reset.php 2.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. <?php
  2. /* For license terms, see /license.txt */
  3. use ChamiloSession as Session;
  4. //require_once '../inc/global.inc.php';
  5. $token = isset($_GET['token']) ? $_GET['token'] : '';
  6. if (!ctype_alnum($token)) {
  7. $token = '';
  8. }
  9. $tpl = new Template(null);
  10. // Build the form
  11. $form = new FormValidator('reset', 'POST', api_get_self().'?token='.$token);
  12. $form->addElement('header', get_lang('ResetPassword'));
  13. $form->addHidden('token', $token);
  14. $form->addElement('password', 'pass1', get_lang('Password'));
  15. $form->addElement('password', 'pass2', get_lang('Confirmation'), array('id' => 'pass2', 'size' => 20, 'autocomplete' => 'off'));
  16. $form->addRule('pass1', get_lang('ThisFieldIsRequired'), 'required');
  17. $form->addRule('pass2', get_lang('ThisFieldIsRequired'), 'required');
  18. $form->addRule(array('pass1', 'pass2'), get_lang('PassTwo'), 'compare');
  19. $form->addButtonSave(get_lang('Update'));
  20. $ttl = api_get_setting('user_reset_password_token_limit');
  21. if (empty($ttl)) {
  22. $ttl = 3600;
  23. }
  24. if ($form->validate()) {
  25. $em = Database::getManager();
  26. $values = $form->exportValues();
  27. $password = $values['pass1'];
  28. $token = $values['token'];
  29. /** @var \Chamilo\UserBundle\Entity\User $user */
  30. $user = UserManager::getManager()->findUserByConfirmationToken($token);
  31. if ($user) {
  32. if (!$user->isPasswordRequestNonExpired($ttl)) {
  33. Display::addFlash(Display::return_message(get_lang('LinkExpired')), 'warning');
  34. header('Location: '.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php');
  35. exit;
  36. }
  37. $user->setPlainPassword($password);
  38. $userManager = UserManager::getManager();
  39. $userManager->updateUser($user, true);
  40. $user->setConfirmationToken(null);
  41. $user->setPasswordRequestedAt(null);
  42. Database::getManager()->persist($user);
  43. Database::getManager()->flush();
  44. Display::addFlash(Display::return_message(get_lang('Updated')));
  45. header('Location: '.api_get_path(WEB_PATH));
  46. exit;
  47. } else {
  48. Display::addFlash(
  49. Display::return_message(get_lang('LinkExpired'))
  50. );
  51. }
  52. }
  53. $tpl->assign('form', $form->toHtml());
  54. $content = $tpl->get_template('auth/set_temp_password.tpl');
  55. $tpl->assign('content', $tpl->fetch($content));
  56. $tpl->display_one_col_template();