migrated signup.php over to using new formslib
[moodle.git] / login / forgot_password.php
1 <?php  
2 // $Id$
3 // forgot password routine. 
4 // find the user and call the appropriate routine for their authentication
5 // type.
7 require_once('../config.php');
8 httpsrequired();
11 //******************************
12 // GET PARAMS AND STRINGS
13 //******************************
15 // parameters from form
16 $param = new StdClass;
17 $param->action = optional_param( 'action','',PARAM_ALPHA );
18 $param->email = optional_param( 'email','',PARAM_CLEAN );
19 $param->p = optional_param( 'p','',PARAM_CLEAN );
20 $param->s = optional_param( 's','',PARAM_CLEAN );
21 $param->username = optional_param( 'username','',PARAM_CLEAN );
23 // setup text strings
24 $txt = new StdClass;
25 $txt->cancel = get_string('cancel');
26 $txt->confirmednot = get_string('confirmednot');
27 $txt->email = get_string('email');
28 $txt->emailnotfound = get_string('emailnotfound');
29 $txt->forgotten = get_string('passwordforgotten');
30 $txt->forgottenduplicate = get_string('forgottenduplicate','moodle',get_admin() );
31 $txt->forgotteninstructions = get_string('passwordforgotteninstructions');
32 $txt->invalidemail = get_string('invalidemail');
33 $txt->login = get_string('login');
34 $txt->loginalready = get_string('loginalready');
35 $txt->ok = get_string('ok');
36 $txt->passwordextlink = get_string('passwordextlink');
37 $txt->passwordnohelp = get_string('passwordnohelp');
38 $txt->senddetails = get_string('senddetails');
39 $txt->username = get_string('username');
40 $txt->usernameemailmatch = get_string('usernameemailmatch');
41 $txt->usernamenotfound = get_string('usernamenotfound');
43 $sesskey = sesskey();
44 $errors = array();
45 $page = ''; // page to display
48 //******************************
49 // PROCESS ACTIONS
50 //******************************
52 // if you are logged in then you shouldn't be here!
53 if (isloggedin() && !isguest()) {
54     redirect( $CFG->wwwroot.'/index.php', $txt->loginalready, 5 );
55 }
57 // changepassword link replaced by individual auth setting
58 $auth = $CFG->auth; // the 'default' authentication method
59 if (!empty($CFG->changepassword)) {
60     if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) {
61        set_config('auth_'.$auth.'_changepasswordurl',$CFG->changepassword );
62     }
63     set_config('changepassword','');
64 }        
65  
66 // ACTION = FIND
67 if ($param->action=='find' and confirm_sesskey()) {
68     // find the user in the database
70     // first try the username
71     if (!empty($param->username)) {
72         if (!$user=get_complete_user_data('username',$param->username)) {
73             $errors[] = $txt->usernamenotfound;
74         }
75     }
77     // now try email
78     if (!empty($param->email)) {
79         // validate email address 1st
80         if (!validate_email( $param->email )) {
81             $errors[] = $txt->invalidemail;
82         }
83         elseif (count_records('user','email',$param->email) > 1) {
84             // (if there is more than one instance of the email then we
85             // cannot complete automated recovery)
86             $page = 'duplicateemail';
88             // just clear everything - we drop through to message page
89             unset( $user );
90             unset( $email );
91             $errors = array();
92         }
93         elseif (!$mailuser = get_complete_user_data('email',$param->email)) {
94             $errors[] = $txt->emailnotfound;
95         }
97         // just in case they did specify both...
98         // if $user exists then check they actually match (then just use $user)
99         if (!empty($user) and !empty($mailuser)) {
100             if ($user->id != $mailuser->id) {
101                 $errors[] = $txt->usernameemailmatch;
102             }
103         $user = $mailuser;
104         }
106         // use email user if username not used or located
107         if (!empty($mailuser) and empty($user)) {
108             $user = $mailuser;
109         }
110     }
112     // if user located (and no errors) take the appropriate action
113     if (!empty($user) and (count($errors)==0)) {
114         // check this user isn't 'unconfirmed'
115         if (empty($user->confirmed)) {
116             $errors[] = $txt->confirmednot;
117         }
118         else {
119             // what to do depends on the authentication method
120             $authmethod = $user->auth;
121             if (is_internal_auth( $authmethod ) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) {
122                 // handle internal authentication
123                 
124                 // set 'secret' string
125                 $user->secret = random_string( 15 );
126                 if (!set_field('user','secret',$user->secret,'id',$user->id)) {
127                     error( 'error setting user secret string' );
128                 }
130                 // send email (make sure mail block is off)
131                 $user->mailstop = 0;
132                 if (!send_password_change_confirmation_email($user)) {
133                     error( 'error sending password change confirmation email' );
134                 }
135  
136                 // display confirm message
137                 $page = 'emailconfirm';
138             }
139             else {
140                 // handle some 'external' authentication
141                 // if help text defined then we are going to display another page
142                 $txt->extmessage = '';
143                 $continue = false;
144                 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordhelp'} )) {
145                     $txt->extmessage = $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'<br /><br />';
146                 }
147                 // if url defined then add that to the message (with a standard message)
148                 if (!empty( $CFG->{'auth_'.$authmethod.'_changepasswordurl'} )) {
149                     $txt->extmessage .= $txt->passwordextlink . '<br /><br />';
150                     $link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'};
151                     $txt->extmessage .= "<a href=\"$link\">$link</a>";
152                 }
153                 // if nothing to display, just do message that we can't help
154                 if (empty($txt->extmessage)) {
155                     $txt->extmessage = $txt->passwordextlink;
156                     $continue = true;
157                 }
158                 $page = 'external';
159             }
160         }
161     }
163     // nothing supplied - error
164     if (empty($param->username) and empty($param->email)) {
165         $errors[] = 'no email or username';
166     }
168     if ($page != 'external' and !empty($CFG->protectusernames)) {
169         // do not give any hints about usernames or email!
170         $errors = array();
171         $page = 'emailmaybeconfirmed';
172     }
175 // ACTION = AUTHENTICATE
176 if (!empty($param->p) and !empty($param->s)) {
178     update_login_count();
179     $user = get_complete_user_data('username',$param->s);
181     // make sure that url relates to a valid user
182     if (!empty($user)) {
183         // check this isn't guest user
184         if (isguest( $user->id )) {
185             error('You cannot change the guest password');
186         }
188         // override email stop and mail new password
189         $user->emailstop = 0;
190         if (!reset_password_and_mail($user)) {
191             error( 'Error resetting password and mailing you' );
192         }
194         reset_login_count();
195         $page = 'emailsent';
196        
197         $changepasswordurl = "{$CFG->httpswwwroot}/login/change_password.php?action=forgot";
198         $a->email = $user->email;
199         $a->link = $changepasswordurl;
200         $txt->emailpasswordsent = get_string( 'emailpasswordsent', '', $a );
201     }
206 //******************************
207 // DISPLAY PART
208 //******************************
209  
210 print_header( $txt->forgotten, $txt->forgotten,
211     "<a href=\"{$CFG->wwwroot}/login/index.php\">{$txt->login}</a>->{$txt->forgotten}",
212     'form.email' );
214 if ($page=='emailmaybeconfirmed') {
215     // Print general confirmation message
216     notice(get_string('emailpasswordconfirmmaybesent'),$CFG->wwwroot.'/index.php'); 
219 // check $page for appropriate page to display
220 if ($page=='emailconfirm') {
221     // Confirm (internal method) email sent
222     $protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email); // obfuscate the email address to protect privacy
223     $txt->emailpasswordconfirmsent = get_string( 'emailpasswordconfirmsent','',$protectedemail );
224     notice( $txt->emailpasswordconfirmsent,$CFG->wwwroot.'/index.php'); 
227 elseif ($page=='external') { 
228     // display change password help text
229     print_simple_box( $txt->extmessage, 'center', '50%','','20','noticebox' );
231     // only print continue button if it makes sense
232     if ($continue) {
233         print_continue($CFG->wwwroot.'/index.php');
234     }
237 elseif ($page=='emailsent') {
238     // mail sent with new password
239     notice( $txt->emailpasswordsent, $changepasswordurl );
242 elseif ($page=='duplicateemail') {
243     // email address appears more than once
244     notice( $txt->forgottenduplicate, $CFG->wwwroot.'/index.php');
247 else {
248     echo '<br />';
249     print_simple_box_start('center','50%','','20');
251     // display any errors
252     if (count($errors)) {
253         echo "<ul class=\"errors\">\n";
254         foreach ($errors as $error) {
255             echo "    <li>$error</li>\n";
256         }
257         echo "</ul>\n";
258     }
260 ?>
262 <p><?php echo $txt->forgotteninstructions; ?></p>
264 <form action="forgot_password.php" method="post">
265     <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
266     <input type="hidden" name="action" value="find" />
267     <table id="forgottenpassword">
268         <tr>
269             <td><?php echo $txt->username; ?></td>
270             <td><input type="text" name="username" size="25" /></td>
271         </tr>
272         <tr>
273             <td><?php echo $txt->email; ?></td>
274             <td><input type="text" name="email" size="25" /></td>
275         </tr>
276         <tr>
277              <td>&nbsp;</td>
278              <td><input type="submit" value="<?php echo $txt->ok; ?>" />
279                  <input type="button" value="<?php echo $txt->cancel; ?>" 
280                  onclick="javascript: history.go(-1)" /></td>
281         </tr>
282     </table>   
283     
285 </form>
287 <?php
290 print_simple_box_end();
291 print_footer();
292 ?>