aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/users.php108
1 files changed, 107 insertions, 1 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php
index fe7c67e0f..d17d8bfe4 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -776,6 +776,94 @@
}
/**
+ * Generate and send a password request email to a given user's registered email address.
+ *
+ * @param int $user_guid
+ */
+ function send_new_password_request($user_guid)
+ {
+ global $CONFIG;
+
+ $user_guid = (int)$user_guid;
+
+ $user = get_entity($user_guid);
+ if ($user)
+ {
+ // generate code
+ $code = generate_random_cleartext_password();
+ create_metadata($user_guid, 'conf_code', $code,'', 0, 0);
+
+ // generate link
+ $link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code";
+
+ // generate email
+ $email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link);
+
+ return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email');
+
+ }
+
+ return false;
+ }
+
+ /**
+ * Low level function to reset a given user's password.
+ *
+ * This can only be called from execute_new_password_request().
+ *
+ * @param int $user_guid The user.
+ * @param string $password password text (which will then be converted into a hash and stored)
+ */
+ function force_user_password_reset($user_guid, $password)
+ {
+ global $CONFIG;
+
+ if (call_gatekeeper('execute_new_password_request', __FILE__))
+ {
+ $user = get_entity($user_guid);
+
+ if ($user)
+ {
+ $hash = generate_user_password($user, $password);
+
+ return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid");
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Validate and execute a password reset for a user.
+ *
+ * @param int $user_guid The user id
+ * @param string $conf_code Confirmation code as sent in the request email.
+ */
+ function execute_new_password_request($user_guid, $conf_code)
+ {
+ global $CONFIG;
+
+ $user_guid = (int)$user_guid;
+
+ $user = get_entity($user_guid);
+ if (($user) && ($user->conf_code == $conf_code))
+ {
+ $password = generate_random_cleartext_password();
+
+ if (force_user_password_reset($user_guid, $password))
+ {
+ remove_metadata($user_guid, 'conf_code');
+
+ $email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password);
+
+ return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email');
+ }
+ }
+
+ return false;
+ }
+
+ /**
* Generate a validation code for a given user's email address.
*
* @param int $user_guid The user id
@@ -802,6 +890,21 @@
}
/**
+ * Return whether a given user has validated their email address.
+ *
+ * @param int $user_guid
+ */
+ function get_email_validation_status($user_guid)
+ {
+ $user = get_entity($user_guid);
+
+ if ($user)
+ return $user->validated_email;
+
+ return false;
+ }
+
+ /**
* Send out a validation request for a given user.
* This function assumes that a user has already been created and that the email address has been
* saved in the email field in the database.
@@ -1037,7 +1140,10 @@
register_action('friends/deletecollection');
register_action('friends/editcollection');
- register_action("usersettings/save");
+ register_action("usersettings/save");
+
+ register_action("user/passwordreset");
+ register_action("user/requestnewpassword");
// User name change
extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1);
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 14:49:08 +0000