MDL-9628 Fixed sorting
[moodle-pu.git] / login / forgot_password.php
blob6244ace64eb2b18dc73395cdf9d0c25ff453b689
1 <?php
2 // $Id$
3 // forgot password routine.
4 // find the user and call the appropriate routine for their authentication
5 // type.
7 require_once('../config.php');
8 require_once('forgot_password_form.php');
10 $p_secret = optional_param('p', false, PARAM_RAW);
11 $p_username = optional_param('s', false, PARAM_RAW);
13 httpsrequired();
15 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
17 // setup text strings
18 $strforgotten = get_string('passwordforgotten');
19 $strlogin = get_string('login');
21 // if you are logged in then you shouldn't be here!
22 if (isloggedin() and !isguestuser()) {
23 redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5);
26 if ($p_secret !== false) {
27 ///=====================
28 /// user clicked on link in email message
29 ///=====================
31 update_login_count();
33 $user = get_complete_user_data('username', $p_username);
35 if (!empty($user) and $user->secret === '') {
36 print_header($strforgotten, $strforgotten,
37 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}");
38 error(get_string('secretalreadyused'));
40 } else if (!empty($user) and $user->secret == stripslashes($p_secret)) {
41 // make sure that url relates to a valid user
43 // check this isn't guest user
44 if (isguestuser($user)) {
45 error('You cannot reset the guest password');
48 // make sure user is allowed to change password
49 require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
51 // override email stop and mail new password
52 $user->emailstop = 0;
53 if (!reset_password_and_mail($user)) {
54 error('Error resetting password and mailing you');
57 // Clear secret so that it can not be used again
58 $user->secret = '';
59 if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
60 error('Error resetting user secret string');
63 reset_login_count();
65 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
66 $a = new object();
67 $a->email = $user->email;
68 $a->link = $changepasswordurl;
70 print_header($strforgotten, $strforgotten,
71 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}");
72 notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
74 } else {
75 print_header($strforgotten, $strforgotten,
76 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}");
77 error(get_string('forgotteninvalidurl'));
80 die; //never reached
83 $mform = new login_forgot_password_form();
85 if ($mform->is_cancelled()) {
86 redirect($CFG->httpswwwroot.'/login/index.php');
88 } else if ($data = $mform->get_data()) {
89 /// find the user in the database and mail info
91 // first try the username
92 if (!empty($data->username)) {
93 $user = get_complete_user_data('username', $data->username);
94 } else {
96 $user = get_complete_user_data('email', $data->email);
99 if ($user and !empty($user->confirmed)) {
101 $userauth = get_auth_plugin($user->auth);
102 if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
103 // send email (make sure mail block is off)
104 $user->mailstop = 0;
107 if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
108 and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
109 // send reset password confirmation
111 // set 'secret' string
112 $user->secret = random_string(15);
113 if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
114 error('error setting user secret string');
117 if (!send_password_change_confirmation_email($user)) {
118 error('error sending password change confirmation email');
121 } else {
122 if (!send_password_change_info($user)) {
123 error('error sending password change confirmation email');
128 print_header($strforgotten, $strforgotten,
129 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}");
131 if (empty($user->email) or !empty($CFG->protectusernames)) {
132 // Print general confirmation message
133 notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php');
135 } else {
136 // Confirm email sent
137 $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
138 $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
139 notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
142 die; // never reached
146 /// DISPLAY FORM
147 print_header($strforgotten, $strforgotten,
148 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}", 'id_email');
150 print_box(get_string('passwordforgotteninstructions'), 'generalbox boxwidthnormal boxaligncenter');
151 $mform->display();
153 print_footer();