aboutsummaryrefslogtreecommitdiff
path: root/actions/admin/user/resetpassword.php
blob: d019a7f553f935ef34c837d895413b555a51e53b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?php
/**
 * Reset a user's password.
 *
 * This is an admin action that generates a new salt and password
 * for a user, then emails the password to the user's registered
 * email address.
 *
 * NOTE: This is different to the "reset password" link users
 * can use in that it does not first email the user asking if
 * they want to have their password reset.
 *
 * @package Elgg.Core
 * @subpackage Administration.User
 */

$guid = get_input('guid');
$user = get_entity($guid);

if (($user instanceof ElggUser) && ($user->canEdit())) {
	$password = generate_random_cleartext_password();

	// Always reset the salt before generating the user password.
	$user->salt = generate_random_cleartext_password();
	$user->password = generate_user_password($user, $password);

	if ($user->save()) {
		system_message(elgg_echo('admin:user:resetpassword:yes'));

		notify_user($user->guid,
			elgg_get_site_entity()->guid,
			elgg_echo('email:resetpassword:subject'),
			elgg_echo('email:resetpassword:body', array($user->username, $password)),
			NULL,
			'email');
	} else {
		register_error(elgg_echo('admin:user:resetpassword:no'));
	}
} else {
	register_error(elgg_echo('admin:user:resetpassword:no'));
}

forward(REFERER);