login/forgot_password.php

   1 <?php
   2 // $Id$
   3 // forgot password routine.
   4 // find the user and call the appropriate routine for their authentication
   5 // type.
   6
   7 require_once('../config.php');
   8 require_once('forgot_password_form.php');
   9
  10 $p_secret   = optional_param('p', false, PARAM_RAW);
  11 $p_username = optional_param('s', false, PARAM_RAW);
  12
  13 httpsrequired();
  14
  15 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
  16
  17 // setup text strings
  18 $strforgotten = get_string('passwordforgotten');
  19 $strlogin     = get_string('login');
  20
  21 $navigation = build_navigation(array(array('name' => $strlogin, 'link' => "$CFG->wwwroot/login/index.php", 'type' => 'misc'),
  22                                      array('name' => $strforgotten, 'link' => null, 'type' => 'misc')));
  23
  24 // if alternatepasswordurl is defined, then we'll just head there
  25 if (!empty($CFG->forgottenpasswordurl)) {
  26     redirect($CFG->forgottenpasswordurl);
  27 }
  28
  29 // if you are logged in then you shouldn't be here!
  30 if (isloggedin() and !isguestuser()) {
  31     redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5);
  32 }
  33
  34 if ($p_secret !== false) {
  35 ///=====================
  36 /// user clicked on link in email message
  37 ///=====================
  38
  39     update_login_count();
  40
  41     $user = get_complete_user_data('username', $p_username);
  42     if (!empty($user) and $user->secret === '') {
  43         print_header($strforgotten, $strforgotten, $navigation);
  44         error(get_string('secretalreadyused'));
  45
  46     } else if (!empty($user) and $user->secret == stripslashes($p_secret)) {
  47         // make sure that url relates to a valid user
  48
  49         // check this isn't guest user
  50         if (isguestuser($user)) {
  51             error('You cannot reset the guest password');
  52         }
  53
  54         // make sure user is allowed to change password
  55         require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
  56
  57         // override email stop and mail new password
  58         $user->emailstop = 0;
  59         if (!reset_password_and_mail($user)) {
  60             error('Error resetting password and mailing you');
  61         }
  62
  63         // Clear secret so that it can not be used again
  64         $user->secret = '';
  65         if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
  66             error('Error resetting user secret string');
  67         }
  68
  69         reset_login_count();
  70
  71         $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
  72         $a = new object();
  73         $a->email = $user->email;
  74         $a->link = $changepasswordurl;
  75
  76         print_header($strforgotten, $strforgotten, $navigation);
  77         notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
  78
  79     } else {
  80         print_header($strforgotten, $strforgotten, $navigation);
  81         error(get_string('forgotteninvalidurl'));
  82     }
  83
  84     die; //never reached
  85 }
  86
  87 $mform = new login_forgot_password_form();
  88
  89 if ($mform->is_cancelled()) {
  90     redirect($CFG->httpswwwroot.'/login/index.php');
  91
  92 } else if ($data = $mform->get_data()) {
  93 /// find the user in the database and mail info
  94
  95     // first try the username
  96     if (!empty($data->username)) {
  97         $user = get_complete_user_data('username', $data->username);
  98     } else {
  99
 100         $user = get_complete_user_data('email', $data->email);
 101     }
 102
 103     if ($user and !empty($user->confirmed)) {
 104
 105         $userauth = get_auth_plugin($user->auth);
 106         if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 107             // send email (make sure mail block is off)
 108             $user->mailstop = 0;
 109         }
 110
 111         if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
 112           and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 113             // send reset password confirmation
 114
 115             // set 'secret' string
 116             $user->secret = random_string(15);
 117             if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
 118                 error('error setting user secret string');
 119             }
 120
 121             if (!send_password_change_confirmation_email($user)) {
 122                 error('error sending password change confirmation email');
 123             }
 124
 125         } else {
 126             if (!send_password_change_info($user)) {
 127                 error('error sending password change confirmation email');
 128             }
 129         }
 130     }
 131
 132     print_header($strforgotten, $strforgotten, $navigation);
 133
 134     if (empty($user->email) or !empty($CFG->protectusernames)) {
 135         // Print general confirmation message
 136         notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php');
 137
 138     } else {
 139         // Confirm email sent
 140         $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
 141         $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
 142         notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
 143     }
 144
 145     die; // never reached
 146 }
 147
 148
 149 /// DISPLAY FORM
 150 print_header($strforgotten, $strforgotten, $navigation, 'id_email');
 151
 152 print_box(get_string('passwordforgotteninstructions'), 'generalbox boxwidthnormal boxaligncenter');
 153 $mform->display();
 154
 155 print_footer();
 156
 157 ?>