chamilo-lms/main/auth/lost_password.lib.php

<?php
/* For licensing terms, see /dokeos_license.txt */

/**
 * Get email headers
 *
 * @return string
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
function get_email_headers()
{
	global $charset;
	$emailHeaders = "From: \"".addslashes(api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS))."\" <".api_get_setting('emailAdministrator').">\n";
	$emailHeaders .= "Reply-To: ".api_get_setting('emailAdministrator')."\n";
	$emailHeaders .= "Return-Path: ".api_get_setting('emailAdministrator')."\n";
	$emailHeaders .= "X-Sender: ".api_get_setting('emailAdministrator')."\n";
	$emailHeaders .= "X-Mailer: PHP / ".phpversion()."\n";
	$emailHeaders .= "Content-Type: text/plain;\n\tcharset=\"".$charset."\"\n";
	$emailHeaders .= "Mime-Version: 1.0";
	return $emailHeaders;
}
/**
 * Enter description here...
 *
 * @param unknown_type $user
 * @param boolean $reset
 * @return unknown
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
function get_user_account_list($user, $reset = false)
{
	global $_configuration;
	$portal_url = $_configuration['root_web'];
	if ($_configuration['multiple_access_urls']==true) {
		$access_url_id = api_get_current_access_url_id();
		if ($access_url_id != -1 ){
			$url = api_get_access_url($access_url_id);
			$portal_url = $url['url'];
		}
	}

	if ($reset==true) {
		foreach ($user as $thisUser) {
			$secretword = get_secret_word($thisUser["email"]);
			if ($reset)	{
				$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$thisUser['uid'];
			} else {
				$reset_link = get_lang('Pass')." : $thisUser[password]";
			}
			$userAccountList[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$thisUser['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
		}
		if ($userAccountList)
		{
			$userAccountList = implode("\n------------------------\n", $userAccountList);
		}
	} else {
	    $user = $user[0];
	    $reset_link = get_lang('Pass')." : $user[password]";
       	$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.'';
	}
	return $userAccountList;
}
/**
 * This function sends the actual password to the user
 *
 * @param unknown_type $user
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
function send_password_to_user($user)
{
	global $charset;
	global $_configuration;
	$emailHeaders = get_email_headers(); // Email Headers
	$emailSubject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
	$userAccountList = get_user_account_list($user); // BODY
	$portal_url = $_configuration['root_web'];
	if ($_configuration['multiple_access_urls']==true) {
		$access_url_id = api_get_current_access_url_id();
		if ($access_url_id != -1 ){
			$url = api_get_access_url($access_url_id);
			$portal_url = $url['url'];
		}
	}

	$emailBody = get_lang('YourAccountParam')." ".$portal_url."\n\n$userAccountList";
	// SEND MESSAGE
	$emailTo = $user[0]["email"];
	$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
    $email_admin = api_get_setting('emailAdministrator');

	if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name,$email_admin)==1) {
		Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
	} else {
		$message = get_lang('SystemUnableToSendEmailContact') . Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
		Display::display_error_message($message, false);
	}
}
/**
 * Enter description here...
 *
 * @param unknown_type $user
 * @return unknown
 *
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
function handle_encrypted_password($user)
{
	global $charset;
	global $_configuration;
	$emailHeaders = get_email_headers(); // Email Headers
	$emailSubject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
	$userAccountList = get_user_account_list($user, true); // BODY
	$emailTo = $user[0]["email"];
	$secretword = get_secret_word($emailTo);
	$emailBody = get_lang('DearUser')." :\n".get_lang("password_request")."\n\n";
	$emailBody .= "-----------------------------------------------\n".$userAccountList."\n-----------------------------------------------\n\n";
	$emailBody .=get_lang('PasswordEncryptedForSecurity');
	$emailBody .="\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin');
	$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
    $email_admin = api_get_setting('emailAdministrator');

	if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name,$email_admin)==1)
	{
		Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
	}
	else
	{
		$message = get_lang('SystemUnableToSendEmailContact') . Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
		Display::display_error_message($message, false);
	}
}
/**
 * Enter description here...
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
function get_secret_word($add)
{
	global $_configuration;
	return $secretword = md5($_configuration['security_key'].$add);
}
/**
 * Enter description here...
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
function reset_password($secret, $id)
{
	global $your_password_has_been_reset,$userPasswordCrypted;
	$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
	$id = (int) $id;
	$sql = "SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, username AS loginName, password, email FROM ".$tbl_user." WHERE user_id=$id";
	$result = api_sql_query($sql,__FILE__,__LINE__);
	if ($result && mysql_num_rows($result))
	{
		$user[] = mysql_fetch_array($result);
	}
	else
	{
		return "Could not reset password.";
	}
	if (get_secret_word($user[0]["email"]) == $secret) // OK, secret word is good. Now change password and mail it.
	{
		$user[0]["password"] = api_generate_password();
		$crypted = $user[0]["password"];
		$crypted = api_get_encrypted_password($crypted);
		api_sql_query("UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id=$id");
		return send_password_to_user($user, $your_password_has_been_reset);
	}
	else
	{
		return "Not allowed.";
	}
}
?>
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`<?php`
Fixing email messages to user when login 16 years ago			`/* For licensing terms, see /dokeos_license.txt */`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`/**`
Fixing email messages to user when login 16 years ago			`* Get email headers`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`*`
Fixing email messages to user when login 16 years ago			`* @return string`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University`
			`*/`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`function get_email_headers()`
			`{`
			`global $charset;`
Bug #3646 and Issue #306 - User profile and Platform administrator's tools (Part 5): Fixing person name order and sorting to be dependable on the internationalization settings. 16 years ago			`$emailHeaders = "From: \"".addslashes(api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS))."\" <".api_get_setting('emailAdministrator').">\n";`
Feature #3287 - Replacement call of the deprecated function get_setting() with api_get_setting(). The function get_setting() will be deleted in the main API in Dokeos 1.8.7, the this task #3287 will be closed. Nothing is to be tested at the moment. 16 years ago			`$emailHeaders .= "Reply-To: ".api_get_setting('emailAdministrator')."\n";`
			`$emailHeaders .= "Return-Path: ".api_get_setting('emailAdministrator')."\n";`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`$emailHeaders .= "X-Sender: ".api_get_setting('emailAdministrator')."\n";`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`$emailHeaders .= "X-Mailer: PHP / ".phpversion()."\n";`
			`$emailHeaders .= "Content-Type: text/plain;\n\tcharset=\"".$charset."\"\n";`
			`$emailHeaders .= "Mime-Version: 1.0";`
			`return $emailHeaders;`
			`}`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`/**`
			`* Enter description here...`
			`*`
			`* @param unknown_type $user`
Fixing email messages to user when login 16 years ago			`* @param boolean $reset`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`* @return unknown`
			`* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University`
			`*/`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`function get_user_account_list($user, $reset = false)`
			`{`
[svn r10082] cleanup $_configuration 19 years ago			`global $_configuration;`
[svn r18376] Bug fixed: now we show in the emails the correct Dokeos URL when the "multiple url" option is enabled see FS#3462 16 years ago			`$portal_url = $_configuration['root_web'];`
			`if ($_configuration['multiple_access_urls']==true) {`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`$access_url_id = api_get_current_access_url_id();`
[svn r18376] Bug fixed: now we show in the emails the correct Dokeos URL when the "multiple url" option is enabled see FS#3462 16 years ago			`if ($access_url_id != -1 ){`
			`$url = api_get_access_url($access_url_id);`
			`$portal_url = $url['url'];`
			`}`
Fixing email messages to user when login 16 years ago			`}`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago
			`if ($reset==true) {`
Fixing email messages to user when login 16 years ago			`foreach ($user as $thisUser) {`
			`$secretword = get_secret_word($thisUser["email"]);`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`if ($reset) {`
			`$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$thisUser['uid'];`
Fixing email messages to user when login 16 years ago			`} else {`
			`$reset_link = get_lang('Pass')." : $thisUser[password]";`
			`}`
			`$userAccountList[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$thisUser['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`}`
Fixing email messages to user when login 16 years ago			`if ($userAccountList)`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`{`
Fixing email messages to user when login 16 years ago			`$userAccountList = implode("\n------------------------\n", $userAccountList);`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`}`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`} else {`
Fixing email messages to user when login 16 years ago			`$user = $user[0];`
			`$reset_link = get_lang('Pass')." : $user[password]";`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.'';`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`}`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`return $userAccountList;`
			`}`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`/**`
			`* This function sends the actual password to the user`
			`*`
			`* @param unknown_type $user`
			`* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University`
			`*/`
			`function send_password_to_user($user)`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`{`
			`global $charset;`
[svn r10082] cleanup $_configuration 19 years ago			`global $_configuration;`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`$emailHeaders = get_email_headers(); // Email Headers`
Feature #3287 - Replacement call of the deprecated function get_setting() with api_get_setting(). The function get_setting() will be deleted in the main API in Dokeos 1.8.7, the this task #3287 will be closed. Nothing is to be tested at the moment. 16 years ago			`$emailSubject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`$userAccountList = get_user_account_list($user); // BODY`
[svn r18376] Bug fixed: now we show in the emails the correct Dokeos URL when the "multiple url" option is enabled see FS#3462 16 years ago			`$portal_url = $_configuration['root_web'];`
			`if ($_configuration['multiple_access_urls']==true) {`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`$access_url_id = api_get_current_access_url_id();`
[svn r18376] Bug fixed: now we show in the emails the correct Dokeos URL when the "multiple url" option is enabled see FS#3462 16 years ago			`if ($access_url_id != -1 ){`
			`$url = api_get_access_url($access_url_id);`
			`$portal_url = $url['url'];`
			`}`
			`}`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago
[svn r18376] Bug fixed: now we show in the emails the correct Dokeos URL when the "multiple url" option is enabled see FS#3462 16 years ago			`$emailBody = get_lang('YourAccountParam')." ".$portal_url."\n\n$userAccountList";`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`// SEND MESSAGE`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`$emailTo = $user[0]["email"];`
Bug #3646 and Issue #306 - User profile and Platform administrator's tools (Part 5): Fixing person name order and sorting to be dependable on the internationalization settings. 16 years ago			`$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`$email_admin = api_get_setting('emailAdministrator');`

Fixing email messages to user when login 16 years ago			`if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name,$email_admin)==1) {`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));`
Fixing email messages to user when login 16 years ago			`} else {`
Feature #3287 - Replacement call of the deprecated function get_setting() with api_get_setting(). The function get_setting() will be deleted in the main API in Dokeos 1.8.7, the this task #3287 will be closed. Nothing is to be tested at the moment. 16 years ago			`$message = get_lang('SystemUnableToSendEmailContact') . Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`Display::display_error_message($message, false);`
			`}`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`}`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`/**`
			`* Enter description here...`
			`*`
			`* @param unknown_type $user`
			`* @return unknown`
			`*`
			`* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University`
			`*/`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`function handle_encrypted_password($user)`
			`{`
			`global $charset;`
[svn r10082] cleanup $_configuration 19 years ago			`global $_configuration;`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`$emailHeaders = get_email_headers(); // Email Headers`
Feature #3287 - Replacement call of the deprecated function get_setting() with api_get_setting(). The function get_setting() will be deleted in the main API in Dokeos 1.8.7, the this task #3287 will be closed. Nothing is to be tested at the moment. 16 years ago			`$emailSubject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`$userAccountList = get_user_account_list($user, true); // BODY`
			`$emailTo = $user[0]["email"];`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago			`$secretword = get_secret_word($emailTo);`
[svn r12348] Change the mail for lost passwords 18 years ago			`$emailBody = get_lang('DearUser')." :\n".get_lang("password_request")."\n\n";`
			`$emailBody .= "-----------------------------------------------\n".$userAccountList."\n-----------------------------------------------\n\n";`
			`$emailBody .=get_lang('PasswordEncryptedForSecurity');`
			`$emailBody .="\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin');`
Bug #3646 and Issue #306 - User profile and Platform administrator's tools (Part 5): Fixing person name order and sorting to be dependable on the internationalization settings. 16 years ago			`$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);`
Feature #3287 - Replacement call of the deprecated function get_setting() with api_get_setting(). The function get_setting() will be deleted in the main API in Dokeos 1.8.7, the this task #3287 will be closed. Nothing is to be tested at the moment. 16 years ago			`$email_admin = api_get_setting('emailAdministrator');`
Feature #306 - Trimming totally trailing whitespace in php-source files, part 1, 220 files. 16 years ago
[svn r17754] Minor - Logic changes - Fixed e-mail sender headers - see FS#2445 16 years ago			`if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name,$email_admin)==1)`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`{`
			`Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));`
			`}`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`else`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`{`
Feature #3287 - Replacement call of the deprecated function get_setting() with api_get_setting(). The function get_setting() will be deleted in the main API in Dokeos 1.8.7, the this task #3287 will be closed. Nothing is to be tested at the moment. 16 years ago			`$message = get_lang('SystemUnableToSendEmailContact') . Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`Display::display_error_message($message, false);`
			`}`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`}`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`/**`
			`* Enter description here...`
			`* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University`
			`*/`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`function get_secret_word($add)`
			`{`
[svn r10114] cleanup and use of $_configuration 19 years ago			`global $_configuration;`
			`return $secretword = md5($_configuration['security_key'].$add);`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`}`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`/**`
			`* Enter description here...`
			`* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University`
			`*/`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`function reset_password($secret, $id)`
			`{`
			`global $your_password_has_been_reset,$userPasswordCrypted;`
[svn r10190] first run of cleanup of the table names http://www.dokeos.com/forum/viewtopic.php?t=7982 19 years ago			`$tbl_user = Database::get_main_table(TABLE_MAIN_USER);`
[svn r11158] Added explicit int cast, fixing security bug http://projects.dokeos.com/?do=details&id=1201 18 years ago			`$id = (int) $id;`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`$sql = "SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, username AS loginName, password, email FROM ".$tbl_user." WHERE user_id=$id";`
			`$result = api_sql_query($sql,__FILE__,__LINE__);`
			`if ($result && mysql_num_rows($result))`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`{`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`$user[] = mysql_fetch_array($result);`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`}`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`else`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`{`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`return "Could not reset password.";`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`}`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`if (get_secret_word($user[0]["email"]) == $secret) // OK, secret word is good. Now change password and mail it.`
			`{`
			`$user[0]["password"] = api_generate_password();`
			`$crypted = $user[0]["password"];`
[svn r18942] Implementing sha1 as a possibility to encrypt user passwords see SVN#3798 16 years ago			`$crypted = api_get_encrypted_password($crypted);`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`api_sql_query("UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id=$id");`
			`return send_password_to_user($user, $your_password_has_been_reset);`
			`}`
			`else`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`{`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`return "Not allowed.";`
[svn r11873] consistency improvements improvements xhtml compliance coding guidelines 18 years ago			`}`
[svn r9834] desactivate upgrade button (not yet tested) 19 years ago			`}`
			`?>`