forgotpass.php 7.42 KB
Newer Older
Nigel McNie's avatar
Nigel McNie committed
1
2
3
4
5
<?php
/**
 *
 * @package    mahara
 * @subpackage core
6
 * @author     Catalyst IT Ltd
7
8
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
Nigel McNie's avatar
Nigel McNie committed
9
10
11
12
13
 *
 */

define('INTERNAL', 1);
define('PUBLIC', 1);
14
15
16
17
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'site');
define('SECTION_PAGE', 'forgotpass');

Nigel McNie's avatar
Nigel McNie committed
18
19
require('init.php');

20
if ($SESSION->get('pwchangerequested')) {
21
    $SESSION->set('pwchangerequested', false);
22
    die_info(get_string('pwchangerequestsentfullinfo'));
Nigel McNie's avatar
Nigel McNie committed
23
24
}

25
26
if (param_exists('key')) {
    $SESSION->set('forgotpasskey', param_alphanum('key'));
27
28
    redirect('/forgotpass.php');
}
29
if ($SESSION->get('forgotpasskey')) {
30
31
    define('TITLE', get_string('changepassword'));

32
    if (!$pwrequest = get_record('usr_password_request', 'key', $SESSION->forgotpasskey)) {
33
        $SESSION->set('forgotpasskey', false);
Nigel McNie's avatar
Nigel McNie committed
34
35
36
        die_info(get_string('nosuchpasswordrequest'));
    }

37
    if (strtotime($pwrequest->expiry) < time()) {
38
        $SESSION->set('forgotpasskey', false);
39
40
41
        die_info(get_string('passwordresetexpired'));
    }

Nigel McNie's avatar
Nigel McNie committed
42
43
44
45
46
47
48
49
50
    $form = array(
        'name' => 'forgotpasschange',
        'method' => 'post',
        'action' => '',
        'autofocus' => true,
        'elements' => array(
            'password1' => array(
                'type' => 'password',
                'title' => get_string('password'),
Gregor Anzelj's avatar
Gregor Anzelj committed
51
52
                'description' => get_password_policy_description('user'),
                'showstrength' => true,
Nigel McNie's avatar
Nigel McNie committed
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
                'rules' => array(
                    'required' => true
                )
            ),
            'password2' => array(
                'type' => 'password',
                'title' => get_string('confirmpassword'),
                'rules' => array(
                    'required' => true
                )
            ),
            'user' => array(
                'type' => 'hidden',
                'value' => $pwrequest->usr
            ),
            'submit' => array(
                'type' => 'submit',
70
                'class' => 'btn-primary',
71
                'value' => get_string('change')
Nigel McNie's avatar
Nigel McNie committed
72
73
74
75
76
            )
        )
    );

    $smarty = smarty();
77
    $smarty->assign('forgotpasschange_form', pieform($form));
78
    $smarty->assign('heading', get_string('changepassword'));
Nigel McNie's avatar
Nigel McNie committed
79
80
    $smarty->display('forgotpass.tpl');
    exit;
81
82
83
}
else {
    define('TITLE', get_string('forgotusernamepassword'));
Nigel McNie's avatar
Nigel McNie committed
84
85
86
87
88
89
90
91
}

$form = array(
    'name'      => 'forgotpass',
    'method'    => 'post',
    'action'    => '',
    'autofocus' => true,
    'elements'  => array(
92
        'emailusername' => array(
Nigel McNie's avatar
Nigel McNie committed
93
            'type' => 'text',
94
            'title' => get_string('emailaddressorusername'),
Nigel McNie's avatar
Nigel McNie committed
95
96
97
98
99
            'description' => get_string('emailaddressdescription'),
            'rules' => array(
                'required' => true,
            )
        ),
100
101
102
        'captcha' => array(
            'type' => 'captcha',
        ),
Nigel McNie's avatar
Nigel McNie committed
103
104
        'submit' => array(
            'type' => 'submit',
105
            'class' => 'btn-primary',
106
            'value' => get_string('sendrequest')
Nigel McNie's avatar
Nigel McNie committed
107
108
109
110
        )
    )
);

111
function forgotpass_submit(Pieform $form, $values) {
Nigel McNie's avatar
Nigel McNie committed
112
113
    global $SESSION;

114
115
116
117
118
119
    $sendemail = true;
    if (!($user = get_record_sql("SELECT u.*
        FROM {usr} u INNER JOIN {auth_instance} ai ON (u.authinstance = ai.id AND ai.active = 1)
        WHERE (LOWER(u.email) = ? OR LOWER(u.username) = ?)
        AND ai.authname = 'internal'", array_fill(0, 2, strtolower($values['emailusername']))))) {
            $sendemail = false;
Nigel McNie's avatar
Nigel McNie committed
120
121
    }

122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
    if ($sendemail) {
        try {
            $pwrequest = new StdClass;
            $pwrequest->usr = $user->id;
            $pwrequest->expiry = db_format_timestamp(time() + 86400);
            $pwrequest->key = get_random_key();
            $sitename = get_config('sitename');
            $fullname = display_name($user);
            // Override the disabled status of this e-mail address
            $user->ignoredisabled = true;
            email_user($user, null,
                get_string('forgotusernamepasswordemailsubject', 'mahara', $sitename),
                get_string('forgotusernamepasswordemailmessagetext', 'mahara',
                    $fullname,
                    $sitename,
                    $user->username,
                    get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key,
                    get_config('wwwroot') . 'contact.php',
                    $sitename),
                get_string('forgotusernamepasswordemailmessagehtml', 'mahara',
                    $fullname,
                    $sitename,
                    $user->username,
                    get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key,
                    get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key,
                    get_config('wwwroot') . 'contact.php',
                    $sitename));
            insert_record('usr_password_request', $pwrequest);
        }
        catch (SQLException $e) {
            die_info(get_string('forgotpassemailsendunsuccessful'));
        }
        catch (EmailException $e) {
            die_info(get_string('forgotpassemailsendunsuccessful'));
156
157
        }

158
159
160
161
162
163
164
        // Add a note if this e-mail address is over the bounce threshold to
        // warn users that they may not receive the e-mail
        if ($mailinfo = get_record_select('artefact_internal_profile_email', '"owner" = ? AND principal = 1', array($user->id))) {
            if (check_overcount($mailinfo)) {
                $SESSION->add_info_msg(get_string('forgotpassemailsentanyway1', 'mahara', get_config('sitename')));
            }
        }
165

166
167
168
        // Unsetting disabled status overriding
        unset($user->ignoredisabled);
    }
Nigel McNie's avatar
Nigel McNie committed
169
    // Add a marker in the session to say that the user has registered
170
    $SESSION->set('pwchangerequested', true);
Nigel McNie's avatar
Nigel McNie committed
171

172
    redirect('/forgotpass.php');
Nigel McNie's avatar
Nigel McNie committed
173
174
}

175
function forgotpasschange_validate(Pieform $form, $values) {
176
177
    $user = new User();
    $user->find_by_id($values['user']);
178
    password_validate($form, $values, $user);
Nigel McNie's avatar
Nigel McNie committed
179
180
181
182
183
184
}

// TODO:
//   password_validate to maharalib, use it in places specified, test with a drop/create run
//   support autofocus => (true|'id'), remove stuff doing autofocus from where it is, focus error fields
//   commit stuff
185
function forgotpasschange_submit(Pieform $form, $values) {
186
    global $SESSION, $USER;
Nigel McNie's avatar
Nigel McNie committed
187

188
    unset($SESSION->forgotpasskey);
189
190
191
192
    try {
        $user = new User();
        $user->find_by_id($values['user']);
    } catch (AuthUnknownUserException $e) {
193
        throw new UserException('Request to change the password for a user who does not exist');
Nigel McNie's avatar
Nigel McNie committed
194
195
    }

196
197
    $authobj = AuthFactory::create($user->authinstance);
    if ($password = $authobj->change_password($user, $values['password1'])) {
Nigel McNie's avatar
Nigel McNie committed
198
199
200
201

        // Remove the password request(s) for the user
        delete_records('usr_password_request', 'usr', $values['user']);

202
203
        ensure_user_account_is_active($user);

204
        $USER->reanimate($user->id, $user->authinstance);
205
206
207
208

        // Destroy other sessions of the user
        remove_user_sessions($USER->get('id'));

Nigel McNie's avatar
Nigel McNie committed
209
        $SESSION->add_ok_msg(get_string('passwordchangedok'));
210
        redirect();
Nigel McNie's avatar
Nigel McNie committed
211
212
213
        exit;
    }

214
    throw new SystemException('User "' . $user->username
Nigel McNie's avatar
Nigel McNie committed
215
216
217
218
        . ' tried to change their password, but the attempt failed');
}

$smarty = smarty();
219
$smarty->assign('forgotpass_form', pieform($form));
220
$smarty->assign('heading', get_string('forgotusernamepassword'));
Nigel McNie's avatar
Nigel McNie committed
221
$smarty->display('forgotpass.tpl');