diff options
-rw-r--r-- | actions/user/passwordreset.php | 27 | ||||
-rw-r--r-- | actions/user/requestnewpassword.php | 31 | ||||
-rw-r--r-- | engine/lib/users.php | 108 | ||||
-rw-r--r-- | languages/en.php | 19 |
4 files changed, 183 insertions, 2 deletions
diff --git a/actions/user/passwordreset.php b/actions/user/passwordreset.php new file mode 100644 index 000000000..677bc591d --- /dev/null +++ b/actions/user/passwordreset.php @@ -0,0 +1,27 @@ +<?php + /** + * Action to reset a password and send success email. + * + * @package Elgg + * @subpackage Core + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Marcus Povey + * @copyright Curverider Ltd 2008 + * @link http://elgg.org/ + */ + + require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); + global $CONFIG; + + $user_guid = get_input('u'); + $code = get_input('c'); + + if (execute_new_password_request($user_guid, $code)) + system_message(elgg_echo('user:password:success')); + else + register_error(elgg_echo('user:password:fail')); + + forward($_SERVER['HTTP_REFERER']); + exit; + +?>
\ No newline at end of file diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php new file mode 100644 index 000000000..4f1fe7e83 --- /dev/null +++ b/actions/user/requestnewpassword.php @@ -0,0 +1,31 @@ +<?php + /** + * Action to request a new password. + * + * @package Elgg + * @subpackage Core + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Marcus Povey + * @copyright Curverider Ltd 2008 + * @link http://elgg.org/ + */ + + require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); + global $CONFIG; + + $username = get_input('username'); + + $user = get_user_by_username($username); + if ($user) + { + if (send_new_password_request($user->guid)) + system_message(elgg_echo('user:password:resetreq:success')); + else + register_error(elgg_echo('user:password:resetreq:fail')); + } + else + register_error(sprintf(elgg_echo('user:username:notfound'), $username)); + + forward($_SERVER['HTTP_REFERER']); + exit; +?>
\ No newline at end of file diff --git a/engine/lib/users.php b/engine/lib/users.php index fe7c67e0f..d17d8bfe4 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -776,6 +776,94 @@ } /** + * Generate and send a password request email to a given user's registered email address. + * + * @param int $user_guid + */ + function send_new_password_request($user_guid) + { + global $CONFIG; + + $user_guid = (int)$user_guid; + + $user = get_entity($user_guid); + if ($user) + { + // generate code + $code = generate_random_cleartext_password(); + create_metadata($user_guid, 'conf_code', $code,'', 0, 0); + + // generate link + $link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code"; + + // generate email + $email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link); + + return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email'); + + } + + return false; + } + + /** + * Low level function to reset a given user's password. + * + * This can only be called from execute_new_password_request(). + * + * @param int $user_guid The user. + * @param string $password password text (which will then be converted into a hash and stored) + */ + function force_user_password_reset($user_guid, $password) + { + global $CONFIG; + + if (call_gatekeeper('execute_new_password_request', __FILE__)) + { + $user = get_entity($user_guid); + + if ($user) + { + $hash = generate_user_password($user, $password); + + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid"); + } + } + + return false; + } + + /** + * Validate and execute a password reset for a user. + * + * @param int $user_guid The user id + * @param string $conf_code Confirmation code as sent in the request email. + */ + function execute_new_password_request($user_guid, $conf_code) + { + global $CONFIG; + + $user_guid = (int)$user_guid; + + $user = get_entity($user_guid); + if (($user) && ($user->conf_code == $conf_code)) + { + $password = generate_random_cleartext_password(); + + if (force_user_password_reset($user_guid, $password)) + { + remove_metadata($user_guid, 'conf_code'); + + $email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password); + + return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email'); + } + } + + return false; + } + + /** * Generate a validation code for a given user's email address. * * @param int $user_guid The user id @@ -802,6 +890,21 @@ } /** + * Return whether a given user has validated their email address. + * + * @param int $user_guid + */ + function get_email_validation_status($user_guid) + { + $user = get_entity($user_guid); + + if ($user) + return $user->validated_email; + + return false; + } + + /** * Send out a validation request for a given user. * This function assumes that a user has already been created and that the email address has been * saved in the email field in the database. @@ -1037,7 +1140,10 @@ register_action('friends/deletecollection');
register_action('friends/editcollection'); - register_action("usersettings/save");
+ register_action("usersettings/save"); + + register_action("user/passwordreset"); + register_action("user/requestnewpassword");
// User name change extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1); diff --git a/languages/en.php b/languages/en.php index 47a9c30ce..e1f491a21 100644 --- a/languages/en.php +++ b/languages/en.php @@ -300,7 +300,12 @@ 'user:set:language' => "Language settings",
'user:language:label' => "Your language",
'user:language:success' => "Your language settings have been updated.",
- 'user:language:fail' => "Your language settings could not be saved.",
+ 'user:language:fail' => "Your language settings could not be saved.", + + 'user:username:notfound' => 'Username %s not found.', + + 'user:password:resetreq:success' => 'Successfully requested a new password, email sent', + 'user:password:resetreq:fail' => 'Could not request a new password.',
/**
* Administration
@@ -568,6 +573,18 @@ Congratulations, you have successfully validated your email address.", 'email:resetpassword:body' => "Hi %s,
Your password has been reset to: %s",
+ + + 'email:resetreq:subject' => "Request for new password.", + 'email:resetreq:body' => "Hi %s, + +Somebody (from the IP address %s) has requested a new password for their account. + +If you requested this click on the link below, otherwise ignore this email. + +%s +", + /**
* XML-RPC
|