File: resetpassword.php

package info (click to toggle)
php-horde 5.2.13%2Bdebian0-1%2Bdeb9u2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 12,652 kB
  • sloc: php: 11,153; xml: 6,751; javascript: 5,560; sh: 92; makefile: 33; sql: 1
file content (117 lines) | stat: -rw-r--r-- 4,844 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
<?php
/**
 * Copyright 2004-2016 Horde LLC (http://www.horde.org/)
 *
 * See the enclosed file COPYING for license information (LGPL-2). If you
 * did not receive this file, see http://www.horde.org/licenses/lgpl.
 *
 * @author Marko Djukic <marko@oblo.com>
 * @category Horde
 * @license  http://www.horde.org/licenses/lgpl LGPL-2
 * @package  Horde
 */

require_once __DIR__ . '/../lib/Application.php';
Horde_Registry::appInit('horde', array('authentication' => 'none'));

$vars = $injector->getInstance('Horde_Variables');

// Make sure auth backend allows passwords to be reset.
$auth = $injector->getInstance('Horde_Core_Factory_Auth')->create();
if (empty($conf['auth']['resetpassword']) ||
    !$auth->hasCapability('resetpassword')) {
    $notification->push(_("Cannot reset password automatically, contact your administrator."), 'horde.error');
    $registry->getServiceLink('login')->add('url', $vars->url)->redirect();
}

$title = _("Reset your password");
$form = new Horde_Form($vars, $title);
$form->setButtons(_("Continue"));

/* Set up the fields for the username and alternate email. */
$form->addHidden('', 'url', 'text', false);
$v = $form->addVariable(_("Username"), 'username', 'text', true);
$v->setOption('trackchange', true);
$form->addVariable(_("Alternate email address"), 'email', 'email', true);
$can_validate = false;

/* If a username has been supplied try fetching the prefs stored info. */
if ($username = $vars->get('username')) {
    $username = $registry->convertUsername($username, true);
    $prefs = $injector->getInstance('Horde_Core_Factory_Prefs')->create('horde', array(
        'cache' => false,
        'user' => $username
    ));
    $email = $prefs->getValue('alternate_email');
    /* Does the alternate email stored in prefs match the one submitted? */
    if ($vars->get('email') == $email) {
        $can_validate = true;
        $form->setButtons(_("Reset Password"));
        $question = $prefs->getValue('security_question');
        $form->addVariable($question, 'question', 'description', false);
        $form->addVariable(_("Answer"), 'answer', 'text', true);
        if (!$question) {
            $notification->push(_("No security question has been set. Please contact your administrator."), 'horde.error');
            $registry->getServiceLink('login')->add('url', $vars->url)->redirect();
        }
    } else {
        $notification->push(_("Incorrect username or alternate address. Try again or contact your administrator if you need further help."), 'horde.error');
    }
}

/* Validate the form. */
if ($can_validate && $form->validate($vars)) {
    $form->getInfo($vars, $info);

    /* Fetch values from prefs for selected user. */
    $answer = $prefs->getValue('security_answer');

    /* Check the given values witht the prefs stored ones. */
    if ($email == $info['email'] &&
        strtolower($answer) == strtolower($info['answer'])) {
        /* Info matches, so reset the password. */
        try {
            $password = $auth->resetPassword($info['username']);
            $success = true;
        } catch (Horde_Exception $e) {
            $notification->push($e);
            $success = false;
        }

        $mail = new Horde_Mime_Mail(array(
            'body' => sprintf(_("Your new password for %s is: %s"),
                        $registry->get('name', 'horde'),
                        $password
                      ),
            'charset' => 'UTF-8',
            'From' => empty($conf['auth']['resetpassword_from']) ? $email : $conf['auth']['resetpassword_from'],
            'To' => $email,
            'Subject' => _("Your password has been reset")
        ));

        try {
            $mail->send($injector->getInstance('Horde_Mail'));
            $notification->push(_("Your password has been reset, check your email and log in with your new password."), 'horde.success');
            $registry->getServiceLink('login')->add('url', $info['url'])->redirect();
            exit;
        } catch (Horde_Exception $e) {
            Horde::log($e, 'ERR');
            $notification->push(_("Your password has been reset, but couldn't be sent to you. Please contact the administrator."), 'horde.error');
        }
    } else {
        /* Info submitted does not match what is in prefs, redirect user back
         * to login. */
        $notification->push(_("Could not reset the password for the requested user. Some or all of the details are not correct. Try again or contact your administrator if you need further help."), 'horde.error');
    }
}

$renderer = new Horde_Core_Ui_ModalFormRenderer();

$page_output->topbar = $page_output->sidebar = false;

$page_output->header(array(
    'body_class' => 'modal-form',
    'title' => $title
));
require $registry->get('templates', 'horde') . '/login/resetpassword.inc';
$page_output->footer();