Automatically generated installer lang files
[moodle.git] / login / forgot_password.php
CommitLineData
1d284fbd 1<?php
8570cff0 2
c30949a9
PS
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * Forgot password routine.
20 *
21 * Finds the user and calls the appropriate routine for their authentication type.
22 *
23 * @package core
24 * @subpackage auth
25 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
26 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
27 */
28
29require('../config.php');
4adc9c4f 30require_once('forgot_password_form.php');
f9903ed0 31
4adc9c4f 32$p_secret = optional_param('p', false, PARAM_RAW);
33$p_username = optional_param('s', false, PARAM_RAW);
f9903ed0 34
17c70aa0
PS
35//HTTPS is required in this page when $CFG->loginhttps enabled
36$PAGE->https_required();
8e370bb6 37
c30949a9 38$PAGE->set_url('/login/forgot_password.php');
17c70aa0 39$systemcontext = get_context_instance(CONTEXT_SYSTEM);
7412bd91 40$PAGE->set_context($systemcontext);
f9903ed0 41
869b144e 42// setup text strings
c57dcb62 43$strforgotten = get_string('passwordforgotten');
44$strlogin = get_string('login');
eb347b6b 45
91152a35 46$PAGE->navbar->add($strlogin, get_login_url());
86bb4f92 47$PAGE->navbar->add($strforgotten);
c30949a9
PS
48$PAGE->set_title($strforgotten);
49$PAGE->set_heading($COURSE->fullname);
0be6f678 50
fcd0ddbf 51// if alternatepasswordurl is defined, then we'll just head there
52if (!empty($CFG->forgottenpasswordurl)) {
53 redirect($CFG->forgottenpasswordurl);
54}
55
36058432 56// if you are logged in then you shouldn't be here!
c57dcb62 57if (isloggedin() and !isguestuser()) {
58 redirect($CFG->wwwroot.'/index.php', get_string('loginalready'), 5);
36058432 59}
eb347b6b 60
c57dcb62 61if ($p_secret !== false) {
4adc9c4f 62///=====================
63/// user clicked on link in email message
64///=====================
f9903ed0 65
36058432 66 update_login_count();
36058432 67
ff72b8d1
PS
68 $user = $DB->get_record('user', array('username'=>$p_username, 'mnethostid'=>$CFG->mnet_localhost_id, 'deleted'=>0, 'suspended'=>0));
69
70 if ($user and ($user->auth === 'nologin' or !is_enabled_auth($user->auth))) {
71 // bad luck - user is not able to login, do not let them reset password
72 $user = false;
73 }
74
4adc9c4f 75 if (!empty($user) and $user->secret === '') {
86bb4f92 76 echo $OUTPUT->header();
5a2a5331 77 print_error('secretalreadyused');
294ce987 78 } else if (!empty($user) and $user->secret == $p_secret) {
4adc9c4f 79 // make sure that url relates to a valid user
80
36058432 81 // check this isn't guest user
1cb3da36 82 if (isguestuser($user)) {
5c221654 83 print_error('cannotresetguestpwd');
eb347b6b 84 }
f9903ed0 85
1cb3da36 86 // make sure user is allowed to change password
87 require_capability('moodle/user:changeownpassword', $systemcontext, $user->id);
88
36058432 89 if (!reset_password_and_mail($user)) {
5c221654 90 print_error('cannotresetmail');
4adc9c4f 91 }
92
93 // Clear secret so that it can not be used again
94 $user->secret = '';
a8c31db2 95 $DB->set_field('user', 'secret', $user->secret, array('id'=>$user->id));
36058432 96
97 reset_login_count();
1d284fbd 98
4adc9c4f 99 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php";
8e803c3f 100 $a = new stdClass();
36058432 101 $a->email = $user->email;
102 $a->link = $changepasswordurl;
c57dcb62 103
86bb4f92 104 echo $OUTPUT->header();
c57dcb62 105 notice(get_string('emailpasswordsent', '', $a), $changepasswordurl);
106
14bac768 107 } else {
e6b2b5bb 108 if (!empty($user) and strlen($p_secret) === 15) {
109 // somebody probably tries to hack in by guessing secret - stop them!
110 $DB->set_field('user', 'secret', '', array('id'=>$user->id));
111 }
86bb4f92 112 echo $OUTPUT->header();
5a2a5331 113 print_error('forgotteninvalidurl');
894ff63f 114 }
f9903ed0 115
c57dcb62 116 die; //never reached
36058432 117}
f9903ed0 118
c57dcb62 119$mform = new login_forgot_password_form();
f9903ed0 120
c57dcb62 121if ($mform->is_cancelled()) {
93f66983 122 redirect(get_login_url());
f9903ed0 123
c57dcb62 124} else if ($data = $mform->get_data()) {
125/// find the user in the database and mail info
4adc9c4f 126
c57dcb62 127 // first try the username
128 if (!empty($data->username)) {
f8311def 129 $username = textlib::strtolower($data->username); // mimic the login page process, if they forget username they need to use email for reset
ff72b8d1
PS
130 $user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id, 'deleted'=>0, 'suspended'=>0));
131
c57dcb62 132 } else {
ff72b8d1
PS
133 // this is tricky because
134 // 1/ the email is not guaranteed to be unique - TODO: send email with all usernames to select the correct account for pw reset
135 // 2/ mailbox may be case sensitive, the email domain is case insensitive - let's pretend it is all case-insensitive
c57dcb62 136
ff72b8d1
PS
137 $select = $DB->sql_like('email', ':email', false, true, false, '|'). " AND mnethostid = :mnethostid AND deleted=0 AND suspended=0";
138 $params = array('email'=>$DB->sql_like_escape($data->email, '|'), 'mnethostid'=>$CFG->mnet_localhost_id);
139 $user = $DB->get_record_select('user', $select, $params, '*', IGNORE_MULTIPLE);
c57dcb62 140 }
141
142 if ($user and !empty($user->confirmed)) {
f9903ed0 143
c57dcb62 144 $userauth = get_auth_plugin($user->auth);
1cb3da36 145 if (has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
46505ee7 146 // send email
1cb3da36 147 }
4adc9c4f 148
1cb3da36 149 if ($userauth->can_reset_password() and is_enabled_auth($user->auth)
150 and has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
151 // send reset password confirmation
c57dcb62 152
153 // set 'secret' string
154 $user->secret = random_string(15);
a8c31db2 155 $DB->set_field('user', 'secret', $user->secret, array('id'=>$user->id));
c57dcb62 156
c57dcb62 157 if (!send_password_change_confirmation_email($user)) {
5c221654 158 print_error('cannotmailconfirm');
c57dcb62 159 }
160
161 } else {
c57dcb62 162 if (!send_password_change_info($user)) {
5c221654 163 print_error('cannotmailconfirm');
c57dcb62 164 }
6a5a62b0 165 }
6a5a62b0 166 }
36058432 167
86bb4f92 168 echo $OUTPUT->header();
c57dcb62 169
170 if (empty($user->email) or !empty($CFG->protectusernames)) {
171 // Print general confirmation message
172 notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot.'/index.php');
173
174 } else {
175 // Confirm email sent
176 $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
177 $stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
178 notice($stremailpasswordconfirmsent, $CFG->wwwroot.'/index.php');
179 }
180
181 die; // never reached
db061ab2 182}
36058432 183
17c70aa0
PS
184// make sure we really are on the https page when https login required
185$PAGE->verify_https_required();
186
c57dcb62 187
188/// DISPLAY FORM
c57dcb62 189
86bb4f92 190echo $OUTPUT->header();
95e88597 191echo $OUTPUT->box(get_string('passwordforgotteninstructions2'), 'generalbox boxwidthnormal boxaligncenter');
c57dcb62 192$mform->display();
193
615ed8dc 194echo $OUTPUT->footer();