3 // forgot password routine.
4 // find the user and call the appropriate routine for their authentication
7 require_once('../config.php');
8 require_once('forgot_password_form.php');
10 $p_secret = optional_param('p', false, PARAM_RAW
);
11 $p_username = optional_param('s', false, PARAM_RAW
);
15 $systemcontext = get_context_instance(CONTEXT_SYSTEM
);
18 $strforgotten = get_string('passwordforgotten');
19 $strlogin = get_string('login');
21 $PAGE->set_url('/login/forgot_password.php');
22 $PAGE->navbar
->add($strlogin, get_login_url());
23 $PAGE->navbar
->add($strforgotten);
25 // if alternatepasswordurl is defined, then we'll just head there
26 if (!empty($CFG->forgottenpasswordurl
)) {
27 redirect($CFG->forgottenpasswordurl
);
30 // if you are logged in then you shouldn't be here!
31 if (isloggedin() and !isguestuser()) {
32 redirect($CFG->wwwroot
.'/index.php', get_string('loginalready'), 5);
35 if ($p_secret !== false) {
36 ///=====================
37 /// user clicked on link in email message
38 ///=====================
42 $PAGE->set_title($strforgotten);
43 $PAGE->set_heading($strforgotten);
45 $user = get_complete_user_data('username', $p_username);
46 if (!empty($user) and $user->secret
=== '') {
47 echo $OUTPUT->header();
48 print_error('secretalreadyused');
49 } else if (!empty($user) and $user->secret
== $p_secret) {
50 // make sure that url relates to a valid user
52 // check this isn't guest user
53 if (isguestuser($user)) {
54 print_error('cannotresetguestpwd');
57 // make sure user is allowed to change password
58 require_capability('moodle/user:changeownpassword', $systemcontext, $user->id
);
60 // override email stop and mail new password
62 if (!reset_password_and_mail($user)) {
63 print_error('cannotresetmail');
66 // Clear secret so that it can not be used again
68 $DB->set_field('user', 'secret', $user->secret
, array('id'=>$user->id
));
72 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
74 $a->email
= $user->email
;
75 $a->link
= $changepasswordurl;
77 echo $OUTPUT->header();
78 notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
81 if (!empty($user) and strlen($p_secret) === 15) {
82 // somebody probably tries to hack in by guessing secret - stop them!
83 $DB->set_field('user', 'secret', '', array('id'=>$user->id
));
85 echo $OUTPUT->header();
86 print_error('forgotteninvalidurl');
92 $mform = new login_forgot_password_form();
94 if ($mform->is_cancelled()) {
95 redirect(get_login_url());
97 } else if ($data = $mform->get_data()) {
98 /// find the user in the database and mail info
100 // first try the username
101 if (!empty($data->username
)) {
102 $user = get_complete_user_data('username', $data->username
);
105 $user = get_complete_user_data('email', $data->email
);
108 if ($user and !empty($user->confirmed
)) {
110 $userauth = get_auth_plugin($user->auth
);
111 if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id
)) {
112 // send email (make sure mail block is off)
113 $user->emailstop
= 0;
116 if ($userauth->can_reset_password() and is_enabled_auth($user->auth
)
117 and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id
)) {
118 // send reset password confirmation
120 // set 'secret' string
121 $user->secret
= random_string(15);
122 $DB->set_field('user', 'secret', $user->secret
, array('id'=>$user->id
));
124 if (!send_password_change_confirmation_email($user)) {
125 print_error('cannotmailconfirm');
129 if (!send_password_change_info($user)) {
130 print_error('cannotmailconfirm');
135 $PAGE->set_title($strforgotten);
136 $PAGE->set_heading($strforgotten);
137 echo $OUTPUT->header();
139 if (empty($user->email
) or !empty($CFG->protectusernames
)) {
140 // Print general confirmation message
141 notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot
.'/index.php');
144 // Confirm email sent
145 $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email
); // obfuscate the email address to protect privacy
146 $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
147 notice($stremailpasswordconfirmsent, $CFG->wwwroot
.'/index.php');
150 die; // never reached
155 $PAGE->set_title($strforgotten);
156 $PAGE->set_heading($strforgotten);
157 $PAGE->set_focuscontrol('id_email');
159 echo $OUTPUT->header();
160 echo $OUTPUT->box(get_string('passwordforgotteninstructions2'), 'generalbox boxwidthnormal boxaligncenter');
163 echo $OUTPUT->footer();