login/forgot_password.php

   1 <?php
   2 // $Id$
   3 // forgot password routine.
   4 // find the user and call the appropriate routine for their authentication
   5 // type.
   6
   7 require_once('../config.php');
   8 require_once('forgot_password_form.php');
   9
  10 $p_secret   = optional_param('p', false, PARAM_RAW);
  11 $p_username = optional_param('s', false, PARAM_RAW);
  12
  13 httpsrequired();
  14
  15 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
  16
  17 // setup text strings
  18 $strforgotten = get_string('passwordforgotten');
  19 $strlogin     = get_string('login');
  20
  21 $navigation = build_navigation(array(array('name' => $strlogin, 'link' => "$CFG->wwwroot/login/index.php", 'type' => 'misc'),
  22                                      array('name' => $strforgotten, 'link' => null, 'type' => 'misc')));
  23
  24 // if alternatepasswordurl is defined, then we'll just head there
  25 if (!empty($CFG->forgottenpasswordurl)) {
  26     redirect($CFG->forgottenpasswordurl);
  27 }
  28
  29 // if you are logged in then you shouldn't be here!
  30 if (isloggedin() and !isguestuser()) {
  31     redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5);
  32 }
  33
  34 if ($p_secret !== false) {
  35 ///=====================
  36 /// user clicked on link in email message
  37 ///=====================
  38
  39     update_login_count();
  40
  41     $user = get_complete_user_data('username', $p_username);
  42     if (!empty($user) and $user->secret === '') {
  43         print_header($strforgotten, $strforgotten, $navigation);
  44         print_error('secretalreadyused');
  45
  46     } else if (!empty($user) and $user->secret == stripslashes($p_secret)) {
  47         // make sure that url relates to a valid user
  48
  49         // check this isn't guest user
  50         if (isguestuser($user)) {
  51             error('You cannot reset the guest password');
  52         }
  53
  54         // make sure user is allowed to change password
  55         require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
  56
  57         // override email stop and mail new password
  58         $user->emailstop = 0;
  59         if (!reset_password_and_mail($user)) {
  60             error('Error resetting password and mailing you');
  61         }
  62
  63         // Clear secret so that it can not be used again
  64         $user->secret = '';
  65         if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
  66             error('Error resetting user secret string');
  67         }
  68
  69         reset_login_count();
  70
  71         $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
  72         $a = new object();
  73         $a->email = $user->email;
  74         $a->link = $changepasswordurl;
  75
  76         print_header($strforgotten, $strforgotten, $navigation);
  77         notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
  78
  79     } else {
  80         if (!empty($user) and strlen($p_secret) === 15) {
  81             // somebody probably tries to hack in by guessing secret - stop them!
  82             set_field('user', 'secret', '', 'id', $user->id);
  83         }
  84         print_header($strforgotten, $strforgotten, $navigation);
  85         print_error('forgotteninvalidurl');
  86     }
  87
  88     die; //never reached
  89 }
  90
  91 $mform = new login_forgot_password_form();
  92
  93 if ($mform->is_cancelled()) {
  94     redirect($CFG->httpswwwroot.'/login/index.php');
  95
  96 } else if ($data = $mform->get_data()) {
  97 /// find the user in the database and mail info
  98
  99     // first try the username
 100     if (!empty($data->username)) {
 101         $user = get_complete_user_data('username', $data->username);
 102     } else {
 103
 104         $user = get_complete_user_data('email', $data->email);
 105     }
 106
 107     if ($user and !empty($user->confirmed)) {
 108
 109         $userauth = get_auth_plugin($user->auth);
 110         if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 111             // send email (make sure mail block is off)
 112             $user->emailstop = 0;
 113         }
 114
 115         if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
 116           and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 117             // send reset password confirmation
 118
 119             // set 'secret' string
 120             $user->secret = random_string(15);
 121             if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
 122                 error('error setting user secret string');
 123             }
 124
 125             if (!send_password_change_confirmation_email($user)) {
 126                 error('error sending password change confirmation email');
 127             }
 128
 129         } else {
 130             if (!send_password_change_info($user)) {
 131                 error('error sending password change confirmation email');
 132             }
 133         }
 134     }
 135
 136     print_header($strforgotten, $strforgotten, $navigation);
 137
 138     if (empty($user->email) or !empty($CFG->protectusernames)) {
 139         // Print general confirmation message
 140         notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php');
 141
 142     } else {
 143         // Confirm email sent
 144         $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
 145         $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
 146         notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
 147     }
 148
 149     die; // never reached
 150 }
 151
 152
 153 /// DISPLAY FORM
 154 print_header($strforgotten, $strforgotten, $navigation, 'id_email');
 155
 156 print_box(get_string('passwordforgotteninstructions'), 'generalbox boxwidthnormal boxaligncenter');
 157 $mform->display();
 158
 159 print_footer();
 160
 161 ?>