diff options
-rw-r--r-- | actions/user/password.php | 14 | ||||
-rw-r--r-- | languages/en.php | 2 | ||||
-rw-r--r-- | views/default/user/settings/password.php | 26 |
3 files changed, 37 insertions, 5 deletions
diff --git a/actions/user/password.php b/actions/user/password.php index ceb9d4585..32b27bf74 100644 --- a/actions/user/password.php +++ b/actions/user/password.php @@ -8,6 +8,7 @@ gatekeeper(); +$current_password = get_input('current_password'); $password = get_input('password'); $password2 = get_input('password2'); $user_id = get_input('guid'); @@ -19,6 +20,19 @@ if (!$user_id) { } if (($user) && ($password != "")) { + // let admin user change anyone's password without knowing it except his own. + if (!isadminloggedin() || isadminloggedin() && $user->guid == get_loggedin_userid()) { + $credentials = array( + 'username' => $user->username, + 'password' => $current_password + ); + + if (!pam_auth_userpass($credentials)) { + register_error(elgg_echo('user:password:fail:incorrect_current_password')); + forward(REFERER); + } + } + if (strlen($password) >= 4) { if ($password == $password2) { $user->salt = generate_random_cleartext_password(); // Reset the salt diff --git a/languages/en.php b/languages/en.php index 3d166789e..2a4cd7e1f 100644 --- a/languages/en.php +++ b/languages/en.php @@ -401,12 +401,14 @@ $english = array( 'user:name:fail' => "Could not change your name on the system. Please make sure your name isn't too long and try again.", 'user:set:password' => "Account password", + 'user:current_password:label' => 'Current password', 'user:password:label' => "Your new password", 'user:password2:label' => "Your new password again", 'user:password:success' => "Password changed", 'user:password:fail' => "Could not change your password on the system.", 'user:password:fail:notsame' => "The two passwords are not the same!", 'user:password:fail:tooshort' => "Password is too short!", + 'user:password:fail:incorrect_current_password' => 'The current password entered is incorrect.', 'user:resetpassword:unknown_user' => 'Invalid user.', 'user:resetpassword:reset_password_confirm' => 'Resetting your password will email a new password to your registered email address.', diff --git a/views/default/user/settings/password.php b/views/default/user/settings/password.php index ea7be401d..416e4dcef 100644 --- a/views/default/user/settings/password.php +++ b/views/default/user/settings/password.php @@ -12,15 +12,31 @@ if ($user) { ?> <div class="user_settings password"> <h3><?php echo elgg_echo('user:set:password'); ?></h3> -<p> + + <?php + // only make the admin user enter current password for changing his own password. + if (!isadminloggedin() || isadminloggedin() && $user->guid == get_loggedin_userid()) { + ?> + <p> + <?php echo elgg_echo('user:current_password:label'); ?>: + <?php + echo elgg_view('input/password', array('internalname' => 'current_password')); + ?> + </p> + <?php } ?> + + <p> <?php echo elgg_echo('user:password:label'); ?>: <?php - echo elgg_view('input/password',array('internalname' => 'password')); - ?></p><p> + echo elgg_view('input/password', array('internalname' => 'password')); + ?> + </p> + + <p> <?php echo elgg_echo('user:password2:label'); ?>: <?php - echo elgg_view('input/password',array('internalname' => 'password2')); + echo elgg_view('input/password', array('internalname' => 'password2')); ?> -</p> + </p> </div> <?php }
\ No newline at end of file |