Refs #191: Actions for resetting passwords, but no front end as yet.

To request a password reset access http://..../actions/user/requestnewpassword/?username=username

git-svn-id: https://code.elgg.org/elgg/trunk@1656 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 107 insertions, 1 deletions

diff --git a/engine/lib/users.php b/engine/lib/users.php
index fe7c67e0f..d17d8bfe4 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -776,6 +776,94 @@
 	}
 	
 	/**
+	 * Generate and send a password request email to a given user's registered email address.
+	 *
+	 * @param int $user_guid
+	 */
+	function send_new_password_request($user_guid)
+	{
+		global $CONFIG;
+		
+		$user_guid = (int)$user_guid;
+		
+		$user = get_entity($user_guid);
+		if ($user)
+		{
+			// generate code
+			$code = generate_random_cleartext_password();
+			create_metadata($user_guid, 'conf_code', $code,'', 0, 0);
+			
+			// generate link
+			$link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code";
+			
+			// generate email
+			$email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link);
+			
+			return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email');
+
+		}
+		
+		return false;
+	}
+	
+	/**
+	 * Low level function to reset a given user's password. 
+	 * 
+	 * This can only be called from execute_new_password_request().
+	 * 
+	 * @param int $user_guid The user.
+	 * @param string $password password text (which will then be converted into a hash and stored)
+	 */
+	function force_user_password_reset($user_guid, $password)
+	{
+		global $CONFIG;
+		
+		if (call_gatekeeper('execute_new_password_request', __FILE__))
+		{
+			$user = get_entity($user_guid);
+			
+			if ($user)
+			{
+				$hash = generate_user_password($user, $password);
+				
+				return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid");
+			}
+		}
+		
+		return false;
+	}
+	
+	/**
+	 * Validate and execute a password reset for a user.
+	 *
+	 * @param int $user_guid The user id
+	 * @param string $conf_code Confirmation code as sent in the request email.
+	 */
+	function execute_new_password_request($user_guid, $conf_code)
+	{
+		global $CONFIG;
+		
+		$user_guid = (int)$user_guid;
+		
+		$user = get_entity($user_guid);
+		if (($user) && ($user->conf_code == $conf_code))
+		{
+			$password = generate_random_cleartext_password();
+			
+			if (force_user_password_reset($user_guid, $password))
+			{
+				remove_metadata($user_guid, 'conf_code');
+				
+				$email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password);
+				
+				return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email');
+			}
+		}
+		
+		return false;
+	}
+	
+	/**
 	 * Generate a validation code for a given user's email address.
 	 *
 	 * @param int $user_guid The user id
@@ -802,6 +890,21 @@
 	}
 	
 	/**
+	 * Return whether a given user has validated their email address.
+	 *
+	 * @param int $user_guid
+	 */
+	function get_email_validation_status($user_guid)
+	{
+		$user = get_entity($user_guid);
+		
+		if ($user)
+			return $user->validated_email;
+		
+		return false;
+	}
+	
+	/**
 	 * Send out a validation request for a given user. 
 	 * This function assumes that a user has already been created and that the email address has been
 	 * saved in the email field in the database.
@@ -1037,7 +1140,10 @@
 		register_action('friends/deletecollection');

         register_action('friends/editcollection');
 

-		register_action("usersettings/save");

+		register_action("usersettings/save");
+		
+		register_action("user/passwordreset");
+		register_action("user/requestnewpassword");

 		
 		// User name change
 		extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1);