login/forgot_password.php

   1 <?php
   2
   3 // forgot password routine.
   4 // find the user and call the appropriate routine for their authentication
   5 // type.
   6
   7 require_once('../config.php');
   8 require_once('forgot_password_form.php');
   9
  10 $p_secret   = optional_param('p', false, PARAM_RAW);
  11 $p_username = optional_param('s', false, PARAM_RAW);
  12
  13 httpsrequired();
  14
  15 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
  16
  17 // setup text strings
  18 $strforgotten = get_string('passwordforgotten');
  19 $strlogin     = get_string('login');
  20
  21 $PAGE->set_url('/login/forgot_password.php');
  22 $PAGE->navbar->add($strlogin, get_login_url());
  23 $PAGE->navbar->add($strforgotten);
  24
  25 // if alternatepasswordurl is defined, then we'll just head there
  26 if (!empty($CFG->forgottenpasswordurl)) {
  27     redirect($CFG->forgottenpasswordurl);
  28 }
  29
  30 // if you are logged in then you shouldn't be here!
  31 if (isloggedin() and !isguestuser()) {
  32     redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5);
  33 }
  34
  35 if ($p_secret !== false) {
  36 ///=====================
  37 /// user clicked on link in email message
  38 ///=====================
  39
  40     update_login_count();
  41
  42     $PAGE->set_title($strforgotten);
  43     $PAGE->set_heading($strforgotten);
  44
  45     $user = get_complete_user_data('username', $p_username);
  46     if (!empty($user) and $user->secret === '') {
  47         echo $OUTPUT->header();
  48         print_error('secretalreadyused');
  49     } else if (!empty($user) and $user->secret == $p_secret) {
  50         // make sure that url relates to a valid user
  51
  52         // check this isn't guest user
  53         if (isguestuser($user)) {
  54             print_error('cannotresetguestpwd');
  55         }
  56
  57         // make sure user is allowed to change password
  58         require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
  59
  60         // override email stop and mail new password
  61         $user->emailstop = 0;
  62         if (!reset_password_and_mail($user)) {
  63             print_error('cannotresetmail');
  64         }
  65
  66         // Clear secret so that it can not be used again
  67         $user->secret = '';
  68         $DB->set_field('user', 'secret', $user->secret, array('id'=>$user->id));
  69
  70         reset_login_count();
  71
  72         $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
  73         $a = new object();
  74         $a->email = $user->email;
  75         $a->link = $changepasswordurl;
  76
  77         echo $OUTPUT->header();
  78         notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
  79
  80     } else {
  81         if (!empty($user) and strlen($p_secret) === 15) {
  82             // somebody probably tries to hack in by guessing secret - stop them!
  83             $DB->set_field('user', 'secret', '', array('id'=>$user->id));
  84         }
  85         echo $OUTPUT->header();
  86         print_error('forgotteninvalidurl');
  87     }
  88
  89     die; //never reached
  90 }
  91
  92 $mform = new login_forgot_password_form();
  93
  94 if ($mform->is_cancelled()) {
  95     redirect(get_login_url());
  96
  97 } else if ($data = $mform->get_data()) {
  98 /// find the user in the database and mail info
  99
 100     // first try the username
 101     if (!empty($data->username)) {
 102         $user = get_complete_user_data('username', $data->username);
 103     } else {
 104
 105         $user = get_complete_user_data('email', $data->email);
 106     }
 107
 108     if ($user and !empty($user->confirmed)) {
 109
 110         $userauth = get_auth_plugin($user->auth);
 111         if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 112             // send email (make sure mail block is off)
 113             $user->emailstop = 0;
 114         }
 115
 116         if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
 117           and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 118             // send reset password confirmation
 119
 120             // set 'secret' string
 121             $user->secret = random_string(15);
 122             $DB->set_field('user', 'secret', $user->secret, array('id'=>$user->id));
 123
 124             if (!send_password_change_confirmation_email($user)) {
 125                 print_error('cannotmailconfirm');
 126             }
 127
 128         } else {
 129             if (!send_password_change_info($user)) {
 130                 print_error('cannotmailconfirm');
 131             }
 132         }
 133     }
 134
 135     $PAGE->set_title($strforgotten);
 136     $PAGE->set_heading($strforgotten);
 137     echo $OUTPUT->header();
 138
 139     if (empty($user->email) or !empty($CFG->protectusernames)) {
 140         // Print general confirmation message
 141         notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php');
 142
 143     } else {
 144         // Confirm email sent
 145         $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
 146         $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
 147         notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
 148     }
 149
 150     die; // never reached
 151 }
 152
 153
 154 /// DISPLAY FORM
 155 $PAGE->set_title($strforgotten);
 156 $PAGE->set_heading($strforgotten);
 157 $PAGE->set_focuscontrol('id_email');
 158
 159 echo $OUTPUT->header();
 160 echo $OUTPUT->box(get_string('passwordforgotteninstructions2'), 'generalbox boxwidthnormal boxaligncenter');
 161 $mform->display();
 162
 163 echo $OUTPUT->footer();