aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/user/passwordreset.php27
-rw-r--r--actions/user/requestnewpassword.php31
-rw-r--r--engine/lib/users.php108
-rw-r--r--languages/en.php19
4 files changed, 183 insertions, 2 deletions
diff --git a/actions/user/passwordreset.php b/actions/user/passwordreset.php
new file mode 100644
index 000000000..677bc591d
--- /dev/null
+++ b/actions/user/passwordreset.php
@@ -0,0 +1,27 @@
+<?php
+ /**
+ * Action to reset a password and send success email.
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Marcus Povey
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+ global $CONFIG;
+
+ $user_guid = get_input('u');
+ $code = get_input('c');
+
+ if (execute_new_password_request($user_guid, $code))
+ system_message(elgg_echo('user:password:success'));
+ else
+ register_error(elgg_echo('user:password:fail'));
+
+ forward($_SERVER['HTTP_REFERER']);
+ exit;
+
+?> \ No newline at end of file
diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php
new file mode 100644
index 000000000..4f1fe7e83
--- /dev/null
+++ b/actions/user/requestnewpassword.php
@@ -0,0 +1,31 @@
+<?php
+ /**
+ * Action to request a new password.
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Marcus Povey
+ * @copyright Curverider Ltd 2008
+ * @link http://elgg.org/
+ */
+
+ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+ global $CONFIG;
+
+ $username = get_input('username');
+
+ $user = get_user_by_username($username);
+ if ($user)
+ {
+ if (send_new_password_request($user->guid))
+ system_message(elgg_echo('user:password:resetreq:success'));
+ else
+ register_error(elgg_echo('user:password:resetreq:fail'));
+ }
+ else
+ register_error(sprintf(elgg_echo('user:username:notfound'), $username));
+
+ forward($_SERVER['HTTP_REFERER']);
+ exit;
+?> \ No newline at end of file
diff --git a/engine/lib/users.php b/engine/lib/users.php
index fe7c67e0f..d17d8bfe4 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -776,6 +776,94 @@
}
/**
+ * Generate and send a password request email to a given user's registered email address.
+ *
+ * @param int $user_guid
+ */
+ function send_new_password_request($user_guid)
+ {
+ global $CONFIG;
+
+ $user_guid = (int)$user_guid;
+
+ $user = get_entity($user_guid);
+ if ($user)
+ {
+ // generate code
+ $code = generate_random_cleartext_password();
+ create_metadata($user_guid, 'conf_code', $code,'', 0, 0);
+
+ // generate link
+ $link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code";
+
+ // generate email
+ $email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link);
+
+ return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email');
+
+ }
+
+ return false;
+ }
+
+ /**
+ * Low level function to reset a given user's password.
+ *
+ * This can only be called from execute_new_password_request().
+ *
+ * @param int $user_guid The user.
+ * @param string $password password text (which will then be converted into a hash and stored)
+ */
+ function force_user_password_reset($user_guid, $password)
+ {
+ global $CONFIG;
+
+ if (call_gatekeeper('execute_new_password_request', __FILE__))
+ {
+ $user = get_entity($user_guid);
+
+ if ($user)
+ {
+ $hash = generate_user_password($user, $password);
+
+ return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid");
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Validate and execute a password reset for a user.
+ *
+ * @param int $user_guid The user id
+ * @param string $conf_code Confirmation code as sent in the request email.
+ */
+ function execute_new_password_request($user_guid, $conf_code)
+ {
+ global $CONFIG;
+
+ $user_guid = (int)$user_guid;
+
+ $user = get_entity($user_guid);
+ if (($user) && ($user->conf_code == $conf_code))
+ {
+ $password = generate_random_cleartext_password();
+
+ if (force_user_password_reset($user_guid, $password))
+ {
+ remove_metadata($user_guid, 'conf_code');
+
+ $email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password);
+
+ return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email');
+ }
+ }
+
+ return false;
+ }
+
+ /**
* Generate a validation code for a given user's email address.
*
* @param int $user_guid The user id
@@ -802,6 +890,21 @@
}
/**
+ * Return whether a given user has validated their email address.
+ *
+ * @param int $user_guid
+ */
+ function get_email_validation_status($user_guid)
+ {
+ $user = get_entity($user_guid);
+
+ if ($user)
+ return $user->validated_email;
+
+ return false;
+ }
+
+ /**
* Send out a validation request for a given user.
* This function assumes that a user has already been created and that the email address has been
* saved in the email field in the database.
@@ -1037,7 +1140,10 @@
register_action('friends/deletecollection');
register_action('friends/editcollection');
- register_action("usersettings/save");
+ register_action("usersettings/save");
+
+ register_action("user/passwordreset");
+ register_action("user/requestnewpassword");
// User name change
extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1);
diff --git a/languages/en.php b/languages/en.php
index 47a9c30ce..e1f491a21 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -300,7 +300,12 @@
'user:set:language' => "Language settings",
'user:language:label' => "Your language",
'user:language:success' => "Your language settings have been updated.",
- 'user:language:fail' => "Your language settings could not be saved.",
+ 'user:language:fail' => "Your language settings could not be saved.",
+
+ 'user:username:notfound' => 'Username %s not found.',
+
+ 'user:password:resetreq:success' => 'Successfully requested a new password, email sent',
+ 'user:password:resetreq:fail' => 'Could not request a new password.',
/**
* Administration
@@ -568,6 +573,18 @@ Congratulations, you have successfully validated your email address.",
'email:resetpassword:body' => "Hi %s,
Your password has been reset to: %s",
+
+
+ 'email:resetreq:subject' => "Request for new password.",
+ 'email:resetreq:body' => "Hi %s,
+
+Somebody (from the IP address %s) has requested a new password for their account.
+
+If you requested this click on the link below, otherwise ignore this email.
+
+%s
+",
+
/**
* XML-RPC