Refs #191: Actions for resetting passwords, but no front end as yet.

To request a password reset access http://..../actions/user/requestnewpassword/?username=username

git-svn-id: https://code.elgg.org/elgg/trunk@1656 36083f99-b078-4883-b0ff-0f9b5a30f544

4 files changed, 183 insertions, 2 deletions

diff --git a/actions/user/passwordreset.php b/actions/user/passwordreset.php
new file mode 100644
index 000000000..677bc591d
--- /dev/null
+++ b/actions/user/passwordreset.php
@@ -0,0 +1,27 @@
+<?php
+	/**
+	 * Action to reset a password and send success email.
+	 * 
+	 * @package Elgg
+	 * @subpackage Core
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Marcus Povey
+	 * @copyright Curverider Ltd 2008
+	 * @link http://elgg.org/
+	 */
+
+	require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+	global $CONFIG;
+	
+	$user_guid = get_input('u');
+	$code = get_input('c');
+	
+	if (execute_new_password_request($user_guid, $code))
+		system_message(elgg_echo('user:password:success'));
+	else
+		register_error(elgg_echo('user:password:fail'));
+		
+	forward($_SERVER['HTTP_REFERER']);
+	exit;
+	
+?>
\ No newline at end of file
diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
new file mode 100644
index 000000000..4f1fe7e83
--- /dev/null
+++ b/actions/user/requestnewpassword.php
@@ -0,0 +1,31 @@
+<?php
+	/**
+	 * Action to request a new password.
+	 * 
+	 * @package Elgg
+	 * @subpackage Core
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Marcus Povey
+	 * @copyright Curverider Ltd 2008
+	 * @link http://elgg.org/
+	 */
+
+	require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+	global $CONFIG;
+	
+	$username = get_input('username');
+	
+	$user = get_user_by_username($username);
+	if ($user)
+	{
+		if (send_new_password_request($user->guid))
+			system_message(elgg_echo('user:password:resetreq:success'));
+		else
+			register_error(elgg_echo('user:password:resetreq:fail')); 
+	}
+	else
+		register_error(sprintf(elgg_echo('user:username:notfound'), $username));
+	
+	forward($_SERVER['HTTP_REFERER']);
+	exit;
+?>
\ No newline at end of file
diff --git a/engine/lib/users.php b/engine/lib/users.php
index fe7c67e0f..d17d8bfe4 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -776,6 +776,94 @@
 	}
 	
 	/**
+	 * Generate and send a password request email to a given user's registered email address.
+	 *
+	 * @param int $user_guid
+	 */
+	function send_new_password_request($user_guid)
+	{
+		global $CONFIG;
+		
+		$user_guid = (int)$user_guid;
+		
+		$user = get_entity($user_guid);
+		if ($user)
+		{
+			// generate code
+			$code = generate_random_cleartext_password();
+			create_metadata($user_guid, 'conf_code', $code,'', 0, 0);
+			
+			// generate link
+			$link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code";
+			
+			// generate email
+			$email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link);
+			
+			return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email');
+
+		}
+		
+		return false;
+	}
+	
+	/**
+	 * Low level function to reset a given user's password. 
+	 * 
+	 * This can only be called from execute_new_password_request().
+	 * 
+	 * @param int $user_guid The user.
+	 * @param string $password password text (which will then be converted into a hash and stored)
+	 */
+	function force_user_password_reset($user_guid, $password)
+	{
+		global $CONFIG;
+		
+		if (call_gatekeeper('execute_new_password_request', __FILE__))
+		{
+			$user = get_entity($user_guid);
+			
+			if ($user)
+			{
+				$hash = generate_user_password($user, $password);
+				
+				return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid");
+			}
+		}
+		
+		return false;
+	}
+	
+	/**
+	 * Validate and execute a password reset for a user.
+	 *
+	 * @param int $user_guid The user id
+	 * @param string $conf_code Confirmation code as sent in the request email.
+	 */
+	function execute_new_password_request($user_guid, $conf_code)
+	{
+		global $CONFIG;
+		
+		$user_guid = (int)$user_guid;
+		
+		$user = get_entity($user_guid);
+		if (($user) && ($user->conf_code == $conf_code))
+		{
+			$password = generate_random_cleartext_password();
+			
+			if (force_user_password_reset($user_guid, $password))
+			{
+				remove_metadata($user_guid, 'conf_code');
+				
+				$email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password);
+				
+				return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email');
+			}
+		}
+		
+		return false;
+	}
+	
+	/**
 	 * Generate a validation code for a given user's email address.
 	 *
 	 * @param int $user_guid The user id
@@ -802,6 +890,21 @@
 	}
 	
 	/**
+	 * Return whether a given user has validated their email address.
+	 *
+	 * @param int $user_guid
+	 */
+	function get_email_validation_status($user_guid)
+	{
+		$user = get_entity($user_guid);
+		
+		if ($user)
+			return $user->validated_email;
+		
+		return false;
+	}
+	
+	/**
 	 * Send out a validation request for a given user. 
 	 * This function assumes that a user has already been created and that the email address has been
 	 * saved in the email field in the database.
@@ -1037,7 +1140,10 @@
 		register_action('friends/deletecollection');

         register_action('friends/editcollection');
 

-		register_action("usersettings/save");

+		register_action("usersettings/save");
+		
+		register_action("user/passwordreset");
+		register_action("user/requestnewpassword");

 		
 		// User name change
 		extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1);
diff --git a/languages/en.php b/languages/en.php
index 47a9c30ce..e1f491a21 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -300,7 +300,12 @@
 			'user:set:language' => "Language settings",

 			'user:language:label' => "Your language",

 			'user:language:success' => "Your language settings have been updated.",

-			'user:language:fail' => "Your language settings could not be saved.",

+			'user:language:fail' => "Your language settings could not be saved.",
+	
+			'user:username:notfound' => 'Username %s not found.',
+	
+			'user:password:resetreq:success' => 'Successfully requested a new password, email sent',
+			'user:password:resetreq:fail' => 'Could not request a new password.',

 	

 		/**

 		 * Administration

@@ -568,6 +573,18 @@ Congratulations, you have successfully validated your email address.",
 			'email:resetpassword:body' => "Hi %s,

 			

 Your password has been reset to: %s",

+	
+	
+			'email:resetreq:subject' => "Request for new password.",
+			'email:resetreq:body' => "Hi %s,
+			
+Somebody (from the IP address %s) has requested a new password for their account.
+
+If you requested this click on the link below, otherwise ignore this email.
+
+%s
+",
+
 	

 		/**

 		 * XML-RPC