3 // forgot password routine.
4 // find the user and call the appropriate routine for their authentication
7 require_once('../config.php');
11 //******************************
12 // GET PARAMS AND STRINGS
13 //******************************
15 // parameters from form
16 $param = new StdClass
;
17 $param->action
= optional_param( 'action','',PARAM_ALPHA
);
18 $param->email
= optional_param( 'email','',PARAM_CLEAN
);
19 $param->p
= optional_param( 'p','',PARAM_CLEAN
);
20 $param->s
= optional_param( 's','',PARAM_CLEAN
);
21 $param->username
= optional_param( 'username','',PARAM_CLEAN
);
25 $txt->cancel
= get_string('cancel');
26 $txt->confirmednot
= get_string('confirmednot');
27 $txt->email
= get_string('email');
28 $txt->emailnotfound
= get_string('emailnotfound');
29 $txt->forgotten
= get_string('passwordforgotten');
30 $txt->forgottenduplicate
= get_string('forgottenduplicate','moodle',get_admin() );
31 $txt->forgotteninstructions
= get_string('passwordforgotteninstructions');
32 $txt->invalidemail
= get_string('invalidemail');
33 $txt->login
= get_string('login');
34 $txt->loginalready
= get_string('loginalready');
35 $txt->ok
= get_string('ok');
36 $txt->passwordextlink
= get_string('passwordextlink');
37 $txt->passwordnohelp
= get_string('passwordnohelp');
38 $txt->senddetails
= get_string('senddetails');
39 $txt->username
= get_string('username');
40 $txt->usernameemailmatch
= get_string('usernameemailmatch');
41 $txt->usernamenotfound
= get_string('usernamenotfound');
42 $txt->invalidurl
= get_string('forgotteninvalidurl');
46 $page = ''; // page to display
49 //******************************
51 //******************************
53 // if you are logged in then you shouldn't be here!
54 if (isloggedin() && !isguest()) {
55 redirect( $CFG->wwwroot
.'/index.php', $txt->loginalready
, 5 );
58 // changepassword link replaced by individual auth setting
59 $auth = $CFG->auth
; // the 'default' authentication method
60 if (!empty($CFG->changepassword
)) {
61 if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) {
62 set_config('auth_'.$auth.'_changepasswordurl',$CFG->changepassword
);
64 set_config('changepassword','');
68 if ($param->action
=='find' and confirm_sesskey()) {
69 // find the user in the database
71 // first try the username
72 if (!empty($param->username
)) {
73 if (!$user=get_complete_user_data('username',$param->username
)) {
74 $errors[] = $txt->usernamenotfound
;
79 if (!empty($param->email
)) {
80 // validate email address 1st
81 if (!validate_email( $param->email
)) {
82 $errors[] = $txt->invalidemail
;
84 elseif (count_records('user','email',$param->email
) > 1) {
85 // (if there is more than one instance of the email then we
86 // cannot complete automated recovery)
87 $page = 'duplicateemail';
89 // just clear everything - we drop through to message page
94 elseif (!$mailuser = get_complete_user_data('email',$param->email
)) {
95 $errors[] = $txt->emailnotfound
;
98 // just in case they did specify both...
99 // if $user exists then check they actually match (then just use $user)
100 if (!empty($user) and !empty($mailuser)) {
101 if ($user->id
!= $mailuser->id
) {
102 $errors[] = $txt->usernameemailmatch
;
107 // use email user if username not used or located
108 if (!empty($mailuser) and empty($user)) {
113 // if user located (and no errors) take the appropriate action
114 if (!empty($user) and (count($errors)==0)) {
115 // check this user isn't 'unconfirmed'
116 if (empty($user->confirmed
)) {
117 $errors[] = $txt->confirmednot
;
120 // what to do depends on the authentication method
121 $authmethod = $user->auth
;
122 if (is_internal_auth( $authmethod ) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) {
123 // handle internal authentication
125 // set 'secret' string
126 $user->secret
= random_string( 15 );
127 if (!set_field('user','secret',$user->secret
,'id',$user->id
)) {
128 error( 'error setting user secret string' );
131 // send email (make sure mail block is off)
133 if (!send_password_change_confirmation_email($user)) {
134 error( 'error sending password change confirmation email' );
137 // display confirm message
138 $page = 'emailconfirm';
141 // handle some 'external' authentication
142 // if help text defined then we are going to display another page
143 $txt->extmessage
= '';
145 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordhelp'} )) {
146 $txt->extmessage
= $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'<br /><br />';
148 // if url defined then add that to the message (with a standard message)
149 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordurl'} )) {
150 $txt->extmessage
.= $txt->passwordextlink
. '<br /><br />';
151 $link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'};
152 $txt->extmessage
.= "<a href=\"$link\">$link</a>";
154 // if nothing to display, just do message that we can't help
155 if (empty($txt->extmessage
)) {
156 $txt->extmessage
= $txt->passwordextlink
;
164 // nothing supplied - error
165 if (empty($param->username
) and empty($param->email
)) {
166 $errors[] = 'no email or username';
169 if ($page != 'external' and !empty($CFG->protectusernames
)) {
170 // do not give any hints about usernames or email!
172 $page = 'emailmaybeconfirmed';
176 // ACTION = AUTHENTICATE
177 if (!empty($param->p
) and !empty($param->s
)) {
179 update_login_count();
180 $user = get_complete_user_data('username',$param->s
);
182 // make sure that url relates to a valid user
183 if (!empty($user) and $user->secret
== $param->p
) {
184 // check this isn't guest user
185 if (isguest( $user->id
)) {
186 error('You cannot change the guest password');
189 // override email stop and mail new password
190 $user->emailstop
= 0;
191 if (!reset_password_and_mail($user)) {
192 error( 'Error resetting password and mailing you' );
198 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php?action=forgot";
199 $a->email
= $user->email
;
200 $a->link
= $changepasswordurl;
201 $txt->emailpasswordsent
= get_string( 'emailpasswordsent', '', $a );
203 $errors[] = $txt->invalidurl
;
209 //******************************
211 //******************************
213 print_header( $txt->forgotten
, $txt->forgotten
,
214 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$txt->login}</a>->{$txt->forgotten}",
217 if ($page=='emailmaybeconfirmed') {
218 // Print general confirmation message
219 notice(get_string('emailpasswordconfirmmaybesent'),$CFG->wwwroot
.'/index.php');
222 // check $page for appropriate page to display
223 if ($page=='emailconfirm') {
224 // Confirm (internal method) email sent
225 $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email
); // obfuscate the email address to protect privacy
226 $txt->emailpasswordconfirmsent
= get_string( 'emailpasswordconfirmsent','',$protectedemail );
227 notice( $txt->emailpasswordconfirmsent
,$CFG->wwwroot
.'/index.php');
230 elseif ($page=='external') {
231 // display change password help text
232 print_simple_box( $txt->extmessage
, 'center', '50%','','20','noticebox' );
234 // only print continue button if it makes sense
236 print_continue($CFG->wwwroot
.'/index.php');
240 elseif ($page=='emailsent') {
241 // mail sent with new password
242 notice( $txt->emailpasswordsent
, $changepasswordurl );
245 elseif ($page=='duplicateemail') {
246 // email address appears more than once
247 notice( $txt->forgottenduplicate
, $CFG->wwwroot
.'/index.php');
252 print_simple_box_start('center','50%','','20');
254 // display any errors
255 if (count($errors)) {
256 echo "<ul class=\"errors\">\n";
257 foreach ($errors as $error) {
258 echo " <li>$error</li>\n";
265 <p
><?php
echo $txt->forgotteninstructions
; ?
></p
>
267 <form action
="forgot_password.php" method
="post">
268 <input type
="hidden" name
="sesskey" value
="<?php echo $sesskey; ?>" />
269 <input type
="hidden" name
="action" value
="find" />
270 <table id
="forgottenpassword">
272 <td
><?php
echo $txt->username
; ?
></td
>
273 <td
><input type
="text" name
="username" size
="25" /></td
>
276 <td
><?php
echo $txt->email
; ?
></td
>
277 <td
><input type
="text" name
="email" size
="25" /></td
>
281 <td
><input type
="submit" value
="<?php echo $txt->ok; ?>" />
282 <input type
="button" value
="<?php echo $txt->cancel; ?>"
283 onclick
="javascript: history.go(-1)" /></td
>
293 print_simple_box_end();