gnu-social/actions/passwordsettings.php

<?php
/**
 * StatusNet, the distributed open-source microblogging tool
 *
 * Change user password
 *
 * PHP version 5
 *
 * LICENCE: This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * @category  Settings
 * @package   StatusNet
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2008-2009 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */

if (!defined('STATUSNET')) {
    exit(1);
}

/**
 * Change password
 *
 * @category Settings
 * @package  StatusNet
 * @author   Evan Prodromou <evan@status.net>
 * @author   Zach Copley <zach@status.net>
 * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link     http://status.net/
 */
class PasswordsettingsAction extends SettingsAction
{
    /**
     * Title of the page
     *
     * @return string Title of the page
     */

    public function title()
    {
        // TRANS: Title for page where to change password.
        return _m('TITLE', 'Change password');
    }

    /**
     * Instructions for use
     *
     * @return string instructions for use
     */

    public function getInstructions()
    {
        // TRANS: Instructions for page where to change password.
        return _('Change your password.');
    }

    public function showScripts()
    {
        parent::showScripts();
        $this->autofocus('oldpassword');
    }

    public function showContent()
    {
        $this->elementStart('form', ['method' => 'POST',
                                     'id'     => 'form_password',
                                     'class'  => 'form_settings',
                                     'action' => common_local_url('passwordsettings')]);
        $this->elementStart('fieldset');
        // TRANS: Fieldset legend on page where to change password.
        $this->element('legend', null, _('Password change'));
        $this->hidden('token', common_session_token());


        $this->elementStart('ul', 'form_data');
        // Users who logged in with OpenID won't have a pwd
        if ($this->scoped->hasPassword()) {
            $this->elementStart('li');
            // TRANS: Field label on page where to change password.
            $this->password('oldpassword', _('Old password'));
            $this->elementEnd('li');
        }
        $this->elementStart('li');
        // TRANS: Field label on page where to change password.
        $this->password('newpassword', _('New password'),
                        // TRANS: Field title on page where to change password.
                        _('6 or more characters.'));
        $this->elementEnd('li');
        $this->elementStart('li');
        // TRANS: Field label on page where to change password. In this field the new password should be typed a second time.
        $this->password('confirm', _m('LABEL', 'Confirm'),
                        // TRANS: Field title on page where to change password.
                        _('Same as password above.'));
        $this->elementEnd('li');
        $this->elementEnd('ul');

        // TRANS: Button text on page where to change password.
        $this->submit('changepass', _m('BUTTON', 'Change'));

        $this->elementEnd('fieldset');
        $this->elementEnd('form');
    }

    protected function doPost()
    {
        // FIXME: scrub input

        $newpassword = $this->arg('newpassword');
        $confirm = $this->arg('confirm');

        // Some validation

        if (strlen($newpassword) < 6) {
            // TRANS: Form validation error on page where to change password.
            throw new ClientException(_('Password must be 6 or more characters.'));
        } elseif (0 != strcmp($newpassword, $confirm)) {
            // TRANS: Form validation error on password change when password confirmation does not match.
            throw new ClientException(_('Passwords do not match.'));
        }

        $oldpassword = null;
        if ($this->scoped->hasPassword()) {
            $oldpassword = $this->arg('oldpassword');

            if (!common_check_user($this->scoped->getNickname(), $oldpassword)) {
                // TRANS: Form validation error on page where to change password.
                throw new ClientException(_('Incorrect old password.'));
            }
        }

        if (Event::handle('StartChangePassword', [$this->scoped, $oldpassword, $newpassword])) {
            // no handler changed the password, so change the password internally
            $user = $this->scoped->getUser();
            $user->setPassword($newpassword);

            Event::handle('EndChangePassword', [$this->scoped]);
        }

        // TRANS: Form validation notice on page where to change password.
        return _('Password saved.');
    }
}
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`<?php`
			`/**`
change Laconica and Control Yourself to StatusNet in PHP files 2009-08-25 23:12:20 +01:00			`* StatusNet, the distributed open-source microblogging tool`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`*`
			`* Change user password`
			`*`
			`* PHP version 5`
			`*`
			`* LICENCE: This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`* @category Settings`
change Laconica and Control Yourself to StatusNet in PHP files 2009-08-25 23:12:20 +01:00			`* @package StatusNet`
change controlyourself.ca to status.net 2009-08-25 23:19:04 +01:00			`* @author Evan Prodromou <evan@status.net>`
			`* @author Zach Copley <zach@status.net>`
change Laconica and Control Yourself to StatusNet in PHP files 2009-08-25 23:12:20 +01:00			`* @copyright 2008-2009 StatusNet, Inc.`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0`
change laconi.ca to status.net 2009-08-25 23:16:46 +01:00			`* @link http://status.net/`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`*/`

Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`if (!defined('STATUSNET')) {`
			`exit(1);`
			`}`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00
			`/**`
			`* Change password`
			`*`
			`* @category Settings`
change Laconica and Control Yourself to StatusNet in PHP files 2009-08-25 23:12:20 +01:00			`* @package StatusNet`
change controlyourself.ca to status.net 2009-08-25 23:19:04 +01:00			`* @author Evan Prodromou <evan@status.net>`
			`* @author Zach Copley <zach@status.net>`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0`
change laconi.ca to status.net 2009-08-25 23:16:46 +01:00			`* @link http://status.net/`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`*/`
Make new menu the default menu There's a new menu layout in this version of the software. It was implemented as a plugin in 0.9.x to avoid clashes with existing themes, but we're going to break that compatibility in this version, so we're just going for it. This change involved moving all the changes in NewMenuPlugin into the default code that was calling it. In addition, since accountsettingsaction and connectsettingsaction differed only by menu, I removed them, changed all references to them to the settingsmenu, and moved the combined nav to its own class. Let's put that episode behind us. The CSS shim that was loaded by NewMenuPlugin for certain themes and certain actions was removed. 2011-01-23 17:35:35 +00:00			`class PasswordsettingsAction extends SettingsAction`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`{`
			`/**`
			`* Title of the page`
			`*`
			`* @return string Title of the page`
			`*/`

Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`public function title()`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`{`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Title for page where to change password.`
Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`return _m('TITLE', 'Change password');`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`}`

			`/**`
			`* Instructions for use`
			`*`
Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`* @return string instructions for use`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`*/`

Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`public function getInstructions()`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`{`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Instructions for page where to change password.`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`return _('Change your password.');`
			`}`

Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`public function showScripts()`
Created autofocus method to give focus to an element (primarily a form control) on page onload. Updated some of the pages to use autofocus. 2009-09-03 20:42:50 +01:00			`{`
			`parent::showScripts();`
			`$this->autofocus('oldpassword');`
			`}`

Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`public function showContent()`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`{`
Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`$this->elementStart('form', ['method' => 'POST',`
			`'id' => 'form_password',`
			`'class' => 'form_settings',`
			`'action' => common_local_url('passwordsettings')]);`
form_password markup and style 2009-01-21 19:56:18 +00:00			`$this->elementStart('fieldset');`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Fieldset legend on page where to change password.`
form_password markup and style 2009-01-21 19:56:18 +00:00			`$this->element('legend', null, _('Password change'));`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`$this->hidden('token', common_session_token());`

form_password markup and style 2009-01-21 19:56:18 +00:00
			`$this->elementStart('ul', 'form_data');`
Revert "Remove more contractions" This reverts commit 5ab709b73977131813884558bf56d97172a7aa26. Missed this one yesterday... 2009-11-09 19:01:46 +00:00			`// Users who logged in with OpenID won't have a pwd`
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 00:47:43 +01:00			`if ($this->scoped->hasPassword()) {`
form_password markup and style 2009-01-21 19:56:18 +00:00			`$this->elementStart('li');`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Field label on page where to change password.`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`$this->password('oldpassword', _('Old password'));`
form_password markup and style 2009-01-21 19:56:18 +00:00			`$this->elementEnd('li');`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`}`
form_password markup and style 2009-01-21 19:56:18 +00:00			`$this->elementStart('li');`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Field label on page where to change password.`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`$this->password('newpassword', _('New password'),`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Field title on page where to change password.`
* improve L10n consistency for English. For example proper punctuation for all button and label titles. * fix some i18n bugs (in-message variables). * update/add translator documentation. * remove superfluous whitespace. 2011-02-16 23:39:53 +00:00			`_('6 or more characters.'));`
form_password markup and style 2009-01-21 19:56:18 +00:00			`$this->elementEnd('li');`
			`$this->elementStart('li');`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Field label on page where to change password. In this field the new password should be typed a second time.`
Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`$this->password('confirm', _m('LABEL', 'Confirm'),`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Field title on page where to change password.`
* improve L10n consistency for English. For example proper punctuation for all button and label titles. * fix some i18n bugs (in-message variables). * update/add translator documentation. * remove superfluous whitespace. 2011-02-16 23:39:53 +00:00			`_('Same as password above.'));`
form_password markup and style 2009-01-21 19:56:18 +00:00			`$this->elementEnd('li');`
			`$this->elementEnd('ul');`

* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Button text on page where to change password.`
Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`$this->submit('changepass', _m('BUTTON', 'Change'));`
form_password markup and style 2009-01-21 19:56:18 +00:00
			`$this->elementEnd('fieldset');`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`$this->elementEnd('form');`
			`}`

PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 00:47:43 +01:00			`protected function doPost()`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`{`
			`// FIXME: scrub input`

			`$newpassword = $this->arg('newpassword');`
Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`$confirm = $this->arg('confirm');`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00
Mass replacement of #-comments with //-comments like leprous boils in our code. So, I've replaced all of them with // comments instead. It's a massive, meaningless, and potentially buggy change -- great one for the middle of a release cycle, eh? 2011-03-22 15:54:23 +00:00			`// Some validation`
Fix password settings 2009-01-28 13:55:03 +00:00
			`if (strlen($newpassword) < 6) {`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Form validation error on page where to change password.`
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 00:47:43 +01:00			`throw new ClientException(_('Password must be 6 or more characters.'));`
Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`} elseif (0 != strcmp($newpassword, $confirm)) {`
Update/add translator documentation. L10n/i18n updates. Superfluous whitespace removed. 2011-03-18 12:48:47 +00:00			`// TRANS: Form validation error on password change when password confirmation does not match.`
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 00:47:43 +01:00			`throw new ClientException(_('Passwords do not match.'));`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`}`

PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 00:47:43 +01:00			`$oldpassword = null;`
			`if ($this->scoped->hasPassword()) {`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`$oldpassword = $this->arg('oldpassword');`

PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 00:47:43 +01:00			`if (!common_check_user($this->scoped->getNickname(), $oldpassword)) {`
* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Form validation error on page where to change password.`
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 00:47:43 +01:00			`throw new ClientException(_('Incorrect old password.'));`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`}`
			`}`

Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`if (Event::handle('StartChangePassword', [$this->scoped, $oldpassword, $newpassword])) {`
			`// no handler changed the password, so change the password internally`
			`$user = $this->scoped->getUser();`
setPassword now runs validate too 2015-12-30 16:49:13 +00:00			`$user->setPassword($newpassword);`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00
Undefined user in passwordsettings by XRevan86 2019-04-27 15:15:11 +01:00			`Event::handle('EndChangePassword', [$this->scoped]);`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`}`

* update/add translator documentation. * remove superfluous whitespace. * minor updates to L10n/i18n. 2011-03-11 16:07:27 +00:00			`// TRANS: Form validation notice on page where to change password.`
PasswordsettingsAction aligned with FormAction Also made some changes in the password "munging" function call common_munge_password to accept a profile instead of user ID (which was only there because stoneage StatusNet used the ID to generate a not-very-random salt, but nowadays we primarily use AuthCrypt plugin). 2015-07-17 00:47:43 +01:00			`return _('Password saved.');`
Break up settings into two tabset Made two tabsets: account and connect. Removed "Invite" from the global nav to make room. 2009-01-17 22:30:44 +00:00			`}`
form_password markup and style 2009-01-21 19:56:18 +00:00			`}`