| [ Index ] |
PHP Cross Reference of Moodle 1.9.3 [Build 15-Oct-2008] |
[Summary view] [Print] [Text view]
1 <?php 2 // $Id: forgot_password.php,v 1.45.2.3 2008/09/01 08:15:38 skodak Exp $ 3 // forgot password routine. 4 // find the user and call the appropriate routine for their authentication 5 // type. 6 7 require_once ('../config.php'); 8 require_once ('forgot_password_form.php'); 9 10 $p_secret = optional_param('p', false, PARAM_RAW); 11 $p_username = optional_param('s', false, PARAM_RAW); 12 13 httpsrequired(); 14 15 $systemcontext = get_context_instance(CONTEXT_SYSTEM); 16 17 // setup text strings 18 $strforgotten = get_string('passwordforgotten'); 19 $strlogin = get_string('login'); 20 21 $navigation = build_navigation(array(array('name' => $strlogin, 'link' => "$CFG->wwwroot/login/index.php", 'type' => 'misc'), 22 array('name' => $strforgotten, 'link' => null, 'type' => 'misc'))); 23 24 // if alternatepasswordurl is defined, then we'll just head there 25 if (!empty($CFG->forgottenpasswordurl)) { 26 redirect($CFG->forgottenpasswordurl); 27 } 28 29 // if you are logged in then you shouldn't be here! 30 if (isloggedin() and !isguestuser()) { 31 redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5); 32 } 33 34 if ($p_secret !== false) { 35 ///===================== 36 /// user clicked on link in email message 37 ///===================== 38 39 update_login_count(); 40 41 $user = get_complete_user_data('username', $p_username); 42 if (!empty($user) and $user->secret === '') { 43 print_header($strforgotten, $strforgotten, $navigation); 44 print_error('secretalreadyused'); 45 46 } else if (!empty($user) and $user->secret == stripslashes($p_secret)) { 47 // make sure that url relates to a valid user 48 49 // check this isn't guest user 50 if (isguestuser($user)) { 51 error('You cannot reset the guest password'); 52 } 53 54 // make sure user is allowed to change password 55 require_capability('moodle/user:changeownpassword', $systemcontext, $user->id); 56 57 // override email stop and mail new password 58 $user->emailstop = 0; 59 if (!reset_password_and_mail($user)) { 60 error('Error resetting password and mailing you'); 61 } 62 63 // Clear secret so that it can not be used again 64 $user->secret = ''; 65 if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) { 66 error('Error resetting user secret string'); 67 } 68 69 reset_login_count(); 70 71 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php"; 72 $a = new object(); 73 $a->email = $user->email; 74 $a->link = $changepasswordurl; 75 76 print_header($strforgotten, $strforgotten, $navigation); 77 notice(get_string('emailpasswordsent', '', $a), $changepasswordurl); 78 79 } else { 80 if (!empty($user) and strlen($p_secret) === 15) { 81 // somebody probably tries to hack in by guessing secret - stop them! 82 set_field('user', 'secret', '', 'id', $user->id); 83 } 84 print_header($strforgotten, $strforgotten, $navigation); 85 print_error('forgotteninvalidurl'); 86 } 87 88 die; //never reached 89 } 90 91 $mform = new login_forgot_password_form(); 92 93 if ($mform->is_cancelled()) { 94 redirect($CFG->httpswwwroot.'/login/index.php'); 95 96 } else if ($data = $mform->get_data()) { 97 /// find the user in the database and mail info 98 99 // first try the username 100 if (!empty($data->username)) { 101 $user = get_complete_user_data('username', $data->username); 102 } else { 103 104 $user = get_complete_user_data('email', $data->email); 105 } 106 107 if ($user and !empty($user->confirmed)) { 108 109 $userauth = get_auth_plugin($user->auth); 110 if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) { 111 // send email (make sure mail block is off) 112 $user->mailstop = 0; 113 } 114 115 if ($userauth->can_reset_password() and is_enabled_auth($user->auth) 116 and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) { 117 // send reset password confirmation 118 119 // set 'secret' string 120 $user->secret = random_string(15); 121 if (!set_field('user', 'secret', $user->secret, 'id', $user->id)) { 122 error('error setting user secret string'); 123 } 124 125 if (!send_password_change_confirmation_email($user)) { 126 error('error sending password change confirmation email'); 127 } 128 129 } else { 130 if (!send_password_change_info($user)) { 131 error('error sending password change confirmation email'); 132 } 133 } 134 } 135 136 print_header($strforgotten, $strforgotten, $navigation); 137 138 if (empty($user->email) or !empty($CFG->protectusernames)) { 139 // Print general confirmation message 140 notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php'); 141 142 } else { 143 // Confirm email sent 144 $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy 145 $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail); 146 notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php'); 147 } 148 149 die; // never reached 150 } 151 152 153 /// DISPLAY FORM 154 print_header($strforgotten, $strforgotten, $navigation, 'id_email'); 155 156 print_box(get_string('passwordforgotteninstructions'), 'generalbox boxwidthnormal boxaligncenter'); 157 $mform->display(); 158 159 print_footer(); 160 161 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Jan 14 11:33:29 2009 | Cross-referenced by PHPXref 0.7 |