lostPassword.php 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * SCRIPT PURPOSE :
  5. *
  6. * This script allows users to retrieve the password of their profile(s)
  7. * on the basis of their e-mail address. The password is send via email
  8. * to the user.
  9. *
  10. * Special case : If the password are encrypted in the database, we have
  11. * to generate a new one.
  12. *
  13. * @todo refactor, move relevant functions to code libraries
  14. *
  15. * @package chamilo.auth
  16. */
  17. require_once __DIR__.'/../inc/global.inc.php';
  18. // Custom pages
  19. // Had to move the form handling in here, because otherwise there would
  20. // already be some display output.
  21. // Forbidden to retrieve the lost password
  22. if (api_get_setting('allow_lostpassword') == 'false') {
  23. api_not_allowed(true);
  24. }
  25. $reset = Request::get('reset');
  26. $userId = Request::get('id');
  27. $this_section = SECTION_CAMPUS;
  28. $tool_name = get_lang('LostPassword');
  29. if ($reset && $userId) {
  30. $messageText = Login::reset_password($reset, $userId, true);
  31. if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) {
  32. CustomPages::display(
  33. CustomPages::INDEX_UNLOGGED,
  34. ['info' => $messageText]
  35. );
  36. exit;
  37. }
  38. Display::addFlash(
  39. Display::return_message($messageText, 'info', false)
  40. );
  41. header('Location: '.api_get_path(WEB_PATH));
  42. exit;
  43. }
  44. $form = new FormValidator('lost_password');
  45. $form->addHeader($tool_name);
  46. $form->addText('user', [get_lang('LoginOrEmailAddress'), get_lang('EnterEmailUserAndWellSendYouPassword')], true);
  47. $form->addButtonSend(get_lang('Send'));
  48. if ($form->validate()) {
  49. $values = $form->exportValues();
  50. $user = Login::get_user_accounts_by_username($values['user']);
  51. if (!$user) {
  52. $messageText = get_lang('NoUserAccountWithThisEmailAddress');
  53. if (CustomPages::enabled() && CustomPages::exists(CustomPages::LOST_PASSWORD)) {
  54. CustomPages::display(
  55. CustomPages::LOST_PASSWORD,
  56. ['info' => $messageText]
  57. );
  58. exit;
  59. }
  60. Display::addFlash(
  61. Display::return_message($messageText, 'error', false)
  62. );
  63. header('Location: '.api_get_self());
  64. exit;
  65. }
  66. $passwordEncryption = api_get_configuration_value('password_encryption');
  67. if ($passwordEncryption === 'none') {
  68. $messageText = Login::send_password_to_user($user, true);
  69. if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) {
  70. CustomPages::display(
  71. CustomPages::INDEX_UNLOGGED,
  72. ['info' => $messageText]
  73. );
  74. exit;
  75. }
  76. Display::addFlash(
  77. Display::return_message($messageText, 'info', false)
  78. );
  79. header('Location: '.api_get_path(WEB_PATH));
  80. exit;
  81. }
  82. if ($user['auth_source'] == 'extldap') {
  83. Display::addFlash(
  84. Display::return_message(get_lang('CouldNotResetPasswordBecauseLDAP'), 'info', false)
  85. );
  86. header('Location: '.api_get_path(WEB_PATH));
  87. exit;
  88. }
  89. $userResetPasswordSetting = api_get_setting('user_reset_password');
  90. if ($userResetPasswordSetting === 'true') {
  91. $userObj = Database::getManager()->getRepository('ChamiloUserBundle:User')->find($user['uid']);
  92. Login::sendResetEmail($userObj, true);
  93. if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) {
  94. CustomPages::display(
  95. CustomPages::INDEX_UNLOGGED,
  96. ['info' => get_lang('CheckYourEmailAndFollowInstructions')]
  97. );
  98. exit;
  99. }
  100. header('Location: '.api_get_path(WEB_PATH));
  101. exit;
  102. }
  103. $messageText = Login::handle_encrypted_password($user, true);
  104. if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) {
  105. CustomPages::display(
  106. CustomPages::INDEX_UNLOGGED,
  107. ['info' => $messageText]
  108. );
  109. exit;
  110. }
  111. Display::addFlash(
  112. Display::return_message($messageText, 'info', false)
  113. );
  114. header('Location: '.api_get_path(WEB_PATH));
  115. exit;
  116. }
  117. if (CustomPages::enabled() && CustomPages::exists(CustomPages::LOST_PASSWORD)) {
  118. CustomPages::display(
  119. CustomPages::LOST_PASSWORD,
  120. ['form' => $form->returnForm()]
  121. );
  122. exit;
  123. }
  124. $controller = new IndexManager($tool_name);
  125. $controller->set_login_form();
  126. $controller->tpl->assign('form', $form->returnForm());
  127. $template = $controller->tpl->get_template('auth/lost_password.tpl');
  128. $controller->tpl->display($template);