From 9d7eed52f3e283d288b377a163ec479038bc2106 Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 1 Aug 2008 15:49:55 +0000 Subject: Refs #191: Actions for resetting passwords, but no front end as yet. To request a password reset access http://..../actions/user/requestnewpassword/?username=username git-svn-id: https://code.elgg.org/elgg/trunk@1656 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/users.php | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 107 insertions(+), 1 deletion(-) (limited to 'engine') diff --git a/engine/lib/users.php b/engine/lib/users.php index fe7c67e0f..d17d8bfe4 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -775,6 +775,94 @@ return get_data($query, "entity_row_to_elggstar"); } + /** + * Generate and send a password request email to a given user's registered email address. + * + * @param int $user_guid + */ + function send_new_password_request($user_guid) + { + global $CONFIG; + + $user_guid = (int)$user_guid; + + $user = get_entity($user_guid); + if ($user) + { + // generate code + $code = generate_random_cleartext_password(); + create_metadata($user_guid, 'conf_code', $code,'', 0, 0); + + // generate link + $link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code"; + + // generate email + $email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link); + + return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email'); + + } + + return false; + } + + /** + * Low level function to reset a given user's password. + * + * This can only be called from execute_new_password_request(). + * + * @param int $user_guid The user. + * @param string $password password text (which will then be converted into a hash and stored) + */ + function force_user_password_reset($user_guid, $password) + { + global $CONFIG; + + if (call_gatekeeper('execute_new_password_request', __FILE__)) + { + $user = get_entity($user_guid); + + if ($user) + { + $hash = generate_user_password($user, $password); + + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid"); + } + } + + return false; + } + + /** + * Validate and execute a password reset for a user. + * + * @param int $user_guid The user id + * @param string $conf_code Confirmation code as sent in the request email. + */ + function execute_new_password_request($user_guid, $conf_code) + { + global $CONFIG; + + $user_guid = (int)$user_guid; + + $user = get_entity($user_guid); + if (($user) && ($user->conf_code == $conf_code)) + { + $password = generate_random_cleartext_password(); + + if (force_user_password_reset($user_guid, $password)) + { + remove_metadata($user_guid, 'conf_code'); + + $email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password); + + return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email'); + } + } + + return false; + } + /** * Generate a validation code for a given user's email address. * @@ -801,6 +889,21 @@ return create_metadata($user_guid, 'validated_email', $status,'', 0, 2); } + /** + * Return whether a given user has validated their email address. + * + * @param int $user_guid + */ + function get_email_validation_status($user_guid) + { + $user = get_entity($user_guid); + + if ($user) + return $user->validated_email; + + return false; + } + /** * Send out a validation request for a given user. * This function assumes that a user has already been created and that the email address has been @@ -1037,7 +1140,10 @@ register_action('friends/deletecollection'); register_action('friends/editcollection'); - register_action("usersettings/save"); + register_action("usersettings/save"); + + register_action("user/passwordreset"); + register_action("user/requestnewpassword"); // User name change extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1); -- cgit v1.2.3