<?php /** * Reset a user's password. * * This is an admin action that generates a new salt and password * for a user, then emails the password to the user's registered * email address. * * NOTE: This is different to the "reset password" link users * can use in that it does not first email the user asking if * they want to have their password reset. * * @package Elgg.Core * @subpackage Administration.User */ $guid = get_input('guid'); $user = get_entity($guid); if ($user instanceof ElggUser && $user->canEdit()) { $password = generate_random_cleartext_password(); if (force_user_password_reset($user->guid, $password)) { system_message(elgg_echo('admin:user:resetpassword:yes')); notify_user($user->guid, elgg_get_site_entity()->guid, elgg_echo('email:resetpassword:subject'), elgg_echo('email:resetpassword:body', array($user->username, $password)), array(), 'email'); } else { register_error(elgg_echo('admin:user:resetpassword:no')); } } else { register_error(elgg_echo('admin:user:resetpassword:no')); } forward(REFERER);
/** * Validate and execute a password reset for a user. * * @param int $user_guid The user id * @param string $conf_code Confirmation code as sent in the request email. */ function execute_new_password_request($user_guid, $conf_code) { global $CONFIG; $user_guid = (int) $user_guid; $user = get_entity($user_guid); if ($user && get_private_setting($user_guid, 'passwd_conf_code') == $conf_code) { $password = generate_random_cleartext_password(); if (force_user_password_reset($user_guid, $password)) { //remove_metadata($user_guid, 'conf_code'); remove_private_setting($user_guid, 'passwd_conf_code'); $email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password); return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email'); } } return false; }
/** * Validate and execute a password reset for a user. * * @param int $user_guid The user id * @param string $conf_code Confirmation code as sent in the request email. * * @return mixed */ function execute_new_password_request($user_guid, $conf_code) { global $CONFIG; $user_guid = (int) $user_guid; $user = get_entity($user_guid); if ($user instanceof ElggUser) { $saved_code = $user->getPrivateSetting('passwd_conf_code'); if ($saved_code && $saved_code == $conf_code) { $password = generate_random_cleartext_password(); if (force_user_password_reset($user_guid, $password)) { remove_private_setting($user_guid, 'passwd_conf_code'); // clean the logins failures reset_login_failure_count($user_guid); $email = '<div style="color:#333;font-size:16px;">' . elgg_echo('email:resetpassword:body', array($user->name, $password)) . '</div>'; //return notify_user($user->guid, $CONFIG->site->guid, // elgg_echo('email:resetpassword:subject'), $email, array(), 'email'); $site_name = elgg_get_site_entity()->name; return zhgroups_send_email($site_name, $user->email, elgg_echo('email:resetpassword:subject', array($site_name)), $email); } } } return FALSE; }
/** * Validate and execute a password reset for a user. * * @param int $user_guid The user id * @param string $conf_code Confirmation code as sent in the request email. * * @return mixed */ function execute_new_password_request($user_guid, $conf_code) { global $CONFIG; $user_guid = (int) $user_guid; $user = get_entity($user_guid); if ($user) { $saved_code = $user->getPrivateSetting('passwd_conf_code'); if ($saved_code && $saved_code == $conf_code) { $password = generate_random_cleartext_password(); if (force_user_password_reset($user_guid, $password)) { remove_private_setting($user_guid, 'passwd_conf_code'); // clean the logins failures reset_login_failure_count($user_guid); $email = elgg_echo('email:resetpassword:body', array($user->name, $password)); return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email'); } } } return FALSE; }
/** * Validate and change password for a user. * * @param int $user_guid The user id * @param string $conf_code Confirmation code as sent in the request email. * @param string $password Optional new password, if not randomly generated. * * @return bool True on success */ function execute_new_password_request($user_guid, $conf_code, $password = null) { $user_guid = (int) $user_guid; $user = get_entity($user_guid); if ($password === null) { $password = generate_random_cleartext_password(); $reset = true; } if (!elgg_instanceof($user, 'user')) { return false; } $saved_code = $user->getPrivateSetting('passwd_conf_code'); $code_time = (int) $user->getPrivateSetting('passwd_conf_time'); if (!$saved_code || $saved_code != $conf_code) { return false; } // Discard for security if it is 24h old if (!$code_time || $code_time < time() - 24 * 60 * 60) { return false; } if (force_user_password_reset($user_guid, $password)) { remove_private_setting($user_guid, 'passwd_conf_code'); remove_private_setting($user_guid, 'passwd_conf_time'); // clean the logins failures reset_login_failure_count($user_guid); $ns = $reset ? 'resetpassword' : 'changepassword'; notify_user($user->guid, elgg_get_site_entity()->guid, elgg_echo("email:{$ns}:subject", array(), $user->language), elgg_echo("email:{$ns}:body", array($user->username, $password), $user->language), array(), 'email'); return true; } return false; }