lostPassword.php 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * SCRIPT PURPOSE :.
  5. *
  6. * This script allows users to retrieve the password of their profile(s)
  7. * on the basis of their e-mail address. The password is send via email
  8. * to the user.
  9. *
  10. * Special case : If the password are encrypted in the database, we have
  11. * to generate a new one.
  12. *
  13. * @todo refactor, move relevant functions to code libraries
  14. *
  15. * @package chamilo.auth
  16. */
  17. require_once __DIR__.'/../inc/global.inc.php';
  18. // Custom pages
  19. // Had to move the form handling in here, because otherwise there would
  20. // already be some display output.
  21. // Forbidden to retrieve the lost password
  22. if (api_get_setting('allow_lostpassword') == 'false') {
  23. api_not_allowed(true);
  24. }
  25. $reset = Request::get('reset');
  26. $userId = Request::get('id');
  27. $this_section = SECTION_CAMPUS;
  28. $tool_name = get_lang('LostPassword');
  29. if ($reset && $userId) {
  30. $messageText = Login::reset_password($reset, $userId, true);
  31. if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) {
  32. CustomPages::display(
  33. CustomPages::INDEX_UNLOGGED,
  34. ['info' => $messageText]
  35. );
  36. exit;
  37. }
  38. Display::addFlash(
  39. Display::return_message($messageText, 'info', false)
  40. );
  41. header('Location: '.api_get_path(WEB_PATH));
  42. exit;
  43. }
  44. $form = new FormValidator('lost_password');
  45. $form->addHeader($tool_name);
  46. $form->addText(
  47. 'user',
  48. [
  49. get_lang('LoginOrEmailAddress'),
  50. get_lang('EnterEmailUserAndWellSendYouPassword'),
  51. ],
  52. true
  53. );
  54. $captcha = api_get_setting('allow_captcha');
  55. $allowCaptcha = $captcha === 'true';
  56. if ($allowCaptcha) {
  57. $ajax = api_get_path(WEB_AJAX_PATH).'form.ajax.php?a=get_captcha';
  58. $options = [
  59. 'width' => 220,
  60. 'height' => 90,
  61. 'callback' => $ajax.'&var='.basename(__FILE__, '.php'),
  62. 'sessionVar' => basename(__FILE__, '.php'),
  63. 'imageOptions' => [
  64. 'font_size' => 20,
  65. 'font_path' => api_get_path(SYS_FONTS_PATH).'opensans/',
  66. 'font_file' => 'OpenSans-Regular.ttf',
  67. //'output' => 'gif'
  68. ],
  69. ];
  70. $captcha_question = $form->addElement(
  71. 'CAPTCHA_Image',
  72. 'captcha_question',
  73. '',
  74. $options
  75. );
  76. $form->addElement('static', null, null, get_lang('ClickOnTheImageForANewOne'));
  77. $form->addElement('text', 'captcha', get_lang('EnterTheLettersYouSee'), ['size' => 40]);
  78. $form->addRule('captcha', get_lang('EnterTheCharactersYouReadInTheImage'), 'required', null, 'client');
  79. $form->addRule('captcha', get_lang('TheTextYouEnteredDoesNotMatchThePicture'), 'CAPTCHA', $captcha_question);
  80. }
  81. $form->addButtonSend(get_lang('Send'));
  82. if ($form->validate()) {
  83. $values = $form->exportValues();
  84. $user = Login::get_user_accounts_by_username($values['user']);
  85. if (!$user) {
  86. $messageText = get_lang('NoUserAccountWithThisEmailAddress');
  87. if (CustomPages::enabled() && CustomPages::exists(CustomPages::LOST_PASSWORD)) {
  88. CustomPages::display(
  89. CustomPages::LOST_PASSWORD,
  90. ['info' => $messageText]
  91. );
  92. exit;
  93. }
  94. Display::addFlash(
  95. Display::return_message($messageText, 'error', false)
  96. );
  97. header('Location: '.api_get_self());
  98. exit;
  99. }
  100. if ('true' === api_get_plugin_setting('whispeakauth', WhispeakAuthPlugin::SETTING_ENABLE)) {
  101. WhispeakAuthPlugin::deleteEnrollment($user['uid']);
  102. }
  103. $passwordEncryption = api_get_configuration_value('password_encryption');
  104. if ($passwordEncryption === 'none') {
  105. $messageText = Login::send_password_to_user($user, true);
  106. if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) {
  107. CustomPages::display(
  108. CustomPages::INDEX_UNLOGGED,
  109. ['info' => $messageText]
  110. );
  111. exit;
  112. }
  113. Display::addFlash(
  114. Display::return_message($messageText, 'info', false)
  115. );
  116. header('Location: '.api_get_path(WEB_PATH));
  117. exit;
  118. }
  119. if ($user['auth_source'] == 'extldap') {
  120. Display::addFlash(
  121. Display::return_message(get_lang('CouldNotResetPasswordBecauseLDAP'), 'info', false)
  122. );
  123. header('Location: '.api_get_path(WEB_PATH));
  124. exit;
  125. }
  126. $userResetPasswordSetting = api_get_setting('user_reset_password');
  127. if ($userResetPasswordSetting === 'true') {
  128. $userObj = api_get_user_entity($user['uid']);
  129. Login::sendResetEmail($userObj);
  130. if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) {
  131. CustomPages::display(
  132. CustomPages::INDEX_UNLOGGED,
  133. ['info' => get_lang('CheckYourEmailAndFollowInstructions')]
  134. );
  135. exit;
  136. }
  137. header('Location: '.api_get_path(WEB_PATH));
  138. exit;
  139. }
  140. $messageText = Login::handle_encrypted_password($user, true);
  141. if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) {
  142. CustomPages::display(
  143. CustomPages::INDEX_UNLOGGED,
  144. ['info' => $messageText]
  145. );
  146. exit;
  147. }
  148. Display::addFlash(
  149. Display::return_message($messageText, 'info', false)
  150. );
  151. header('Location: '.api_get_path(WEB_PATH));
  152. exit;
  153. }
  154. if (CustomPages::enabled() && CustomPages::exists(CustomPages::LOST_PASSWORD)) {
  155. CustomPages::display(
  156. CustomPages::LOST_PASSWORD,
  157. ['form' => $form->returnForm()]
  158. );
  159. exit;
  160. }
  161. $tpl = new Template(null);
  162. $tpl->assign('content', $form->toHtml());
  163. $tpl->display_one_col_template();