/** * @group IL_Init */ public function testPasswordAssisstanceSession() { global $ilUser; include_once "./include/inc.pwassist_session_handler.php"; $result = ""; // write session db_pwassist_session_write("12345", 60, $ilUser->getId()); // find $res = db_pwassist_session_find($ilUser->getId()); if ($res["pwassist_id"] == "12345") { $result .= "find-"; } // read $res = db_pwassist_session_read("12345"); if ($res["user_id"] == $ilUser->getId()) { $result .= "read-"; } // destroy db_pwassist_session_destroy("12345"); $res = db_pwassist_session_read("12345"); if (!$res) { $result .= "destroy-"; } db_pwassist_session_gc(); $this->assertEquals("find-read-destroy-", $result); }
/** Creates (or reuses) a password assistance session, and sends a password * assistance mail to the specified user. * * Note: To prevent DOS attacks, a new session is created only, if no session * exists, or if the existing session has been expired. * * The password assistance mail contains an URL, which points to this script * and contains the following URL parameters: * client_id * key * * @param usrObj An instance of class.ilObjUserObject.php. */ function sendPasswordAssistanceMail($userObj) { global $lng, $ilias; include_once "Services/Mail/classes/class.ilMailbox.php"; include_once "Services/Mail/classes/class.ilMimeMail.php"; require_once "include/inc.pwassist_session_handler.php"; // Check if we need to create a new session $pwassist_session = db_pwassist_session_find($userObj->getId()); if (count($pwassist_session) == 0 || $pwassist_session["expires"] < time() || true) { // Create a new session id // #9700 - this didn't do anything before?! // db_set_save_handler(); session_start(); $pwassist_session["pwassist_id"] = db_pwassist_create_id(); session_destroy(); db_pwassist_session_write($pwassist_session["pwassist_id"], 3600, $userObj->getId()); } $protocol = isset($_SERVER['HTTPS']) ? "https://" : "http://"; // Compose the mail $server_url = $protocol . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')) . '/'; // XXX - Werner Randelshofer - Insert code here to dynamically get the // the delimiter. For URL's that are sent by e-mail to a user, // it is best to use semicolons as parameter delimiter $delimiter = "&"; $pwassist_url = $protocol . $_SERVER['HTTP_HOST'] . str_replace("ilias.php", "pwassist.php", $_SERVER['PHP_SELF']) . "?client_id=" . $ilias->getClientId() . $delimiter . "lang=" . $lng->getLangKey() . $delimiter . "key=" . $pwassist_session["pwassist_id"]; $alternative_pwassist_url = $protocol . $_SERVER['HTTP_HOST'] . str_replace("ilias.php", "pwassist.php", $_SERVER['PHP_SELF']) . "?client_id=" . $ilias->getClientId() . $delimiter . "lang=" . $lng->getLangKey() . $delimiter . "key=" . $pwassist_session["pwassist_id"]; $contact_address = $ilias->getSetting("admin_email"); //echo "<br>-".htmlentities($pwassist_url)."-"; $mm = new ilMimeMail(); $mm->Subject($lng->txt("pwassist_mail_subject")); $mm->From($contact_address); $mm->To($userObj->getEmail()); $mm->Body(str_replace(array("\\n", "\\t"), array("\n", "\t"), sprintf($lng->txt("pwassist_mail_body"), $pwassist_url, $server_url, $_SERVER['REMOTE_ADDR'], $userObj->getLogin(), 'mailto:' . $contact_address, $alternative_pwassist_url))); $mm->Send(); }
/** * Creates (or reuses) a password assistance session, and sends a password * assistance mail to the specified user. * Note: To prevent DOS attacks, a new session is created only, if no session * exists, or if the existing session has been expired. * The password assistance mail contains an URL, which points to this script * and contains the following URL parameters: * client_id * key * @param $userObj ilObjUser */ public function sendPasswordAssistanceMail(ilObjUser $userObj) { require_once 'Services/Mail/classes/class.ilMailbox.php'; require_once 'Services/Mail/classes/class.ilMimeMail.php'; require_once 'include/inc.pwassist_session_handler.php'; // Check if we need to create a new session $pwassist_session = db_pwassist_session_find($userObj->getId()); if (count($pwassist_session) == 0 || $pwassist_session['expires'] < time() || true) { // Create a new session id // #9700 - this didn't do anything before?! // db_set_save_handler(); session_start(); $pwassist_session['pwassist_id'] = db_pwassist_create_id(); session_destroy(); db_pwassist_session_write($pwassist_session['pwassist_id'], 3600, $userObj->getId()); } $protocol = $this->https->isDetected() ? 'https://' : 'http://'; // Compose the mail $server_url = $protocol . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')) . '/'; // XXX - Werner Randelshofer - Insert code here to dynamically get the // the delimiter. For URL's that are sent by e-mail to a user, // it is best to use semicolons as parameter delimiter $delimiter = '&'; $pwassist_url = $protocol . $_SERVER['HTTP_HOST'] . str_replace('ilias.php', 'pwassist.php', $_SERVER['PHP_SELF']) . '?client_id=' . $this->ilias->getClientId() . $delimiter . 'lang=' . $this->lng->getLangKey() . $delimiter . 'key=' . $pwassist_session['pwassist_id']; $alternative_pwassist_url = $protocol . $_SERVER['HTTP_HOST'] . str_replace('ilias.php', 'pwassist.php', $_SERVER['PHP_SELF']) . '?client_id=' . $this->ilias->getClientId() . $delimiter . 'lang=' . $this->lng->getLangKey() . $delimiter . 'key=' . $pwassist_session['pwassist_id']; $contact_address = $this->settings->get('admin_email'); $mm = new ilMimeMail(); $mm->Subject($this->lng->txt('pwassist_mail_subject')); $mm->From($contact_address); $mm->To($userObj->getEmail()); $mm->Body(str_replace(array("\\n", "\\t"), array("\n", "\t"), sprintf($this->lng->txt('pwassist_mail_body'), $pwassist_url, $server_url, $_SERVER['REMOTE_ADDR'], $userObj->getLogin(), 'mailto:' . $contact_address, $alternative_pwassist_url))); $mm->Send(); }