login/forgot_password.php

   1 <?php
   2 // $Id$
   3 // forgot password routine.
   4 // find the user and call the appropriate routine for their authentication
   5 // type.
   6
   7 require_once('../config.php');
   8 require_once('forgot_password_form.php');
   9
  10 $p_secret   = optional_param('p', false, PARAM_RAW);
  11 $p_username = optional_param('s', false, PARAM_RAW);
  12
  13 httpsrequired();
  14
  15 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
  16
  17 // setup text strings
  18 $strforgotten = get_string('passwordforgotten');
  19 $strlogin     = get_string('login');
  20
  21 // if you are logged in then you shouldn't be here!
  22 if (isloggedin() and !isguestuser()) {
  23     redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5);
  24 }
  25
  26 if ($p_secret !== false) {
  27 ///=====================
  28 /// user clicked on link in email message
  29 ///=====================
  30
  31     update_login_count();
  32
  33     $user = get_complete_user_data('username', $p_username);
  34
  35     if (!empty($user) and $user->secret === '') {
  36         print_header($strforgotten, $strforgotten,
  37             "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}");
  38         error(get_string('secretalreadyused'));
  39
  40     } else if (!empty($user) and $user->secret == stripslashes($p_secret)) {
  41         // make sure that url relates to a valid user
  42
  43         // check this isn't guest user
  44         if (isguestuser($user)) {
  45             error('You cannot reset the guest password');
  46         }
  47
  48         // make sure user is allowed to change password
  49         require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
  50
  51         // override email stop and mail new password
  52         $user->emailstop = 0;
  53         if (!reset_password_and_mail($user)) {
  54             error('Error resetting password and mailing you');
  55         }
  56
  57         // Clear secret so that it can not be used again
  58         $user->secret = '';
  59         if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
  60             error('Error resetting user secret string');
  61         }
  62
  63         reset_login_count();
  64
  65         $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
  66         $a = new object();
  67         $a->email = $user->email;
  68         $a->link = $changepasswordurl;
  69
  70         print_header($strforgotten, $strforgotten,
  71             "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}");
  72         notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
  73
  74     } else {
  75         print_header($strforgotten, $strforgotten,
  76             "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}");
  77         error(get_string('forgotteninvalidurl'));
  78     }
  79
  80     die; //never reached
  81 }
  82
  83 $mform = new login_forgot_password_form();
  84
  85 if ($mform->is_cancelled()) {
  86     redirect($CFG->httpswwwroot.'/login/index.php');
  87
  88 } else if ($data = $mform->get_data()) {
  89 /// find the user in the database and mail info
  90
  91     // first try the username
  92     if (!empty($data->username)) {
  93         $user = get_complete_user_data('username', $data->username);
  94     } else {
  95
  96         $user = get_complete_user_data('email', $data->email);
  97     }
  98
  99     if ($user and !empty($user->confirmed)) {
 100
 101         $userauth = get_auth_plugin($user->auth);
 102         if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 103             // send email (make sure mail block is off)
 104             $user->mailstop = 0;
 105         }
 106
 107         if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
 108           and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
 109             // send reset password confirmation
 110
 111             // set 'secret' string
 112             $user->secret = random_string(15);
 113             if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) {
 114                 error('error setting user secret string');
 115             }
 116
 117             if (!send_password_change_confirmation_email($user)) {
 118                 error('error sending password change confirmation email');
 119             }
 120
 121         } else {
 122             if (!send_password_change_info($user)) {
 123                 error('error sending password change confirmation email');
 124             }
 125         }
 126     }
 127
 128     print_header($strforgotten, $strforgotten,
 129         "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}");
 130
 131     if (empty($user->email) or !empty($CFG->protectusernames)) {
 132         // Print general confirmation message
 133         notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php');
 134
 135     } else {
 136         // Confirm email sent
 137         $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
 138         $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
 139         notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
 140     }
 141
 142     die; // never reached
 143 }
 144
 145
 146 /// DISPLAY FORM
 147 print_header($strforgotten, $strforgotten,
 148     "<a href=\"{$CFG->wwwroot}/login/index.php\">{$strlogin}</a>->{$strforgotten}", 'id_email');
 149
 150 print_box(get_string('passwordforgotteninstructions'), 'generalbox boxwidthnormal boxaligncenter');
 151 $mform->display();
 152
 153 print_footer();
 154
 155 ?>