changues in lost password

16 years ago · 1ee5c46fab
parent 2db8ae59e1
commit 1ee5c46fab
2 changed files with 158 additions and 106 deletions
--- a/main/auth/lostPassword.php
+++ b/main/auth/lostPassword.php
@ -25,71 +25,85 @@ require_once(api_get_path(INCLUDE_PATH).'lib/mail.lib.inc.php');
 $tool_name = get_lang('LostPassword');
 Display :: display_header($tool_name);

+$this_section = SECTION_CAMPUS;
+$tool_name = get_lang('LostPass');
+
 // Forbidden to retrieve the lost password
-if (api_get_setting('allow_lostpassword') == "false")
-{
+if (get_setting('allow_lostpassword') == "false") {
 	api_not_allowed();
 }
 echo '<div class="actions-title">';
 echo $tool_name;
 echo '</div>';
-$tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
+
 if (isset ($_GET["reset"]) && isset ($_GET["id"])) {
-	$msg = reset_password($_GET["reset"], $_GET["id"]);
+	
+	$msg = reset_password($_GET["reset"], $_GET["id"], true);
 	$msg1= '<a href="'.api_get_path(WEB_PATH).'main/auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>';
 	echo '<br/><br/><div class="actions" >'.$msg1.'</div>';
+	
 } else {
 	$form = new FormValidator('lost_password');
-	$form->add_textfield('email', get_lang('Email'), false, 'size="40"');
+	$form->addElement('text', 'user', get_lang('langUser'), array('size'=>'40'));
+	$form->addElement('text', 'email', get_lang('Email'), array('size'=>'40'));
+	
 	$form->applyFilter('email','strtolower');
 	$form->addElement('style_submit_button', 'submit', get_lang('Send'),'class="save"');
-	if ($form->validate())
-	{
+	
+	// setting the rules
+	$form->addRule('user', '<div class="required">'.get_lang('ThisFieldIsRequired'), 'required');
+	
+	if ($form->validate()) {
 		$values = $form->exportValues();
+		$user = $values['user'];
 		$email = $values['email'];
-		$result = Database::query("SELECT user_id AS uid, lastname AS lastName, firstname AS firstName,
-											username AS loginName, password, email, status AS status,
-											official_code, phone, picture_uri, creator_id
-											FROM ".$tbl_user."
-											WHERE LOWER(email) = '".mysql_real_escape_string($email)."'
-											AND   email != '' ", __FILE__, __LINE__);
-		if ($result && Database::num_rows($result))
-		{
-			while ($data = Database::fetch_array($result))
-			{
-				$user[] = $data;
-			}
-			if ($userPasswordCrypted!='none')
-			{
-				$msg = handle_encrypted_password($user);
+		
+		$condition = '';
+		if (!empty($email)) {
+			$condition = " AND LOWER(email) = '".mysql_real_escape_string($email)."' ";
+		}
+		
+		$tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
+		$query = " SELECT user_id AS uid, lastname AS lastName, firstname AS firstName,
+				   	username AS loginName, password, email, status AS status,
+					official_code, phone, picture_uri, creator_id
+				   FROM ".$tbl_user."
+					WHERE ( username = '".mysql_real_escape_string($user)."' $condition ) ";
+		
+		$result = Database::query($query, __FILE__, __LINE__);
+		$num_rows = Database::num_rows($result);
+		
+		if ($result && $num_rows > 0) {
+			if ($num_rows > 1) {
+				$by_username = false; // more than one user
+				while ($data = Database::fetch_array($result)) {
+					$user[] = $data;
+				}
+			} else {
+				$by_username = true; // single user (valid user + email)
+				$user = Database::fetch_array($result);
 			}
-			else
-			{
-				send_password_to_user($user);
+			if ($userPasswordCrypted != 'none') {
+				handle_encrypted_password($user, $by_username);
+			} else {
+				send_password_to_user($user, $by_username);
 			}
+		} else {
+			Display::display_error_message(get_lang('NoUserAccountWithThisEmailAddress'));
 		}
-		else
-		{
-			Display::display_error_message(get_lang('_no_user_account_with_this_email_address'));
-		}
+		
 		$msg .= '<a href="'.api_get_path(WEB_PATH).'main/auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>';
 		echo '<br/><br/><div class="actions" >'.$msg.'</div>';
-	}
-	else
-	{
+		
+	} else {
+		
 		echo '<p>';
-		echo get_lang('_enter_email_and_well_send_you_password');
+		echo get_lang('EnterEmailUserAndWellSendYouPassword');
 		echo '</p>';
 		$form->display();
-		?>
-		<br/>
-		<div class="actions">
-		<a href="<?php echo api_get_path(WEB_PATH); ?>" class="fake_button_back" ><?php echo get_lang('Back'); ?></a>
-		</div>
-		<?php
 	}
 }

 Display :: display_footer();
 //////////////////////////////////////////////////////////////////////////////
-?>
+?>
--- a/main/auth/lost_password.lib.php
+++ b/main/auth/lost_password.lib.php
@ -10,10 +10,10 @@
 function get_email_headers()
 {
 	global $charset;
-	$emailHeaders = "From: \"".addslashes(api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS))."\" <".api_get_setting('emailAdministrator').">\n";
+	$emailHeaders = "From: \"".addslashes(api_get_setting('administratorSurname')." ".api_get_setting('administratorName'))."\" <".api_get_setting('emailAdministrator').">\n";
 	$emailHeaders .= "Reply-To: ".api_get_setting('emailAdministrator')."\n";
 	$emailHeaders .= "Return-Path: ".api_get_setting('emailAdministrator')."\n";
-	$emailHeaders .= "X-Sender: ".api_get_setting('emailAdministrator')."\n";
+	$emailHeaders .= "X-Sender: ".api_get_setting('emailAdministrator')."\n";	
 	$emailHeaders .= "X-Mailer: PHP / ".phpversion()."\n";
 	$emailHeaders .= "Content-Type: text/plain;\n\tcharset=\"".$charset."\"\n";
 	$emailHeaders .= "Mime-Version: 1.0";
@ -24,39 +24,64 @@ function get_email_headers()
 *
 * @param unknown_type $user
 * @param boolean $reset
+ * @param boolean $by_username
 * @return unknown
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
-function get_user_account_list($user, $reset = false)
+function get_user_account_list($user, $reset = false, $by_username = false)
 {
 	global $_configuration;
 	$portal_url = $_configuration['root_web'];
 	if ($_configuration['multiple_access_urls']==true) {
-		$access_url_id = api_get_current_access_url_id();
+		$access_url_id = api_get_current_access_url_id();				
 		if ($access_url_id != -1 ){
 			$url = api_get_access_url($access_url_id);
 			$portal_url = $url['url'];
 		}
 	}
-
-	if ($reset==true) {
-		foreach ($user as $thisUser) {
-			$secretword = get_secret_word($thisUser["email"]);
+	
+	if ($reset == true) {
+		
+		if ($by_username == true) {
+			
+			$secretword = get_secret_word($user["email"]);
 			if ($reset)	{
-				$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$thisUser['uid'];
+				$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$user['uid'];			
 			} else {
-				$reset_link = get_lang('Pass')." : $thisUser[password]";
+				$reset_link = get_lang('Pass')." : $user[password]";
 			}
-			$userAccountList[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$thisUser['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
-		}
-		if ($userAccountList)
-		{
-			$userAccountList = implode("\n------------------------\n", $userAccountList);
+			$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
+			
+			if ($userAccountList) {
+				$userAccountList = "\n------------------------\n" . $userAccountList;
+			}
+			
+		} else {
+			
+			foreach ($user as $thisUser) {
+				$secretword = get_secret_word($thisUser["email"]);
+				if ($reset)	{								
+					$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$thisUser['uid'];			
+				} else {
+					$reset_link = get_lang('Pass')." : $thisUser[password]";
+				}
+				$userAccountList[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$thisUser['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
+			}
+		
+			if ($userAccountList) {
+				$userAccountList = implode("\n------------------------\n", $userAccountList);
+			}
+		
 		}
+		
 	} else {
-	    $user = $user[0];
+		
+		if ($by_username == false) {
+			$user = $user[0];
+		}
 	    $reset_link = get_lang('Pass')." : $user[password]";
-       	$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.'';
+       	$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.'';	
+		
 	}
 	return $userAccountList;
 }
@ -66,66 +91,78 @@ function get_user_account_list($user, $reset = false)
 * @param unknown_type $user
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
-function send_password_to_user($user)
+function send_password_to_user($user, $by_username = false)
 {
 	global $charset;
 	global $_configuration;
 	$emailHeaders = get_email_headers(); // Email Headers
-	$emailSubject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
-	$userAccountList = get_user_account_list($user); // BODY
+	$emailSubject = "[".get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
+	
+	if ($by_username == true) { // Show only for lost password
+		$userAccountList = get_user_account_list($user, false, $by_username); // BODY
+		$emailTo = $user["email"];
+	} else {
+		$userAccountList = get_user_account_list($user); // BODY
+		$emailTo = $user[0]["email"];
+	}
+	
 	$portal_url = $_configuration['root_web'];
-	if ($_configuration['multiple_access_urls']==true) {
-		$access_url_id = api_get_current_access_url_id();
+	if ($_configuration['multiple_access_urls'] == true) {
+		$access_url_id = api_get_current_access_url_id();				
 		if ($access_url_id != -1 ){
 			$url = api_get_access_url($access_url_id);
 			$portal_url = $url['url'];
 		}
 	}
-
+	
 	$emailBody = get_lang('YourAccountParam')." ".$portal_url."\n\n$userAccountList";
-	// SEND MESSAGE
-	$emailTo = $user[0]["email"];
-	$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
-    $email_admin = api_get_setting('emailAdministrator');
-
-	if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name,$email_admin)==1) {
+	// SEND MESSAGE			
+	$sender_name = get_setting('administratorName').' '.get_setting('administratorSurname');
+    $email_admin = get_setting('emailAdministrator');			
+				
+	if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name, $email_admin) == 1) {
 		Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
 	} else {
-		$message = get_lang('SystemUnableToSendEmailContact') . Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
-		Display::display_error_message($message, false);
+		$message = get_lang('SystemUnableToSendEmailContact') . ' ' . Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
 	}
 }
 /**
 * Enter description here...
 *
- * @param unknown_type $user
+ * @param unknown_type	$user
+ * @param bool	$by_username
 * @return unknown
 *
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
-function handle_encrypted_password($user)
+function handle_encrypted_password($user, $by_username = false)
 {
 	global $charset;
 	global $_configuration;
+	
 	$emailHeaders = get_email_headers(); // Email Headers
-	$emailSubject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
-	$userAccountList = get_user_account_list($user, true); // BODY
-	$emailTo = $user[0]["email"];
+	$emailSubject = "[".get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
+	
+	if ($by_username == true) { // Show only for lost password
+		$userAccountList = get_user_account_list($user, true, $by_username); // BODY
+		$emailTo = $user["email"];
+	} else {
+		$userAccountList = get_user_account_list($user, true); // BODY
+		$emailTo = $user[0]["email"];
+	}
+	
 	$secretword = get_secret_word($emailTo);
 	$emailBody = get_lang('DearUser')." :\n".get_lang("password_request")."\n\n";
 	$emailBody .= "-----------------------------------------------\n".$userAccountList."\n-----------------------------------------------\n\n";
-	$emailBody .=get_lang('PasswordEncryptedForSecurity');
-	$emailBody .="\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin');
-	$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
-    $email_admin = api_get_setting('emailAdministrator');
-
-	if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name,$email_admin)==1)
-	{
+	$emailBody .= get_lang('PasswordEncryptedForSecurity');
+	$emailBody .= "\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin');
+	$sender_name = get_setting('administratorName').' '.get_setting('administratorSurname');
+    $email_admin = get_setting('emailAdministrator');
+	
+	if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name, $email_admin) == 1) {
 		Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
-	}
-	else
-	{
-		$message = get_lang('SystemUnableToSendEmailContact') . Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
+	} else {
+		$message = get_lang('SystemUnableToSendEmailContact') . ' ' . Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
 		Display::display_error_message($message, false);
 	}
 }
@ -142,32 +179,33 @@ function get_secret_word($add)
 * Enter description here...
 * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
 */
-function reset_password($secret, $id)
+function reset_password($secret, $id, $by_username = false)
 {
-	global $your_password_has_been_reset,$userPasswordCrypted;
 	$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
-	$id = (int) $id;
+	$id = intval($id);
 	$sql = "SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, username AS loginName, password, email FROM ".$tbl_user." WHERE user_id=$id";
 	$result = Database::query($sql,__FILE__,__LINE__);
-	if ($result && mysql_num_rows($result))
-	{
-		$user[] = mysql_fetch_array($result);
-	}
-	else
-	{
+	$num_rows = Database::num_rows($result);
+	
+	if ($result && $num_rows > 0) {
+		$user = Database::fetch_array($result);
+	} else {
 		return "Could not reset password.";
 	}
-	if (get_secret_word($user[0]["email"]) == $secret) // OK, secret word is good. Now change password and mail it.
-	{
-		$user[0]["password"] = api_generate_password();
-		$crypted = $user[0]["password"];
+	
+	if (get_secret_word($user["email"]) == $secret) { // OK, secret word is good. Now change password and mail it.
+		
+		$user["password"] = api_generate_password();
+		$crypted = $user["password"];
 		$crypted = api_get_encrypted_password($crypted);
-		Database::query("UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id=$id");
-		return send_password_to_user($user, $your_password_has_been_reset);
-	}
-	else
-	{
+		$sql = "UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id=$id";
+		$result = Database::query($sql,__FILE__,__LINE__);
+		return send_password_to_user($user, $by_username);
+		
+	} else {
+		
 		return "Not allowed.";
+		
 	}
 }
-?>
+?>