/**
* Change the password of the current user. This must be performed over SSL.
*
* @param string $oldPassword The new password
* @param string $newPassword The old password
* @param bool $replaceNotRemove Alternative password change method. Set to true if you're receiving 'CONSTRAINT'
* errors.
*
* @throws AdldapException
*
* @return bool
*/
public function changePassword($oldPassword, $newPassword, $replaceNotRemove = false)
{
$connection = $this->query->getConnection();
if (!$connection->isUsingSSL() && !$connection->isUsingTLS()) {
$message = 'SSL or TLS must be configured on your web server and enabled to change passwords.';
throw new AdldapException($message);
}
$attribute = $this->schema->unicodePassword();
$modifications = [];
if ($replaceNotRemove === true) {
$modifications[] = new BatchModification($attribute, LDAP_MODIFY_BATCH_REPLACE, [Utilities::encodePassword($newPassword)]);
} else {
// Create batch modification for removing the old password.
$modifications[] = new BatchModification($attribute, LDAP_MODIFY_BATCH_REMOVE, [Utilities::encodePassword($oldPassword)]);
// Create batch modification for adding the new password.
$modifications[] = new BatchModification($attribute, LDAP_MODIFY_BATCH_ADD, [Utilities::encodePassword($newPassword)]);
}
// Add the modifications.
foreach ($modifications as $modification) {
$this->addModification($modification);
}
// Update the user.
$result = $this->update();
if ($result === false && ($error = $connection->getExtendedError())) {
// If the user failed to update, we'll see if we can
// figure out why by retrieving the extended error.
switch ($code = $connection->getExtendedErrorCode()) {
case '0000052D':
throw new UserPasswordPolicyException("Error: {$code}. Your new password does not match the password policy.");
case '00000056':
throw new UserPasswordIncorrectException($message = "Error: {$code}. Your old password is incorrect.");
default:
throw new AdldapException("Error: {$error}");
}
}
return $result;
}
