migrated signup.php over to using new formslib
[moodle.git] / login / forgot_password.php
CommitLineData
ce9256f1 1<?php
2// $Id$
36058432 3// forgot password routine.
4// find the user and call the appropriate routine for their authentication
5// type.
f9903ed0 6
36058432 7require_once('../config.php');
8httpsrequired();
f9903ed0 9
f9903ed0 10
36058432 11//******************************
12// GET PARAMS AND STRINGS
13//******************************
8e370bb6 14
869b144e 15// parameters from form
36058432 16$param = new StdClass;
17$param->action = optional_param( 'action','',PARAM_ALPHA );
18$param->email = optional_param( 'email','',PARAM_CLEAN );
19$param->p = optional_param( 'p','',PARAM_CLEAN );
20$param->s = optional_param( 's','',PARAM_CLEAN );
21$param->username = optional_param( 'username','',PARAM_CLEAN );
f9903ed0 22
869b144e 23// setup text strings
36058432 24$txt = new StdClass;
25$txt->cancel = get_string('cancel');
26$txt->confirmednot = get_string('confirmednot');
27$txt->email = get_string('email');
28$txt->emailnotfound = get_string('emailnotfound');
29$txt->forgotten = get_string('passwordforgotten');
869b144e 30$txt->forgottenduplicate = get_string('forgottenduplicate','moodle',get_admin() );
36058432 31$txt->forgotteninstructions = get_string('passwordforgotteninstructions');
32$txt->invalidemail = get_string('invalidemail');
33$txt->login = get_string('login');
34$txt->loginalready = get_string('loginalready');
35$txt->ok = get_string('ok');
36$txt->passwordextlink = get_string('passwordextlink');
37$txt->passwordnohelp = get_string('passwordnohelp');
38$txt->senddetails = get_string('senddetails');
39$txt->username = get_string('username');
40$txt->usernameemailmatch = get_string('usernameemailmatch');
41$txt->usernamenotfound = get_string('usernamenotfound');
f9903ed0 42
36058432 43$sesskey = sesskey();
44$errors = array();
45$page = ''; // page to display
eb347b6b 46
eb347b6b 47
36058432 48//******************************
49// PROCESS ACTIONS
50//******************************
39eece7b 51
36058432 52// if you are logged in then you shouldn't be here!
cbfad05c 53if (isloggedin() && !isguest()) {
8820365c 54 redirect( $CFG->wwwroot.'/index.php', $txt->loginalready, 5 );
36058432 55}
eb347b6b 56
36058432 57// changepassword link replaced by individual auth setting
58$auth = $CFG->auth; // the 'default' authentication method
59if (!empty($CFG->changepassword)) {
60 if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) {
61 set_config('auth_'.$auth.'_changepasswordurl',$CFG->changepassword );
62 }
63 set_config('changepassword','');
64}
65
66// ACTION = FIND
67if ($param->action=='find' and confirm_sesskey()) {
68 // find the user in the database
eb347b6b 69
36058432 70 // first try the username
71 if (!empty($param->username)) {
72 if (!$user=get_complete_user_data('username',$param->username)) {
73 $errors[] = $txt->usernamenotfound;
eb347b6b 74 }
eb347b6b 75 }
76
36058432 77 // now try email
78 if (!empty($param->email)) {
79 // validate email address 1st
80 if (!validate_email( $param->email )) {
81 $errors[] = $txt->invalidemail;
82 }
869b144e 83 elseif (count_records('user','email',$param->email) > 1) {
84 // (if there is more than one instance of the email then we
85 // cannot complete automated recovery)
86 $page = 'duplicateemail';
87
88 // just clear everything - we drop through to message page
89 unset( $user );
90 unset( $email );
91 $errors = array();
92 }
36058432 93 elseif (!$mailuser = get_complete_user_data('email',$param->email)) {
94 $errors[] = $txt->emailnotfound;
8d030053 95 }
96
36058432 97 // just in case they did specify both...
98 // if $user exists then check they actually match (then just use $user)
99 if (!empty($user) and !empty($mailuser)) {
100 if ($user->id != $mailuser->id) {
101 $errors[] = $txt->usernameemailmatch;
102 }
103 $user = $mailuser;
104 }
eb347b6b 105
36058432 106 // use email user if username not used or located
107 if (!empty($mailuser) and empty($user)) {
807913a6 108 $user = $mailuser;
36058432 109 }
110 }
f9903ed0 111
36058432 112 // if user located (and no errors) take the appropriate action
113 if (!empty($user) and (count($errors)==0)) {
114 // check this user isn't 'unconfirmed'
115 if (empty($user->confirmed)) {
116 $errors[] = $txt->confirmednot;
117 }
118 else {
119 // what to do depends on the authentication method
120 $authmethod = $user->auth;
121 if (is_internal_auth( $authmethod ) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) {
122 // handle internal authentication
123
124 // set 'secret' string
125 $user->secret = random_string( 15 );
126 if (!set_field('user','secret',$user->secret,'id',$user->id)) {
127 error( 'error setting user secret string' );
128 }
5c0567b4 129
36058432 130 // send email (make sure mail block is off)
131 $user->mailstop = 0;
132 if (!send_password_change_confirmation_email($user)) {
133 error( 'error sending password change confirmation email' );
134 }
135
136 // display confirm message
137 $page = 'emailconfirm';
5c0567b4 138 }
36058432 139 else {
140 // handle some 'external' authentication
141 // if help text defined then we are going to display another page
142 $txt->extmessage = '';
143 $continue = false;
144 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordhelp'} )) {
145 $txt->extmessage = $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'<br /><br />';
146 }
147 // if url defined then add that to the message (with a standard message)
148 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordurl'} )) {
149 $txt->extmessage .= $txt->passwordextlink . '<br /><br />';
150 $link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'};
151 $txt->extmessage .= "<a href=\"$link\">$link</a>";
152 }
153 // if nothing to display, just do message that we can't help
154 if (empty($txt->extmessage)) {
155 $txt->extmessage = $txt->passwordextlink;
156 $continue = true;
157 }
158 $page = 'external';
0bb2c9f7 159 }
36058432 160 }
161 }
0bb2c9f7 162
36058432 163 // nothing supplied - error
164 if (empty($param->username) and empty($param->email)) {
165 $errors[] = 'no email or username';
166 }
6a5a62b0 167
168 if ($page != 'external' and !empty($CFG->protectusernames)) {
169 // do not give any hints about usernames or email!
170 $errors = array();
171 $page = 'emailmaybeconfirmed';
172 }
36058432 173}
49258159 174
36058432 175// ACTION = AUTHENTICATE
176if (!empty($param->p) and !empty($param->s)) {
f9903ed0 177
36058432 178 update_login_count();
f4598dac 179 $user = get_complete_user_data('username',$param->s);
36058432 180
181 // make sure that url relates to a valid user
182 if (!empty($user)) {
183 // check this isn't guest user
184 if (isguest( $user->id )) {
185 error('You cannot change the guest password');
eb347b6b 186 }
f9903ed0 187
36058432 188 // override email stop and mail new password
189 $user->emailstop = 0;
190 if (!reset_password_and_mail($user)) {
191 error( 'Error resetting password and mailing you' );
894ff63f 192 }
36058432 193
194 reset_login_count();
195 $page = 'emailsent';
196
807913a6 197 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php?action=forgot";
36058432 198 $a->email = $user->email;
199 $a->link = $changepasswordurl;
200 $txt->emailpasswordsent = get_string( 'emailpasswordsent', '', $a );
894ff63f 201 }
f9903ed0 202
36058432 203}
f9903ed0 204
205
36058432 206//******************************
207// DISPLAY PART
208//******************************
209
210print_header( $txt->forgotten, $txt->forgotten,
211 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$txt->login}</a>->{$txt->forgotten}",
212 'form.email' );
f9903ed0 213
6a5a62b0 214if ($page=='emailmaybeconfirmed') {
215 // Print general confirmation message
216 notice(get_string('emailpasswordconfirmmaybesent'),$CFG->wwwroot.'/index.php');
36058432 217}
f9903ed0 218
36058432 219// check $page for appropriate page to display
220if ($page=='emailconfirm') {
221 // Confirm (internal method) email sent
95b451d5 222 $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
805f61dd 223 $txt->emailpasswordconfirmsent = get_string( 'emailpasswordconfirmsent','',$protectedemail );
8820365c 224 notice( $txt->emailpasswordconfirmsent,$CFG->wwwroot.'/index.php');
36058432 225}
f9903ed0 226
36058432 227elseif ($page=='external') {
228 // display change password help text
229 print_simple_box( $txt->extmessage, 'center', '50%','','20','noticebox' );
f9903ed0 230
36058432 231 // only print continue button if it makes sense
232 if ($continue) {
8820365c 233 print_continue($CFG->wwwroot.'/index.php');
36058432 234 }
235}
f9903ed0 236
36058432 237elseif ($page=='emailsent') {
238 // mail sent with new password
239 notice( $txt->emailpasswordsent, $changepasswordurl );
f9903ed0 240}
241
869b144e 242elseif ($page=='duplicateemail') {
243 // email address appears more than once
8820365c 244 notice( $txt->forgottenduplicate, $CFG->wwwroot.'/index.php');
869b144e 245}
246
36058432 247else {
6a5a62b0 248 echo '<br />';
249 print_simple_box_start('center','50%','','20');
250
251 // display any errors
252 if (count($errors)) {
253 echo "<ul class=\"errors\">\n";
254 foreach ($errors as $error) {
255 echo " <li>$error</li>\n";
256 }
257 echo "</ul>\n";
258 }
259
36058432 260?>
261
262<p><?php echo $txt->forgotteninstructions; ?></p>
263
264<form action="forgot_password.php" method="post">
265 <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
266 <input type="hidden" name="action" value="find" />
267 <table id="forgottenpassword">
268 <tr>
269 <td><?php echo $txt->username; ?></td>
270 <td><input type="text" name="username" size="25" /></td>
271 </tr>
272 <tr>
273 <td><?php echo $txt->email; ?></td>
274 <td><input type="text" name="email" size="25" /></td>
275 </tr>
276 <tr>
277 <td>&nbsp;</td>
278 <td><input type="submit" value="<?php echo $txt->ok; ?>" />
279 <input type="button" value="<?php echo $txt->cancel; ?>"
280 onclick="javascript: history.go(-1)" /></td>
281 </tr>
282 </table>
283
284
285</form>
f9903ed0 286
36058432 287<?php
288}
289
290print_simple_box_end();
291print_footer();
f9903ed0 292?>
36058432 293
294
295