login/forgot_password.php

   1 <?php
   2 // $Id$
   3 // forgot password routine.
   4 // find the user and call the appropriate routine for their authentication
   5 // type.
   6
   7 require_once('../config.php');
   8 require_once('forgot_password_form.php');
   9
  10 $p_secret   = optional_param('p', false, PARAM_RAW);
  11 $p_username = optional_param('s', false, PARAM_RAW);
  12
  13 httpsrequired();
  14
  15 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
  16
  17 // setup text strings
  18 $strforgotten = get_string('passwordforgotten');
  19 $strlogin     = get_string('login');
  20
  21 $navigation = build_navigation(array(array('name' => $strlogin, 'link' => "$CFG->wwwroot/login/index.php", 'type' => 'misc'),
  22                                      array('name' => $strforgotten, 'link' => null, 'type' => 'misc')));
  23
  24 // if you are logged in then you shouldn't be here!
  25 if (isloggedin() and !isguestuser()) {
  26     redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5);
  27 }
  28
  29 if ($p_secret !== false) {
  30 ///=====================
  31 /// user clicked on link in email message
  32 ///=====================
  33
  34     update_login_count();
  35
  36     $user = get_complete_user_data('username', $p_username);
  37     if (!empty($user) and $user->secret === '') {
  38         print_header($strforgotten, $strforgotten, $navigation);
  39         error(get_string('secretalreadyused'));
  40
  41     } else if (!empty($user) and $user->secret == stripslashes($p_secret)) {
  42         // make sure that url relates to a valid user
  43
  44         // check this isn't guest user
  45         if (isguestuser($user)) {
  46             error('You cannot reset the guest password');
  47         }
  48
  49         // make sure user is allowed to change password
  50         require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
  51
  52         // override email stop and mail new password
  53         $user->emailstop = 0;
  54         if (!reset_password_and_mail($user)) {
  55             error('Error resetting password and mailing you');
  56         }
  57
  58         // Clear secret so that it can not be used again
  59         $user->secret = '';
  60         if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
  61             error('Error resetting user secret string');
  62         }
  63
  64         reset_login_count();
  65
  66         $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
  67         $a = new object();
  68         $a->email = $user->email;
  69         $a->link = $changepasswordurl;
  70
  71         print_header($strforgotten, $strforgotten, $navigation);
  72         notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
  73
  74     } else {
  75         print_header($strforgotten, $strforgotten, $navigation);
  76         error(get_string('forgotteninvalidurl'));
  77     }
  78
  79     die; //never reached
  80 }
  81
  82 $mform = new login_forgot_password_form();
  83
  84 if ($mform->is_cancelled()) {
  85     redirect($CFG->httpswwwroot.'/login/index.php');
  86
  87 } else if ($data = $mform->get_data()) {
  88 /// find the user in the database and mail info
  89
  90     // first try the username
  91     if (!empty($data->username)) {
  92         $user = get_complete_user_data('username', $data->username);
  93     } else {
  94
  95         $user = get_complete_user_data('email', $data->email);
  96     }
  97
  98     if ($user and !empty($user->confirmed)) {
  99
 100         $userauth = get_auth_plugin($user->auth);
 101         if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 102             // send email (make sure mail block is off)
 103             $user->mailstop = 0;
 104         }
 105
 106         if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
 107           and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 108             // send reset password confirmation
 109
 110             // set 'secret' string
 111             $user->secret = random_string(15);
 112             if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
 113                 error('error setting user secret string');
 114             }
 115
 116             if (!send_password_change_confirmation_email($user)) {
 117                 error('error sending password change confirmation email');
 118             }
 119
 120         } else {
 121             if (!send_password_change_info($user)) {
 122                 error('error sending password change confirmation email');
 123             }
 124         }
 125     }
 126
 127     print_header($strforgotten, $strforgotten, $navigation);
 128
 129     if (empty($user->email) or !empty($CFG->protectusernames)) {
 130         // Print general confirmation message
 131         notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php');
 132
 133     } else {
 134         // Confirm email sent
 135         $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
 136         $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
 137         notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
 138     }
 139
 140     die; // never reached
 141 }
 142
 143
 144 /// DISPLAY FORM
 145 print_header($strforgotten, $strforgotten, $navigation, 'id_email');
 146
 147 print_box(get_string('passwordforgotteninstructions'), 'generalbox boxwidthnormal boxaligncenter');
 148 $mform->display();
 149
 150 print_footer();
 151
 152 ?>