From 7891bdfff5ae4a7d7562c7214ae7e91b34dc055a Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 1 Apr 2010 07:38:06 -0700
Subject: [PATCH] Fix for ticket #1107. 1) Change the link on the register
 welcome dialog to use the change password form.    thanks to TAZattitude for
 pointing the way. 2) Address the issue that default change password form,
 expects the user to know    the old password.  As this is the first login,
 they might not write down the    generated password, so when they get to
 form, they are screwed, as they can't    change the password w/o the old one.
  So we register will generate a clone    of the password change form, where
 the old password is supplied as a hidden    field.

---
 modules/register/controllers/register.php     | 32 +++++++++++++++++++
 .../views/register_welcome_message.html.php   |  2 +-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/modules/register/controllers/register.php b/modules/register/controllers/register.php
index 07102b89..0de79529 100755
--- a/modules/register/controllers/register.php
+++ b/modules/register/controllers/register.php
@@ -126,6 +126,11 @@ class register_Controller extends Controller {
     print $v;
   }
 
+  public function change_password($id, $password) {
+    $user = user::lookup($id);
+    print $this->_get_change_password_form($user, $password);
+  }
+
   private function _get_form() {
     $minimum_length = module::get_var("user", "mininum_password_length", 5);
     $form = new Forge("register/handler", "", "post", array("id" => "g-register-form"));
@@ -146,4 +151,31 @@ class register_Controller extends Controller {
     $group->submit("")->value(t("Register"));
     return $form;
   }
+
+  /**
+   * Get the password change form.  This code is copied from controllers/users.php.  The
+   * difference is that as this is the first time logging on, the user might not have
+   * expected that they were going to have to enter the password displayed on the welcome
+   * page, and didn't make note of it.  If we were using the standard change password dialog, the
+   * user would be screwed as there is no way to go back and get it.  So with this dialog,
+   * we will provide the old password as a hidden field.
+   */
+  private function _get_change_password_form($user, $password) {
+    $form = new Forge(
+      "users/change_password/$user->id", "", "post", array("id" => "g-change-password-user-form"));
+    $group = $form->group("change_password")->label(t("Change your password"));
+    $group->hidden("old_password")->value($password);
+    $group->password("password")->label(t("New password"))->id("g-password")
+      ->error_messages("min_length", t("Your new password is too short"));
+    $group->script("")
+      ->text(
+        '$("form").ready(function(){$(\'input[name="password"]\').user_password_strength();});');
+    $group->password("password2")->label(t("Confirm new password"))->id("g-password2")
+      ->matches($group->password)
+      ->error_messages("matches", t("The passwords you entered do not match"));
+
+    module::event("user_change_password_form", $user, $form);
+    $group->submit("")->value(t("Save"));
+    return $form;
+  }
 }
\ No newline at end of file
diff --git a/modules/register/views/register_welcome_message.html.php b/modules/register/views/register_welcome_message.html.php
index 01e2dfad..76c076cb 100644
--- a/modules/register/views/register_welcome_message.html.php
+++ b/modules/register/views/register_welcome_message.html.php
@@ -15,7 +15,7 @@
   </p>
 
   <p>
-    <a href="<?= url::site("form/edit/users/{$user->id}") ?>"
+    <a href="<?= url::site("register/change_password/{$user->id}/$password") ?>"
       title="<?= t("Edit your profile")->for_html_attr() ?>"
       id="g-after-install-change-password-link"
       class="g-button ui-state-default ui-corners-all">