Space, the final frontier
[moodle.git] / login / forgot_password.php
CommitLineData
ce9256f1 1<?php
2// $Id$
36058432 3// forgot password routine.
4// find the user and call the appropriate routine for their authentication
5// type.
f9903ed0 6
36058432 7require_once('../config.php');
8httpsrequired();
f9903ed0 9
f9903ed0 10
36058432 11//******************************
12// GET PARAMS AND STRINGS
13//******************************
8e370bb6 14
36058432 15$param = new StdClass;
16$param->action = optional_param( 'action','',PARAM_ALPHA );
17$param->email = optional_param( 'email','',PARAM_CLEAN );
18$param->p = optional_param( 'p','',PARAM_CLEAN );
19$param->s = optional_param( 's','',PARAM_CLEAN );
20$param->username = optional_param( 'username','',PARAM_CLEAN );
f9903ed0 21
36058432 22$txt = new StdClass;
23$txt->cancel = get_string('cancel');
24$txt->confirmednot = get_string('confirmednot');
25$txt->email = get_string('email');
26$txt->emailnotfound = get_string('emailnotfound');
27$txt->forgotten = get_string('passwordforgotten');
28$txt->forgotteninstructions = get_string('passwordforgotteninstructions');
29$txt->invalidemail = get_string('invalidemail');
30$txt->login = get_string('login');
31$txt->loginalready = get_string('loginalready');
32$txt->ok = get_string('ok');
33$txt->passwordextlink = get_string('passwordextlink');
34$txt->passwordnohelp = get_string('passwordnohelp');
35$txt->senddetails = get_string('senddetails');
36$txt->username = get_string('username');
37$txt->usernameemailmatch = get_string('usernameemailmatch');
38$txt->usernamenotfound = get_string('usernamenotfound');
f9903ed0 39
36058432 40$sesskey = sesskey();
41$errors = array();
42$page = ''; // page to display
eb347b6b 43
eb347b6b 44
36058432 45//******************************
46// PROCESS ACTIONS
47//******************************
39eece7b 48
36058432 49// if you are logged in then you shouldn't be here!
50if (isloggedin()) {
51 redirect( $CFG->wwwroot, $txt->loginalready, 5 );
52}
eb347b6b 53
36058432 54// changepassword link replaced by individual auth setting
55$auth = $CFG->auth; // the 'default' authentication method
56if (!empty($CFG->changepassword)) {
57 if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) {
58 set_config('auth_'.$auth.'_changepasswordurl',$CFG->changepassword );
59 }
60 set_config('changepassword','');
61}
62
63// ACTION = FIND
64if ($param->action=='find' and confirm_sesskey()) {
65 // find the user in the database
eb347b6b 66
36058432 67 // first try the username
68 if (!empty($param->username)) {
69 if (!$user=get_complete_user_data('username',$param->username)) {
70 $errors[] = $txt->usernamenotfound;
eb347b6b 71 }
eb347b6b 72 }
73
36058432 74 // now try email
75 if (!empty($param->email)) {
76 // validate email address 1st
77 if (!validate_email( $param->email )) {
78 $errors[] = $txt->invalidemail;
79 }
80 elseif (!$mailuser = get_complete_user_data('email',$param->email)) {
81 $errors[] = $txt->emailnotfound;
8d030053 82 }
83
36058432 84 // just in case they did specify both...
85 // if $user exists then check they actually match (then just use $user)
86 if (!empty($user) and !empty($mailuser)) {
87 if ($user->id != $mailuser->id) {
88 $errors[] = $txt->usernameemailmatch;
89 }
90 $user = $mailuser;
91 }
eb347b6b 92
36058432 93 // use email user if username not used or located
94 if (!empty($mailuser) and empty($user)) {
807913a6 95 $user = $mailuser;
36058432 96 }
97 }
f9903ed0 98
36058432 99 // if user located (and no errors) take the appropriate action
100 if (!empty($user) and (count($errors)==0)) {
101 // check this user isn't 'unconfirmed'
102 if (empty($user->confirmed)) {
103 $errors[] = $txt->confirmednot;
104 }
105 else {
106 // what to do depends on the authentication method
107 $authmethod = $user->auth;
108 if (is_internal_auth( $authmethod ) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) {
109 // handle internal authentication
110
111 // set 'secret' string
112 $user->secret = random_string( 15 );
113 if (!set_field('user','secret',$user->secret,'id',$user->id)) {
114 error( 'error setting user secret string' );
115 }
5c0567b4 116
36058432 117 // send email (make sure mail block is off)
118 $user->mailstop = 0;
119 if (!send_password_change_confirmation_email($user)) {
120 error( 'error sending password change confirmation email' );
121 }
122
123 // display confirm message
124 $page = 'emailconfirm';
5c0567b4 125 }
36058432 126 else {
127 // handle some 'external' authentication
128 // if help text defined then we are going to display another page
129 $txt->extmessage = '';
130 $continue = false;
131 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordhelp'} )) {
132 $txt->extmessage = $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'<br /><br />';
133 }
134 // if url defined then add that to the message (with a standard message)
135 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordurl'} )) {
136 $txt->extmessage .= $txt->passwordextlink . '<br /><br />';
137 $link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'};
138 $txt->extmessage .= "<a href=\"$link\">$link</a>";
139 }
140 // if nothing to display, just do message that we can't help
141 if (empty($txt->extmessage)) {
142 $txt->extmessage = $txt->passwordextlink;
143 $continue = true;
144 }
145 $page = 'external';
0bb2c9f7 146 }
36058432 147 }
148 }
0bb2c9f7 149
36058432 150 // nothing supplied - error
151 if (empty($param->username) and empty($param->email)) {
152 $errors[] = 'no email or username';
153 }
154}
49258159 155
36058432 156// ACTION = AUTHENTICATE
157if (!empty($param->p) and !empty($param->s)) {
f9903ed0 158
36058432 159 update_login_count();
160 $user = get_complete_user_data('username',$s);
161
162 // make sure that url relates to a valid user
163 if (!empty($user)) {
164 // check this isn't guest user
165 if (isguest( $user->id )) {
166 error('You cannot change the guest password');
eb347b6b 167 }
f9903ed0 168
36058432 169 // override email stop and mail new password
170 $user->emailstop = 0;
171 if (!reset_password_and_mail($user)) {
172 error( 'Error resetting password and mailing you' );
894ff63f 173 }
36058432 174
175 reset_login_count();
176 $page = 'emailsent';
177
807913a6 178 $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php?action=forgot";
36058432 179 $a->email = $user->email;
180 $a->link = $changepasswordurl;
181 $txt->emailpasswordsent = get_string( 'emailpasswordsent', '', $a );
894ff63f 182 }
f9903ed0 183
36058432 184}
f9903ed0 185
186
36058432 187//******************************
188// DISPLAY PART
189//******************************
190
191print_header( $txt->forgotten, $txt->forgotten,
192 "<a href=\"{$CFG->wwwroot}/login/index.php\">{$txt->login}</a>->{$txt->forgotten}",
193 'form.email' );
194print_simple_box_start('center');
f9903ed0 195
36058432 196// display any errors
197if (count($errors)) {
198 echo "<ul class=\"errors\">\n";
199 foreach ($errors as $error) {
200 echo " <li>$error</li>\n";
201 }
202 echo "</ul>\n";
203}
f9903ed0 204
36058432 205// check $page for appropriate page to display
206if ($page=='emailconfirm') {
207 // Confirm (internal method) email sent
208 $txt->emailpasswordconfirmsent = get_string( 'emailpasswordconfirmsent','',$user->email );
209 notice( $txt->emailpasswordconfirmsent,"$CFG->wwwroot/" );
210}
f9903ed0 211
36058432 212elseif ($page=='external') {
213 // display change password help text
214 print_simple_box( $txt->extmessage, 'center', '50%','','20','noticebox' );
f9903ed0 215
36058432 216 // only print continue button if it makes sense
217 if ($continue) {
218 print_continue( "{$CFG->wwwroot}/" );
219 }
220}
f9903ed0 221
36058432 222elseif ($page=='emailsent') {
223 // mail sent with new password
224 notice( $txt->emailpasswordsent, $changepasswordurl );
f9903ed0 225}
226
36058432 227else {
228?>
229
230<p><?php echo $txt->forgotteninstructions; ?></p>
231
232<form action="forgot_password.php" method="post">
233 <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
234 <input type="hidden" name="action" value="find" />
235 <table id="forgottenpassword">
236 <tr>
237 <td><?php echo $txt->username; ?></td>
238 <td><input type="text" name="username" size="25" /></td>
239 </tr>
240 <tr>
241 <td><?php echo $txt->email; ?></td>
242 <td><input type="text" name="email" size="25" /></td>
243 </tr>
244 <tr>
245 <td>&nbsp;</td>
246 <td><input type="submit" value="<?php echo $txt->ok; ?>" />
247 <input type="button" value="<?php echo $txt->cancel; ?>"
248 onclick="javascript: history.go(-1)" /></td>
249 </tr>
250 </table>
251
252
253</form>
f9903ed0 254
36058432 255<?php
256}
257
258print_simple_box_end();
259print_footer();
f9903ed0 260?>
36058432 261
262
263