diff --git a/include/ajax.staff.php b/include/ajax.staff.php
index 2967eb354f122a471e336d0b8d088d31cd8c2733..54c0fed5b92dd54fa2d431eee05a872f2ab406db 100644
--- a/include/ajax.staff.php
+++ b/include/ajax.staff.php
@@ -56,7 +56,7 @@ class StaffAjaxAPI extends AjaxController {
$passwd1->addError($ex->getMessage());
}
catch (PasswordUpdateFailed $ex) {
- // TODO: Add a warning banner or crash the update
+ $errors['err'] = __('Password update failed:').' '.$ex->getMessage();
}
}
@@ -68,7 +68,7 @@ class StaffAjaxAPI extends AjaxController {
}
function changePassword($id) {
- global $ost, $thisstaff;
+ global $cfg, $ost, $thisstaff;
if (!$thisstaff)
Http::response(403, 'Agent login required');
@@ -79,17 +79,36 @@ class StaffAjaxAPI extends AjaxController {
if ($_POST && $form->isValid()) {
$clean = $form->getClean();
- try {
- $thisstaff->setPassword($clean['passwd1'], $clean['current']);
- if ($thisstaff->save())
- Http::response(201, 'Successfully updated');
- }
- catch (BadPassword $ex) {
- $passwd1 = $form->getField('passwd1');
- $passwd1->addError($ex->getMessage());
+ if (($rtoken = $_SESSION['_staff']['reset-token'])) {
+ $_config = new Config('pwreset');
+ if ($_config->get($rtoken) != $thisstaff->getId())
+ $errors['err'] =
+ __('Invalid reset token. Logout and try again');
+ elseif (!($ts = $_config->lastModified($rtoken))
+ && ($cfg->getPwResetWindow() < (time() - strtotime($ts))))
+ $errors['err'] =
+ __('Invalid reset token. Logout and try again');
}
- catch (PasswordUpdateFailed $ex) {
- // TODO: Add a warning banner or crash the update
+ if (!$errors) {
+ try {
+ $thisstaff->setPassword($clean['passwd1'], @$clean['current']);
+ if ($thisstaff->save()) {
+ if ($rtoken) {
+ $thisstaff->cancelResetTokens();
+ Http::response(200, $this->encode(array(
+ 'redirect' => 'index.php'
+ )));
+ }
+ Http::response(201, 'Successfully updated');
+ }
+ }
+ catch (BadPassword $ex) {
+ $passwd1 = $form->getField('passwd1');
+ $passwd1->addError($ex->getMessage());
+ }
+ catch (PasswordUpdateFailed $ex) {
+ $errors['err'] = __('Password update failed:').' '.$ex->getMessage();
+ }
}
}
diff --git a/include/class.staff.php b/include/class.staff.php
index 5c094e869f8a14640a5cd5227b09172ae8cf254f..b93a037a23d2ced0917ec8de06bec867c73fec3b 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -600,29 +600,6 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']=__('Valid phone number is required');
- if($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd']) {
-
- if(!$vars['passwd1'])
- $errors['passwd1']=__('New password is required');
- elseif($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2']))
- $errors['passwd2']=__('Passwords do not match');
-
- if (($rtoken = $_SESSION['_staff']['reset-token'])) {
- $_config = new Config('pwreset');
- if ($_config->get($rtoken) != $this->getId())
- $errors['err'] =
- __('Invalid reset token. Logout and try again');
- elseif (!($ts = $_config->lastModified($rtoken))
- && ($cfg->getPwResetWindow() < (time() - strtotime($ts))))
- $errors['err'] =
- __('Invalid reset token. Logout and try again');
- }
- elseif(!$vars['cpasswd'])
- $errors['cpasswd']=__('Current password is required');
- elseif(!$this->cmp_passwd($vars['cpasswd']))
- $errors['cpasswd']=__('Invalid current password!');
- }
-
if($vars['default_signature_type']=='mine' && !$vars['signature'])
$errors['default_signature_type'] = __("You don't have a signature");
@@ -894,19 +871,6 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']=__('Valid phone number is required');
- if($vars['passwd1'] || $vars['passwd2'] || !$vars['id']) {
- if($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
- $errors['passwd2']=__('Passwords do not match');
- }
- elseif ($vars['backend'] != 'local' || $vars['welcome_email']) {
- // Password can be omitted
- }
- elseif(!$vars['passwd1'] && !$vars['id']) {
- $errors['passwd1']=__('Temporary password is required');
- $errors['temppasswd']=__('Required');
- }
- }
-
if(!$vars['dept_id'])
$errors['dept_id']=__('Department is required');
if(!$vars['role_id'])
@@ -926,24 +890,6 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
}
}
- // Update the user's password if requested
- if ($vars['passwd1']) {
- try {
- $this->setPassword($vars['passwd1'], null);
- }
- catch (BadPassword $ex) {
- $errors['passwd1'] = $ex->getMessage();
- }
- catch (PasswordUpdateFailed $ex) {
- // TODO: Add a warning banner or crash the update
- }
- if (isset($vars['change_passwd']))
- $this->change_passwd = 1;
- }
- elseif (!isset($vars['change_passwd'])) {
- $this->change_passwd = 0;
- }
-
// Update some things for ::updateAccess to inspect
$this->setDepartmentId($vars['dept_id']);
@@ -1166,23 +1112,37 @@ extends AbstractForm {
class PasswordChangeForm
extends AbstractForm {
function buildFields() {
- return array(
+ $fields = array(
'current' => new PasswordField(array(
'placeholder' => __('Current Password'),
'required' => true,
- 'autofocus' => true,
+ 'configuration' => array(
+ 'autofocus' => true,
+ ),
)),
'passwd1' => new PasswordField(array(
'label' => __('Enter a new password'),
'placeholder' => __('New Password'),
'required' => true,
- 'layout' => new GridFluidCell(12, array('style' => 'padding-top: 20px')),
)),
'passwd2' => new PasswordField(array(
'placeholder' => __('Confirm Password'),
'required' => true,
)),
);
+
+ // When using the password reset system, the current password is not
+ // required for agents.
+ if (isset($_SESSION['_staff']['reset-token'])) {
+ unset($fields['current']);
+ $fields['passwd1']->set('configuration', array('autofocus' => true));
+ }
+ else {
+ $fields['passwd1']->set('layout',
+ new GridFluidCell(12, array('style' => 'padding-top: 20px'))
+ );
+ }
+ return $fields;
}
function getInstructions() {
diff --git a/include/staff/profile.inc.php b/include/staff/profile.inc.php
index bef18543809543e618d3796180aa6df85bc57fb5..e771579382d472460a142285e78a72cd3ddebb32 100644
--- a/include/staff/profile.inc.php
+++ b/include/staff/profile.inc.php
@@ -81,7 +81,7 @@ if(!defined('OSTSTAFFINC') || !$staff || !$thisstaff) die('Access Denied');
class="staff-username typeahead"
name="username" disabled value="<?php echo Format::htmlchars($staff->username); ?>" />
<?php if (!$bk || $bk->supportsPasswordChange()) { ?>
- <button type="button" class="action-button" onclick="javascript:
+ <button type="button" id="change-pw-button" class="action-button" onclick="javascript:
$.dialog('ajax.php/staff/'+<?php echo $staff->getId(); ?>+'/change-password', 201);">
<i class="icon-refresh"></i> <?php echo __('Change Password'); ?>
</button>
@@ -289,3 +289,10 @@ if(!defined('OSTSTAFFINC') || !$staff || !$thisstaff) die('Access Denied');
<input type="button" name="cancel" value="<?php echo __('Cancel');?>" onclick="window.history.go(-1);">
</p>
</form>
+<?php
+if ($staff->change_passwd) { ?>
+<script type="text/javascript">
+ $(function() { $('#change-pw-button').trigger('click'); });
+</script>
+<?php
+}