<?php
/**
* Reset a user's password.
*
* This is an admin action that generates a new salt and password
* for a user, then emails the password to the user's registered
* email address.
*
* NOTE: This is different to the "reset password" link users
* can use in that it does not first email the user asking if
* they want to have their password reset.
*
* @package Elgg.Core
* @subpackage Administration.User
*/
$guid = get_input('guid');
$user = get_entity($guid);
if ($user instanceof ElggUser && $user->canEdit()) {
$password = generate_random_cleartext_password();
if (force_user_password_reset($user->guid, $password)) {
system_message(elgg_echo('admin:user:resetpassword:yes'));
notify_user($user->guid, elgg_get_site_entity()->guid, elgg_echo('email:resetpassword:subject'), elgg_echo('email:resetpassword:body', array($user->username, $password)), array(), 'email');
} else {
register_error(elgg_echo('admin:user:resetpassword:no'));
}
} else {
register_error(elgg_echo('admin:user:resetpassword:no'));
}
forward(REFERER);
/**
* Validate and execute a password reset for a user.
*
* @param int $user_guid The user id
* @param string $conf_code Confirmation code as sent in the request email.
*/
function execute_new_password_request($user_guid, $conf_code)
{
global $CONFIG;
$user_guid = (int) $user_guid;
$user = get_entity($user_guid);
if ($user && get_private_setting($user_guid, 'passwd_conf_code') == $conf_code) {
$password = generate_random_cleartext_password();
if (force_user_password_reset($user_guid, $password)) {
//remove_metadata($user_guid, 'conf_code');
remove_private_setting($user_guid, 'passwd_conf_code');
$email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password);
return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email');
}
}
return false;
}
/**
* Validate and execute a password reset for a user.
*
* @param int $user_guid The user id
* @param string $conf_code Confirmation code as sent in the request email.
*
* @return mixed
*/
function execute_new_password_request($user_guid, $conf_code)
{
global $CONFIG;
$user_guid = (int) $user_guid;
$user = get_entity($user_guid);
if ($user instanceof ElggUser) {
$saved_code = $user->getPrivateSetting('passwd_conf_code');
if ($saved_code && $saved_code == $conf_code) {
$password = generate_random_cleartext_password();
if (force_user_password_reset($user_guid, $password)) {
remove_private_setting($user_guid, 'passwd_conf_code');
// clean the logins failures
reset_login_failure_count($user_guid);
$email = '<div style="color:#333;font-size:16px;">' . elgg_echo('email:resetpassword:body', array($user->name, $password)) . '</div>';
//return notify_user($user->guid, $CONFIG->site->guid,
// elgg_echo('email:resetpassword:subject'), $email, array(), 'email');
$site_name = elgg_get_site_entity()->name;
return zhgroups_send_email($site_name, $user->email, elgg_echo('email:resetpassword:subject', array($site_name)), $email);
}
}
}
return FALSE;
}
/**
* Validate and execute a password reset for a user.
*
* @param int $user_guid The user id
* @param string $conf_code Confirmation code as sent in the request email.
*
* @return mixed
*/
function execute_new_password_request($user_guid, $conf_code)
{
global $CONFIG;
$user_guid = (int) $user_guid;
$user = get_entity($user_guid);
if ($user) {
$saved_code = $user->getPrivateSetting('passwd_conf_code');
if ($saved_code && $saved_code == $conf_code) {
$password = generate_random_cleartext_password();
if (force_user_password_reset($user_guid, $password)) {
remove_private_setting($user_guid, 'passwd_conf_code');
// clean the logins failures
reset_login_failure_count($user_guid);
$email = elgg_echo('email:resetpassword:body', array($user->name, $password));
return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email');
}
}
}
return FALSE;
}
/**
* Validate and change password for a user.
*
* @param int $user_guid The user id
* @param string $conf_code Confirmation code as sent in the request email.
* @param string $password Optional new password, if not randomly generated.
*
* @return bool True on success
*/
function execute_new_password_request($user_guid, $conf_code, $password = null)
{
$user_guid = (int) $user_guid;
$user = get_entity($user_guid);
if ($password === null) {
$password = generate_random_cleartext_password();
$reset = true;
}
if (!elgg_instanceof($user, 'user')) {
return false;
}
$saved_code = $user->getPrivateSetting('passwd_conf_code');
$code_time = (int) $user->getPrivateSetting('passwd_conf_time');
if (!$saved_code || $saved_code != $conf_code) {
return false;
}
// Discard for security if it is 24h old
if (!$code_time || $code_time < time() - 24 * 60 * 60) {
return false;
}
if (force_user_password_reset($user_guid, $password)) {
remove_private_setting($user_guid, 'passwd_conf_code');
remove_private_setting($user_guid, 'passwd_conf_time');
// clean the logins failures
reset_login_failure_count($user_guid);
$ns = $reset ? 'resetpassword' : 'changepassword';
notify_user($user->guid, elgg_get_site_entity()->guid, elgg_echo("email:{$ns}:subject", array(), $user->language), elgg_echo("email:{$ns}:body", array($user->username, $password), $user->language), array(), 'email');
return true;
}
return false;
}
