $DBH->prepare("SELECT password FROM imas_users WHERE id=:id");
-		$stm->execute(array(':id'=>$userid));
-		$line = $stm->fetch(PDO::FETCH_ASSOC);
-
-		if ((md5($_POST['oldpw'])==$line['password'] || (isset($CFG['GEN']['newpasswords']) && password_verify($_POST['oldpw'], $line['password'])) ) && ($_POST['newpw1'] == $_POST['newpw2'])) {
-			$md5pw =md5($_POST['newpw1']);
-			if (isset($CFG['GEN']['newpasswords'])) {
-				$md5pw = password_hash($_POST['newpw1'], PASSWORD_DEFAULT);
-			} else {
-				$md5pw = md5($_POST['newpw1']);
-			}
-			$stm = $DBH->prepare("UPDATE imas_users SET password=:password WHERE id=:id");
-			$stm->execute(array(':password'=>$md5pw, ':id'=>$userid));
-		} else {
-			echo "<HTML><body>Password change failed.  <A HREF=\"forms.php?action=chgpwd\">Try Again</a>\n";
-			echo "</body></html>\n";
-			exit;
-		}
-		break;
 	case "newadmin":
 		if ($myrights < 75 && ($myspecialrights&16)!=16 && ($myspecialrights&32)!=32) { echo "You don't have the authority for this action"; break;}
 		if ($_POST['newrights']>$myrights) {
diff --git a/admin/forms.php b/admin/forms.php
index c277001b85..694bccf391 100644
--- a/admin/forms.php
+++ b/admin/forms.php
@@ -67,16 +67,6 @@
 		echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='".Sanitize::encodeStringForJavascript($backloc)."'\"></p>\n";
 		echo '</form>';
 		break;
-	case "chgpwd":
-		echo '<div id="headerforms" class="pagetitle"><h2>Change Your Password</h2></div>';
-		echo "<form method=post action=\"actions.php?from=".Sanitize::encodeUrlParam($from)."\">\n";
-		echo '<input type=hidden name=action value="chgpwd" />';
-		echo "<span class=form>Enter old password:</span>  <input class=form type=password name=oldpw size=40> <BR class=form>\n";
-		echo "<span class=form>Enter new password:</span> <input class=form type=password name=newpw1 size=40> <BR class=form>\n";
-		echo "<span class=form>Verify new password:</span>  <input class=form type=password name=newpw2 size=40> <BR class=form>\n";
-		echo '<div class=submit><button type=submit name="action" value="chgpwd">'._('Save').'</button></div></form>';
-		break;
-
 	case "chgrights":
 	case "newadmin":
 		echo "<form method=post id=userform class=limitaftervalidate action=\"actions.php?from=".Sanitize::encodeUrlParam($from);
diff --git a/admin/importstu.php b/admin/importstu.php
index d51b8d396d..34d85ef11b 100644
--- a/admin/importstu.php
+++ b/admin/importstu.php
@@ -175,7 +175,7 @@ function parsecsv($data) {
 				//DB $query = "INSERT INTO imas_users (SID,FirstName,LastName,email,rights,password) VALUES ('$arr[0]','$arr[1]','$arr[2]','$arr[3]',10,'$pw')";
 				//DB mysql_query($query) or die("Query failed : " . mysql_error());
 				//DB $id = mysql_insert_id();
-				$stm = $DBH->prepare("INSERT INTO imas_users (SID,FirstName,LastName,email,rights,password) VALUES (:SID, :FirstName, :LastName, :email, :rights, :password)");
+				$stm = $DBH->prepare("INSERT INTO imas_users (SID,FirstName,LastName,email,rights,password,forcepwreset) VALUES (:SID, :FirstName, :LastName, :email, :rights, :password, 1)");
 				$stm->execute(array(':SID'=>$arr[0], ':FirstName'=>$arr[1], ':LastName'=>$arr[2], ':email'=>$arr[3], ':rights'=>10, ':password'=>$pw));
 				$id = $DBH->lastInsertId();
 			}
@@ -328,7 +328,7 @@ function parsecsv($data) {
 ?>
 			</tbody>
 			</table>
-
+ 
 <?php
 		foreach($_POST as $k=>$v) {
 			echo "<input type=hidden name=\"" . Sanitize::encodeStringForDisplay($k) . "\" value=\"".Sanitize::encodeStringForDisplay($v)."\">\n";
diff --git a/course/listusers.php b/course/listusers.php
index 4fba31cf08..0cd17cf9d0 100644
--- a/course/listusers.php
+++ b/course/listusers.php
@@ -204,8 +204,8 @@
 				//DB $query .= "VALUES ('{$_POST['SID']}','$md5pw',10,'{$_POST['firstname']}','{$_POST['lastname']}','{$_POST['email']}',0);";
 				//DB mysql_query($query) or die("Query failed : " . mysql_error());
 				//DB $newuserid = mysql_insert_id();
-				$query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify) ";
-				$query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :msgnotify);";
+				$query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify, forcepwreset) ";
+				$query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :msgnotify, 1);";
 				$stm = $DBH->prepare($query);
 				$stm->execute(array(':SID'=>$_POST['SID'], ':password'=>$md5pw, ':rights'=>10,
 					':FirstName'=>$_POST['firstname'], ':LastName'=>$_POST['lastname'], ':email'=>$_POST['email'], ':msgnotify'=>0));
@@ -321,7 +321,7 @@
 						$newpw = md5($_POST['pw1']);
 					}
 					//DB $query .= ",password='$newpw'";
-					$query .= ",password=:password";
+					$query .= ",password=:password,forcepwreset=1";
 					$qarr[':password'] = $newpw;
 					$msgout .= '<p>Password updated</p>';
 				}
diff --git a/forms.php b/forms.php
index 022f259760..16daa98b0a 100644
--- a/forms.php
+++ b/forms.php
@@ -94,12 +94,18 @@
 			include($studentTOS);
 		}
 		break;
+	case "forcechgpwd":
 	case "chgpwd":
-		if ($gb == '') {
+		if ($gb == '' && $_GET['action']!='forcechgpwd') {
 			echo "<div class=breadcrumb><a href=\"index.php\">Home</a> &gt; Change Password</div>\n";
 		}
 		echo '<div id="headerforms" class="pagetitle"><h2>Change Your Password</h2></div>';
-		echo "<form id=\"pageform\" class=limitaftervalidate method=post action=\"actions.php?action=chgpwd$gb\">\n";
+		if ($_GET['action']=='forcechgpwd') {
+			echo '<p>'._('To ensure the security of your account, we are requiring a password change. Please select a new password.').'</p>';
+			echo "<form id=\"pageform\" class=limitaftervalidate method=post action=\"actions.php?action=forcechgpwd$gb\">\n";
+		} else {
+			echo "<form id=\"pageform\" class=limitaftervalidate method=post action=\"actions.php?action=chgpwd$gb\">\n";
+		}
 		echo "<span class=form><label for=\"oldpw\">Enter old password:</label></span> <input class=form type=password id=oldpw name=oldpw size=40 /> <BR class=form>\n";
 		echo "<span class=form><label for=\"pw1\">Enter new password:</label></span>  <input class=form type=password id=pw1 name=pw1 size=40> <BR class=form>\n";
 		echo "<span class=form><label for=\"pw2\">Verify new password:</label></span>  <input class=form type=password id=pw2 name=pw2 size=40> <BR class=form>\n";
diff --git a/includes/newusercommon.php b/includes/newusercommon.php
index 3b1f334950..02a664d86b 100644
--- a/includes/newusercommon.php
+++ b/includes/newusercommon.php
@@ -28,10 +28,13 @@ function showNewUserValidation($formname, $extrarequired=array(), $requiredrules
         echo '"
       },
       pw1: {
-        required: '.(isset($requiredrules['pw1'])?$requiredrules['pw1']:'true').',';
+      	required: '.(isset($requiredrules['pw1'])?$requiredrules['pw1']:'true').',';
         if (isset($CFG['acct']['passwordFormat'])) {
           echo 'pattern: '.$CFG['acct']['passwordFormat'].',';
         }
+        if (in_array('oldpw', $extrarequired)) {
+        	echo 'notEqual: "#oldpw",';
+        }
         echo 'minlength: '.(isset($CFG['acct']['passwordMinlength'])?$CFG['acct']['passwordMinlength']:6).'
       },
       pw2: {
diff --git a/javascript/jquery.validate.min.js b/javascript/jquery.validate.min.js
index 44102f91bd..ec1b71c95b 100644
--- a/javascript/jquery.validate.min.js
+++ b/javascript/jquery.validate.min.js
@@ -18,3 +18,6 @@ $.validator.addMethod( "pattern", function( value, element, param ) {
 	}
 	return isok;
 }, "Invalid format." );
+$.validator.addMethod("notEqual", function(value, element, param) {
+ return this.optional(element) || value != $(param).val();
+}, "This has to be different...");
diff --git a/validate.php b/validate.php
index ec987db140..dc82951faf 100644
--- a/validate.php
+++ b/validate.php
@@ -277,7 +277,6 @@
 		 	 $stm->execute(array(':lastaccess'=>$now, ':id'=>$userid));
 		 }
 
-
 		 if (!empty($_SERVER['QUERY_STRING'])) {
        $querys = '?' . Sanitize::fullQueryString($_SERVER['QUERY_STRING']) . (isset($addtoquerystring) ? '&' . Sanitize::fullQueryString($addtoquerystring) : '');
 		 } else {
@@ -326,7 +325,7 @@
 	//$username = $_COOKIE['username'];
 	$query = "SELECT SID,rights,groupid,LastName,FirstName,deflib";
 	if (strpos(basename($_SERVER['PHP_SELF']),'upgrade.php')===false) {
-		$query .= ',listperpage,hasuserimg,theme,specialrights,FCMtoken';
+		$query .= ',listperpage,hasuserimg,theme,specialrights,FCMtoken,forcepwreset';
 	}
 	//DB $query .= " FROM imas_users WHERE id='$userid'";
 	//DB $result = mysql_query($query) or die("Query failed : " . mysql_error());
@@ -359,6 +358,11 @@
 	if (isset($sessiondata['userprefs']['usertheme']) && strcmp($sessiondata['userprefs']['usertheme'],'0')!=0) {
 		$coursetheme = $sessiondata['userprefs']['usertheme'];
 	}
+	
+	if (!empty($line['forcepwreset']) && (empty($_GET['action']) || $_GET['action']!='forcechgpwd') && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltirole']!='learner')) {
+		 header('Location: ' . $GLOBALS['basesiteurl'] . '/forms.php?action=forcechgpwd');
+		 exit;
+	}
 
 	$basephysicaldir = rtrim(dirname(__FILE__), '/\\');
 	if ($myrights==100 && (isset($_GET['debug']) || isset($sessiondata['debugmode']))) {