From 9d7eed52f3e283d288b377a163ec479038bc2106 Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 1 Aug 2008 15:49:55 +0000 Subject: Refs #191: Actions for resetting passwords, but no front end as yet. To request a password reset access http://..../actions/user/requestnewpassword/?username=username git-svn-id: https://code.elgg.org/elgg/trunk@1656 36083f99-b078-4883-b0ff-0f9b5a30f544 --- actions/user/passwordreset.php | 27 +++++++++ actions/user/requestnewpassword.php | 31 +++++++++++ engine/lib/users.php | 108 +++++++++++++++++++++++++++++++++++- languages/en.php | 19 ++++++- 4 files changed, 183 insertions(+), 2 deletions(-) create mode 100644 actions/user/passwordreset.php create mode 100644 actions/user/requestnewpassword.php diff --git a/actions/user/passwordreset.php b/actions/user/passwordreset.php new file mode 100644 index 000000000..677bc591d --- /dev/null +++ b/actions/user/passwordreset.php @@ -0,0 +1,27 @@ + \ No newline at end of file diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php new file mode 100644 index 000000000..4f1fe7e83 --- /dev/null +++ b/actions/user/requestnewpassword.php @@ -0,0 +1,31 @@ +guid)) + system_message(elgg_echo('user:password:resetreq:success')); + else + register_error(elgg_echo('user:password:resetreq:fail')); + } + else + register_error(sprintf(elgg_echo('user:username:notfound'), $username)); + + forward($_SERVER['HTTP_REFERER']); + exit; +?> \ No newline at end of file diff --git a/engine/lib/users.php b/engine/lib/users.php index fe7c67e0f..d17d8bfe4 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -775,6 +775,94 @@ return get_data($query, "entity_row_to_elggstar"); } + /** + * Generate and send a password request email to a given user's registered email address. + * + * @param int $user_guid + */ + function send_new_password_request($user_guid) + { + global $CONFIG; + + $user_guid = (int)$user_guid; + + $user = get_entity($user_guid); + if ($user) + { + // generate code + $code = generate_random_cleartext_password(); + create_metadata($user_guid, 'conf_code', $code,'', 0, 0); + + // generate link + $link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code"; + + // generate email + $email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link); + + return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email'); + + } + + return false; + } + + /** + * Low level function to reset a given user's password. + * + * This can only be called from execute_new_password_request(). + * + * @param int $user_guid The user. + * @param string $password password text (which will then be converted into a hash and stored) + */ + function force_user_password_reset($user_guid, $password) + { + global $CONFIG; + + if (call_gatekeeper('execute_new_password_request', __FILE__)) + { + $user = get_entity($user_guid); + + if ($user) + { + $hash = generate_user_password($user, $password); + + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid"); + } + } + + return false; + } + + /** + * Validate and execute a password reset for a user. + * + * @param int $user_guid The user id + * @param string $conf_code Confirmation code as sent in the request email. + */ + function execute_new_password_request($user_guid, $conf_code) + { + global $CONFIG; + + $user_guid = (int)$user_guid; + + $user = get_entity($user_guid); + if (($user) && ($user->conf_code == $conf_code)) + { + $password = generate_random_cleartext_password(); + + if (force_user_password_reset($user_guid, $password)) + { + remove_metadata($user_guid, 'conf_code'); + + $email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password); + + return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email'); + } + } + + return false; + } + /** * Generate a validation code for a given user's email address. * @@ -801,6 +889,21 @@ return create_metadata($user_guid, 'validated_email', $status,'', 0, 2); } + /** + * Return whether a given user has validated their email address. + * + * @param int $user_guid + */ + function get_email_validation_status($user_guid) + { + $user = get_entity($user_guid); + + if ($user) + return $user->validated_email; + + return false; + } + /** * Send out a validation request for a given user. * This function assumes that a user has already been created and that the email address has been @@ -1037,7 +1140,10 @@ register_action('friends/deletecollection'); register_action('friends/editcollection'); - register_action("usersettings/save"); + register_action("usersettings/save"); + + register_action("user/passwordreset"); + register_action("user/requestnewpassword"); // User name change extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1); diff --git a/languages/en.php b/languages/en.php index 47a9c30ce..e1f491a21 100644 --- a/languages/en.php +++ b/languages/en.php @@ -300,7 +300,12 @@ 'user:set:language' => "Language settings", 'user:language:label' => "Your language", 'user:language:success' => "Your language settings have been updated.", - 'user:language:fail' => "Your language settings could not be saved.", + 'user:language:fail' => "Your language settings could not be saved.", + + 'user:username:notfound' => 'Username %s not found.', + + 'user:password:resetreq:success' => 'Successfully requested a new password, email sent', + 'user:password:resetreq:fail' => 'Could not request a new password.', /** * Administration @@ -568,6 +573,18 @@ Congratulations, you have successfully validated your email address.", 'email:resetpassword:body' => "Hi %s, Your password has been reset to: %s", + + + 'email:resetreq:subject' => "Request for new password.", + 'email:resetreq:body' => "Hi %s, + +Somebody (from the IP address %s) has requested a new password for their account. + +If you requested this click on the link below, otherwise ignore this email. + +%s +", + /** * XML-RPC -- cgit v1.2.3