search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
file installer.php was added on branch MOODLE_17_STABLE on 2008-05-10 02:58:25 +0000
[moodle.git] / login / forgot_password.php
blobecdfbb76d00f170ed66f71072c8dd410ea74e415
1 <?php
2 // $Id$
3 // forgot password routine.
4 // find the user and call the appropriate routine for their authentication
5 // type.
6
7 require_once('../config.php');
8 httpsrequired();
9
10
11 //******************************
12 // GET PARAMS AND STRINGS
13 //******************************
14
15 // parameters from form
16 $param = new StdClass;
17 $param->action = optional_param( 'action','',PARAM_ALPHA );
18 $param->email = optional_param( 'email','',PARAM_CLEAN );
19 $param->p = optional_param( 'p','',PARAM_CLEAN );
20 $param->s = optional_param( 's','',PARAM_CLEAN );
21 $param->username = optional_param( 'username','',PARAM_CLEAN );
22
23 // setup text strings
24 $txt = new StdClass;
25 $txt->cancel = get_string('cancel');
26 $txt->confirmednot = get_string('confirmednot');
27 $txt->email = get_string('email');
28 $txt->emailnotfound = get_string('emailnotfound');
29 $txt->forgotten = get_string('passwordforgotten');
30 $txt->forgottenduplicate = get_string('forgottenduplicate','moodle',get_admin() );
31 $txt->forgotteninstructions = get_string('passwordforgotteninstructions');
32 $txt->invalidemail = get_string('invalidemail');
33 $txt->login = get_string('login');
34 $txt->loginalready = get_string('loginalready');
35 $txt->ok = get_string('ok');
36 $txt->passwordextlink = get_string('passwordextlink');
37 $txt->passwordnohelp = get_string('passwordnohelp');
38 $txt->senddetails = get_string('senddetails');
39 $txt->username = get_string('username');
40 $txt->usernameemailmatch = get_string('usernameemailmatch');
41 $txt->usernamenotfound = get_string('usernamenotfound');
42 $txt->invalidurl = get_string('forgotteninvalidurl');
43
44 $sesskey = sesskey();
45 $errors = array();
46 $page = ''; // page to display
47
48
49 //******************************
50 // PROCESS ACTIONS
51 //******************************
52
53 // if you are logged in then you shouldn't be here!
54 if (isloggedin() && !isguest()) {
55 redirect( $CFG->wwwroot.'/index.php', $txt->loginalready, 5 );
56 }
57
58 // changepassword link replaced by individual auth setting
59 $auth = $CFG->auth; // the 'default' authentication method
60 if (!empty($CFG->changepassword)) {
61 if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) {
62 set_config('auth_'.$auth.'_changepasswordurl',$CFG->changepassword );
63 }
64 set_config('changepassword','');
65 }
66
67 // ACTION = FIND
68 if ($param->action=='find' and confirm_sesskey()) {
69 // find the user in the database
70
71 // first try the username
72 if (!empty($param->username)) {
73 if (!$user=get_complete_user_data('username',$param->username)) {
74 $errors[] = $txt->usernamenotfound;
75 }
76 }
77
78 // now try email
79 if (!empty($param->email)) {
80 // validate email address 1st
81 if (!validate_email( $param->email )) {
82 $errors[] = $txt->invalidemail;
83 }
84 elseif (count_records('user','email',$param->email) > 1) {
85 // (if there is more than one instance of the email then we
86 // cannot complete automated recovery)
87 $page = 'duplicateemail';
88
89 // just clear everything - we drop through to message page
90 unset( $user );
91 unset( $email );
92 $errors = array();
93 }
94 elseif (!$mailuser = get_complete_user_data('email',$param->email)) {
95 $errors[] = $txt->emailnotfound;
96 }
97
98 // just in case they did specify both...
99 // if $user exists then check they actually match (then just use $user)
100 if (!empty($user) and !empty($mailuser)) {
101 if ($user->id != $mailuser->id) {
102 $errors[] = $txt->usernameemailmatch;
103 }
104 $user = $mailuser;
105 }
106
107 // use email user if username not used or located
108 if (!empty($mailuser) and empty($user)) {
109 $user = $mailuser;
110 }
111 }
112
113 // if user located (and no errors) take the appropriate action
114 if (!empty($user) and (count($errors)==0)) {
115 // check this user isn't 'unconfirmed'
116 if (empty($user->confirmed)) {
117 $errors[] = $txt->confirmednot;
118 }
119 else {
120 // what to do depends on the authentication method
121 $authmethod = $user->auth;
122 if (is_internal_auth( $authmethod ) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) {
123 // handle internal authentication
124
125 // set 'secret' string
126 $user->secret = random_string( 15 );
127 if (!set_field('user','secret',$user->secret,'id',$user->id)) {
128 error( 'error setting user secret string' );
129 }
130
131 // send email (make sure mail block is off)
132 $user->mailstop = 0;
133 if (!send_password_change_confirmation_email($user)) {
134 error( 'error sending password change confirmation email' );
135 }
136
137 // display confirm message
138 $page = 'emailconfirm';
139 }
140 else {
141 // handle some 'external' authentication
142 // if help text defined then we are going to display another page
143 $txt->extmessage = '';
144 $continue = false;
145 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordhelp'} )) {
146 $txt->extmessage = $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'<br /><br />';
147 }
148 // if url defined then add that to the message (with a standard message)
149 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordurl'} )) {
150 $txt->extmessage .= $txt->passwordextlink . '<br /><br />';
151 $link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'};
152 $txt->extmessage .= "<a href=\"$link\">$link</a>";
153 }
154 // if nothing to display, just do message that we can't help
155 if (empty($txt->extmessage)) {
156 $txt->extmessage = $txt->passwordextlink;
157 $continue = true;
158 }
159 $page = 'external';
160 }
161 }
162 }
163
164 // nothing supplied - error
165 if (empty($param->username) and empty($param->email)) {
166 $errors[] = 'no email or username';
167 }
168
169 if ($page != 'external' and !empty($CFG->protectusernames)) {
170 // do not give any hints about usernames or email!
171 $errors = array();
172 $page = 'emailmaybeconfirmed';
173 }
174 }
175
176 // ACTION = AUTHENTICATE
177 if (!empty($param->p) and !empty($param->s)) {
178
179 update_login_count();
180 $user = get_complete_user_data('username',$param->s);
181
182 // make sure that url relates to a valid user
183 if (!empty($user) and $user->secret == $param->p) {
184 // check this isn't guest user
185 if (isguest( $user->id )) {
186 error('You cannot change the guest password');
187 }
188
189 // override email stop and mail new password
190 $user->emailstop = 0;
191 if (!reset_password_and_mail($user)) {
192 error( 'Error resetting password and mailing you' );
193 }
194
195 reset_login_count();
196 $page = 'emailsent';
197
198 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php?action=forgot";
199 $a->email = $user->email;
200 $a->link = $changepasswordurl;
201 $txt->emailpasswordsent = get_string( 'emailpasswordsent', '', $a );
202 } else {
203 $errors[] = $txt->invalidurl;
204 }
205
206 }
207
208
209 //******************************
210 // DISPLAY PART
211 //******************************
212
213 print_header( $txt->forgotten, $txt->forgotten,
214 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$txt->login}</a>->{$txt->forgotten}",
215 'form.email' );
216
217 if ($page=='emailmaybeconfirmed') {
218 // Print general confirmation message
219 notice(get_string('emailpasswordconfirmmaybesent'),$CFG->wwwroot.'/index.php');
220 }
221
222 // check $page for appropriate page to display
223 if ($page=='emailconfirm') {
224 // Confirm (internal method) email sent
225 $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
226 $txt->emailpasswordconfirmsent = get_string( 'emailpasswordconfirmsent','',$protectedemail );
227 notice( $txt->emailpasswordconfirmsent,$CFG->wwwroot.'/index.php');
228 }
229
230 elseif ($page=='external') {
231 // display change password help text
232 print_simple_box( $txt->extmessage, 'center', '50%','','20','noticebox' );
233
234 // only print continue button if it makes sense
235 if ($continue) {
236 print_continue($CFG->wwwroot.'/index.php');
237 }
238 }
239
240 elseif ($page=='emailsent') {
241 // mail sent with new password
242 notice( $txt->emailpasswordsent, $changepasswordurl );
243 }
244
245 elseif ($page=='duplicateemail') {
246 // email address appears more than once
247 notice( $txt->forgottenduplicate, $CFG->wwwroot.'/index.php');
248 }
249
250 else {
251 echo '<br />';
252 print_simple_box_start('center','50%','','20');
253
254 // display any errors
255 if (count($errors)) {
256 echo "<ul class=\"errors\">\n";
257 foreach ($errors as $error) {
258 echo " <li>$error</li>\n";
259 }
260 echo "</ul>\n";
261 }
262
263 ?>
264
265 <p><?php echo $txt->forgotteninstructions; ?></p>
266
267 <form action="forgot_password.php" method="post">
268 <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
269 <input type="hidden" name="action" value="find" />
270 <table id="forgottenpassword">
271 <tr>
272 <td><?php echo $txt->username; ?></td>
273 <td><input type="text" name="username" size="25" /></td>
274 </tr>
275 <tr>
276 <td><?php echo $txt->email; ?></td>
277 <td><input type="text" name="email" size="25" /></td>
278 </tr>
279 <tr>
280 <td>&nbsp;</td>
281 <td><input type="submit" value="<?php echo $txt->ok; ?>" />
282 <input type="button" value="<?php echo $txt->cancel; ?>"
283 onclick="javascript: history.go(-1)" /></td>
284 </tr>
285 </table>
286
287
288 </form>
289
290 <?php
291 }
292
293 print_simple_box_end();
294 print_footer();
295 ?>
Read-only mirror of the Moodle CVS