Bug 1422492: Make user enter current password if changing their username (cc3a7294) · Commits · mahara / mahara

htdocs/account/index.php

+39 −3

Original line number	Diff line number	Diff line
		@@ -79,6 +79,12 @@ if ($authobj->authname == 'internal') {
		'title' => get_string('changeusername', 'account'),
		'description' => get_string('changeusernamedesc', 'account', hsc(get_config('sitename'))),
		);
		$elements['oldpasswordchangeuser'] = array(
		'type' => 'password',
		'title' => get_string('oldpassword'),
		'help' => false,
		'autocomplete' => 'off',
		);
		}

		if (get_config('cleanurls') && get_config('cleanurlusereditable')) {
		@@ -145,7 +151,6 @@ function accountprefs_validate(Pieform $form, $values) {

		if (isset($values['oldpassword'])) {
		if ($values['oldpassword'] !== '') {
		global $USER, $authtype, $authclass;
		try {
		if (!$authobj->authenticate_user_account($USER, $values['oldpassword'])) {
		$form->set_error('oldpassword', get_string('oldpasswordincorrect', 'account'));
		@@ -165,6 +170,31 @@ function accountprefs_validate(Pieform $form, $values) {
		}
		}

		if (isset($values['username']) && $values['username'] != $USER->get('username')) {
		if (isset($values['oldpasswordchangeuser'])) {
		if ($values['oldpasswordchangeuser'] !== '') {
		try {
		if (!$authobj->authenticate_user_account($USER, $values['oldpasswordchangeuser'])) {
		$form->set_error('oldpasswordchangeuser', get_string('oldpasswordincorrect', 'account'));
		return;
		}
		}
		// propagate error correctly for User validation issues - this should
		// be catching AuthUnknownUserException and AuthInstanceException
		catch (UserException $e) {
		$form->set_error('oldpasswordchangeuser', $e->getMessage());
		return;
		}
		}
		else {
		$form->set_error('oldpasswordchangeuser', get_string('mustspecifycurrentpassword'));
		}
		}
		else {
		$form->set_error('oldpasswordchangeuser', get_string('mustspecifycurrentpassword'));
		}
		}

		if ($authobj->authname == 'internal' && $values['username'] != $USER->get('username')) {
		if (!AuthInternal::is_username_valid($values['username'])) {
		$form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
		@@ -194,7 +224,6 @@ function accountprefs_submit(Pieform $form, $values) {
		db_begin();
		$ispasswordchanged = false;
		if (isset($values['password1']) && $values['password1'] !== '') {
		global $authclass;
		$password = $authobj->change_password($USER, $values['password1']);
		$USER->password = $password;
		$USER->passwordchange = 0;
		@@ -305,6 +334,13 @@ var clearPasswords = (function($) {
		}
		}
		}(jQuery))

		$(function() {
		$('#accountprefs_oldpasswordchangeuser_container').hide();
		$('#accountprefs_username').on('change', function() {
		$('#accountprefs_oldpasswordchangeuser_container').show();
		});
		});
		EOF;

		$request = get_record('usr_pendingdeletion', 'usr', $USER->id);

htdocs/lang/en.utf8/mahara.php

+1 −0

Original line number	Diff line number	Diff line
		@@ -474,6 +474,7 @@ $string['cannotremovedefaultemail'] = 'You cannot remove your primary email addr
		$string['emailtoolong'] = 'Email addresses cannot be longer than 255 characters.';
		$string['emailinvalid'] = 'Email address invalid.';
		$string['mustspecifyoldpassword'] = 'You must specify your current password.';
		$string['mustspecifycurrentpassword'] = 'You must specify your current password to change your username.';
		$string['Site'] = 'Site';
		$string['maildisabled'] = 'Email disabled';