reset.php 2.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. <?php
  2. /* For license terms, see /license.txt */
  3. require_once __DIR__.'/../inc/global.inc.php';
  4. $token = isset($_GET['token']) ? $_GET['token'] : '';
  5. if (!ctype_alnum($token)) {
  6. $token = '';
  7. }
  8. $tpl = new Template(null);
  9. // Build the form
  10. $form = new FormValidator('reset', 'POST', api_get_self().'?token='.$token);
  11. $form->addElement('header', get_lang('ResetPassword'));
  12. $form->addHidden('token', $token);
  13. $form->addElement('password', 'pass1', get_lang('Password'));
  14. $form->addElement('password', 'pass2', get_lang('Confirmation'), array('id' => 'pass2', 'size' => 20, 'autocomplete' => 'off'));
  15. $form->addRule('pass1', get_lang('ThisFieldIsRequired'), 'required');
  16. $form->addRule('pass2', get_lang('ThisFieldIsRequired'), 'required');
  17. $form->addRule(array('pass1', 'pass2'), get_lang('PassTwo'), 'compare');
  18. $form->addButtonSave(get_lang('Update'));
  19. $ttl = api_get_setting('user_reset_password_token_limit');
  20. if (empty($ttl)) {
  21. $ttl = 3600;
  22. }
  23. if ($form->validate()) {
  24. $em = Database::getManager();
  25. $values = $form->exportValues();
  26. $password = $values['pass1'];
  27. $token = $values['token'];
  28. /** @var \Chamilo\UserBundle\Entity\User $user */
  29. $user = UserManager::getManager()->findUserByConfirmationToken($token);
  30. if ($user) {
  31. if (!$user->isPasswordRequestNonExpired($ttl)) {
  32. Display::addFlash(Display::return_message(get_lang('LinkExpired')), 'warning');
  33. header('Location: '.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php');
  34. exit;
  35. }
  36. $user->setPlainPassword($password);
  37. $userManager = UserManager::getManager();
  38. $userManager->updateUser($user, true);
  39. $user->setConfirmationToken(null);
  40. $user->setPasswordRequestedAt(null);
  41. Database::getManager()->persist($user);
  42. Database::getManager()->flush();
  43. Display::addFlash(Display::return_message(get_lang('Updated')));
  44. header('Location: '.api_get_path(WEB_PATH));
  45. exit;
  46. } else {
  47. Display::addFlash(
  48. Display::return_message(get_lang('LinkExpired'))
  49. );
  50. }
  51. }
  52. $tpl->assign('form', $form->toHtml());
  53. $content = $tpl->get_template('auth/set_temp_password.tpl');
  54. $tpl->assign('content', $tpl->fetch($content));
  55. $tpl->display_one_col_template();