forked from moodle/moodle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
forgot_password.php
157 lines (116 loc) · 5.05 KB
/
forgot_password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
// $Id$
// forgot password routine.
// find the user and call the appropriate routine for their authentication
// type.
require_once('../config.php');
require_once('forgot_password_form.php');
$p_secret = optional_param('p', false, PARAM_RAW);
$p_username = optional_param('s', false, PARAM_RAW);
httpsrequired();
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
// setup text strings
$strforgotten = get_string('passwordforgotten');
$strlogin = get_string('login');
$navigation = build_navigation(array(array('name' => $strlogin, 'link' => "$CFG->wwwroot/login/index.php", 'type' => 'misc'),
array('name' => $strforgotten, 'link' => null, 'type' => 'misc')));
// if alternatepasswordurl is defined, then we'll just head there
if (!empty($CFG->forgottenpasswordurl)) {
redirect($CFG->forgottenpasswordurl);
}
// if you are logged in then you shouldn't be here!
if (isloggedin() and !isguestuser()) {
redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5);
}
if ($p_secret !== false) {
///=====================
/// user clicked on link in email message
///=====================
update_login_count();
$user = get_complete_user_data('username', $p_username);
if (!empty($user) and $user->secret === '') {
print_header($strforgotten, $strforgotten, $navigation);
error(get_string('secretalreadyused'));
} else if (!empty($user) and $user->secret == stripslashes($p_secret)) {
// make sure that url relates to a valid user
// check this isn't guest user
if (isguestuser($user)) {
error('You cannot reset the guest password');
}
// make sure user is allowed to change password
require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
// override email stop and mail new password
$user->emailstop = 0;
if (!reset_password_and_mail($user)) {
error('Error resetting password and mailing you');
}
// Clear secret so that it can not be used again
$user->secret = '';
if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
error('Error resetting user secret string');
}
reset_login_count();
$changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
$a = new object();
$a->email = $user->email;
$a->link = $changepasswordurl;
print_header($strforgotten, $strforgotten, $navigation);
notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
} else {
print_header($strforgotten, $strforgotten, $navigation);
error(get_string('forgotteninvalidurl'));
}
die; //never reached
}
$mform = new login_forgot_password_form();
if ($mform->is_cancelled()) {
redirect($CFG->httpswwwroot.'/login/index.php');
} else if ($data = $mform->get_data()) {
/// find the user in the database and mail info
// first try the username
if (!empty($data->username)) {
$user = get_complete_user_data('username', $data->username);
} else {
$user = get_complete_user_data('email', $data->email);
}
if ($user and !empty($user->confirmed)) {
$userauth = get_auth_plugin($user->auth);
if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
// send email (make sure mail block is off)
$user->mailstop = 0;
}
if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
// send reset password confirmation
// set 'secret' string
$user->secret = random_string(15);
if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
error('error setting user secret string');
}
if (!send_password_change_confirmation_email($user)) {
error('error sending password change confirmation email');
}
} else {
if (!send_password_change_info($user)) {
error('error sending password change confirmation email');
}
}
}
print_header($strforgotten, $strforgotten, $navigation);
if (empty($user->email) or !empty($CFG->protectusernames)) {
// Print general confirmation message
notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php');
} else {
// Confirm email sent
$protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
$stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
}
die; // never reached
}
/// DISPLAY FORM
print_header($strforgotten, $strforgotten, $navigation, 'id_email');
print_box(get_string('passwordforgotteninstructions'), 'generalbox boxwidthnormal boxaligncenter');
$mform->display();
print_footer();
?>