adding capabilities
[moodle.git] / login / forgot_password.php
CommitLineData
ce9256f1 1<?php
2// $Id$
36058432 3// forgot password routine.
4// find the user and call the appropriate routine for their authentication
5// type.
f9903ed0 6
36058432 7require_once('../config.php');
8httpsrequired();
f9903ed0 9
f9903ed0 10
36058432 11//******************************
12// GET PARAMS AND STRINGS
13//******************************
8e370bb6 14
869b144e 15// parameters from form
36058432 16$param = new StdClass;
17$param->action = optional_param( 'action','',PARAM_ALPHA );
18$param->email = optional_param( 'email','',PARAM_CLEAN );
19$param->p = optional_param( 'p','',PARAM_CLEAN );
20$param->s = optional_param( 's','',PARAM_CLEAN );
21$param->username = optional_param( 'username','',PARAM_CLEAN );
f9903ed0 22
869b144e 23// setup text strings
36058432 24$txt = new StdClass;
25$txt->cancel = get_string('cancel');
26$txt->confirmednot = get_string('confirmednot');
27$txt->email = get_string('email');
28$txt->emailnotfound = get_string('emailnotfound');
29$txt->forgotten = get_string('passwordforgotten');
869b144e 30$txt->forgottenduplicate = get_string('forgottenduplicate','moodle',get_admin() );
36058432 31$txt->forgotteninstructions = get_string('passwordforgotteninstructions');
32$txt->invalidemail = get_string('invalidemail');
33$txt->login = get_string('login');
34$txt->loginalready = get_string('loginalready');
35$txt->ok = get_string('ok');
36$txt->passwordextlink = get_string('passwordextlink');
37$txt->passwordnohelp = get_string('passwordnohelp');
38$txt->senddetails = get_string('senddetails');
39$txt->username = get_string('username');
40$txt->usernameemailmatch = get_string('usernameemailmatch');
41$txt->usernamenotfound = get_string('usernamenotfound');
f9903ed0 42
36058432 43$sesskey = sesskey();
44$errors = array();
45$page = ''; // page to display
eb347b6b 46
eb347b6b 47
36058432 48//******************************
49// PROCESS ACTIONS
50//******************************
39eece7b 51
36058432 52// if you are logged in then you shouldn't be here!
cbfad05c 53if (isloggedin() && !isguest()) {
8820365c 54 redirect( $CFG->wwwroot.'/index.php', $txt->loginalready, 5 );
36058432 55}
eb347b6b 56
36058432 57// changepassword link replaced by individual auth setting
58$auth = $CFG->auth; // the 'default' authentication method
59if (!empty($CFG->changepassword)) {
60 if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) {
61 set_config('auth_'.$auth.'_changepasswordurl',$CFG->changepassword );
62 }
63 set_config('changepassword','');
64}
65
66// ACTION = FIND
67if ($param->action=='find' and confirm_sesskey()) {
68 // find the user in the database
eb347b6b 69
36058432 70 // first try the username
71 if (!empty($param->username)) {
72 if (!$user=get_complete_user_data('username',$param->username)) {
73 $errors[] = $txt->usernamenotfound;
eb347b6b 74 }
eb347b6b 75 }
76
36058432 77 // now try email
78 if (!empty($param->email)) {
79 // validate email address 1st
80 if (!validate_email( $param->email )) {
81 $errors[] = $txt->invalidemail;
82 }
869b144e 83 elseif (count_records('user','email',$param->email) > 1) {
84 // (if there is more than one instance of the email then we
85 // cannot complete automated recovery)
86 $page = 'duplicateemail';
87
88 // just clear everything - we drop through to message page
89 unset( $user );
90 unset( $email );
91 $errors = array();
92 }
36058432 93 elseif (!$mailuser = get_complete_user_data('email',$param->email)) {
94 $errors[] = $txt->emailnotfound;
8d030053 95 }
96
36058432 97 // just in case they did specify both...
98 // if $user exists then check they actually match (then just use $user)
99 if (!empty($user) and !empty($mailuser)) {
100 if ($user->id != $mailuser->id) {
101 $errors[] = $txt->usernameemailmatch;
102 }
103 $user = $mailuser;
104 }
eb347b6b 105
36058432 106 // use email user if username not used or located
107 if (!empty($mailuser) and empty($user)) {
807913a6 108 $user = $mailuser;
36058432 109 }
110 }
f9903ed0 111
36058432 112 // if user located (and no errors) take the appropriate action
113 if (!empty($user) and (count($errors)==0)) {
114 // check this user isn't 'unconfirmed'
115 if (empty($user->confirmed)) {
116 $errors[] = $txt->confirmednot;
117 }
118 else {
119 // what to do depends on the authentication method
120 $authmethod = $user->auth;
121 if (is_internal_auth( $authmethod ) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) {
122 // handle internal authentication
123
124 // set 'secret' string
125 $user->secret = random_string( 15 );
126 if (!set_field('user','secret',$user->secret,'id',$user->id)) {
127 error( 'error setting user secret string' );
128 }
5c0567b4 129
36058432 130 // send email (make sure mail block is off)
131 $user->mailstop = 0;
132 if (!send_password_change_confirmation_email($user)) {
133 error( 'error sending password change confirmation email' );
134 }
135
136 // display confirm message
137 $page = 'emailconfirm';
5c0567b4 138 }
36058432 139 else {
140 // handle some 'external' authentication
141 // if help text defined then we are going to display another page
142 $txt->extmessage = '';
143 $continue = false;
144 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordhelp'} )) {
145 $txt->extmessage = $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'<br /><br />';
146 }
147 // if url defined then add that to the message (with a standard message)
148 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordurl'} )) {
149 $txt->extmessage .= $txt->passwordextlink . '<br /><br />';
150 $link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'};
151 $txt->extmessage .= "<a href=\"$link\">$link</a>";
152 }
153 // if nothing to display, just do message that we can't help
154 if (empty($txt->extmessage)) {
155 $txt->extmessage = $txt->passwordextlink;
156 $continue = true;
157 }
158 $page = 'external';
0bb2c9f7 159 }
36058432 160 }
161 }
0bb2c9f7 162
36058432 163 // nothing supplied - error
164 if (empty($param->username) and empty($param->email)) {
165 $errors[] = 'no email or username';
166 }
167}
49258159 168
36058432 169// ACTION = AUTHENTICATE
170if (!empty($param->p) and !empty($param->s)) {
f9903ed0 171
36058432 172 update_login_count();
f4598dac 173 $user = get_complete_user_data('username',$param->s);
36058432 174
175 // make sure that url relates to a valid user
176 if (!empty($user)) {
177 // check this isn't guest user
178 if (isguest( $user->id )) {
179 error('You cannot change the guest password');
eb347b6b 180 }
f9903ed0 181
36058432 182 // override email stop and mail new password
183 $user->emailstop = 0;
184 if (!reset_password_and_mail($user)) {
185 error( 'Error resetting password and mailing you' );
894ff63f 186 }
36058432 187
188 reset_login_count();
189 $page = 'emailsent';
190
807913a6 191 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php?action=forgot";
36058432 192 $a->email = $user->email;
193 $a->link = $changepasswordurl;
194 $txt->emailpasswordsent = get_string( 'emailpasswordsent', '', $a );
894ff63f 195 }
f9903ed0 196
36058432 197}
f9903ed0 198
199
36058432 200//******************************
201// DISPLAY PART
202//******************************
203
204print_header( $txt->forgotten, $txt->forgotten,
205 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$txt->login}</a>->{$txt->forgotten}",
206 'form.email' );
207print_simple_box_start('center');
f9903ed0 208
36058432 209// display any errors
210if (count($errors)) {
211 echo "<ul class=\"errors\">\n";
212 foreach ($errors as $error) {
213 echo " <li>$error</li>\n";
214 }
215 echo "</ul>\n";
216}
f9903ed0 217
36058432 218// check $page for appropriate page to display
219if ($page=='emailconfirm') {
220 // Confirm (internal method) email sent
805f61dd 221 $protectedemail = preg_replace('/([^@]*)@(.*)/', '???????@$2', $user->email); // obfuscate the email address to protect privacy
222 $txt->emailpasswordconfirmsent = get_string( 'emailpasswordconfirmsent','',$protectedemail );
8820365c 223 notice( $txt->emailpasswordconfirmsent,$CFG->wwwroot.'/index.php');
36058432 224}
f9903ed0 225
36058432 226elseif ($page=='external') {
227 // display change password help text
228 print_simple_box( $txt->extmessage, 'center', '50%','','20','noticebox' );
f9903ed0 229
36058432 230 // only print continue button if it makes sense
231 if ($continue) {
8820365c 232 print_continue($CFG->wwwroot.'/index.php');
36058432 233 }
234}
f9903ed0 235
36058432 236elseif ($page=='emailsent') {
237 // mail sent with new password
238 notice( $txt->emailpasswordsent, $changepasswordurl );
f9903ed0 239}
240
869b144e 241elseif ($page=='duplicateemail') {
242 // email address appears more than once
8820365c 243 notice( $txt->forgottenduplicate, $CFG->wwwroot.'/index.php');
869b144e 244}
245
36058432 246else {
247?>
248
249<p><?php echo $txt->forgotteninstructions; ?></p>
250
251<form action="forgot_password.php" method="post">
252 <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
253 <input type="hidden" name="action" value="find" />
254 <table id="forgottenpassword">
255 <tr>
256 <td><?php echo $txt->username; ?></td>
257 <td><input type="text" name="username" size="25" /></td>
258 </tr>
259 <tr>
260 <td><?php echo $txt->email; ?></td>
261 <td><input type="text" name="email" size="25" /></td>
262 </tr>
263 <tr>
264 <td>&nbsp;</td>
265 <td><input type="submit" value="<?php echo $txt->ok; ?>" />
266 <input type="button" value="<?php echo $txt->cancel; ?>"
267 onclick="javascript: history.go(-1)" /></td>
268 </tr>
269 </table>
270
271
272</form>
f9903ed0 273
36058432 274<?php
275}
276
277print_simple_box_end();
278print_footer();
f9903ed0 279?>
36058432 280
281
282