WebSVN – oidplus – Blame – /trunk/plugins/publicPages/091_forgot_password/plugin.inc.php

Rev	Author	Line No.	Line
104	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
		5	* Copyright 2019 Daniel Marschall, ViaThinkSoft
		6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
112	daniel-mar	20	if (!defined('IN_OIDPLUS')) die();
		21
104	daniel-mar	22	class OIDplusPagePublicForgotPassword extends OIDplusPagePlugin {
		23	public function type() {
		24	return 'public';
		25	}
		26
		27	public function priority() {
		28	return 91;
		29	}
		30
		31	public function action(&$handled) {
107	daniel-mar	32	if (isset($_POST["action"]) && ($_POST["action"] == "forgot_password")) {
104	daniel-mar	33	$handled = true;
		34
		35	$email = $_POST['email'];
		36
		37	if (!oidplus_valid_email($email)) {
107	daniel-mar	38	die(json_encode(array("error" => 'Invalid email address')));
104	daniel-mar	39	}
		40
		41	if (RECAPTCHA_ENABLED) {
		42	$secret=RECAPTCHA_PRIVATE;
		43	$response=$_POST["captcha"];
		44	$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");
		45	$captcha_success=json_decode($verify);
		46	if ($captcha_success->success==false) {
107	daniel-mar	47	die(json_encode(array("error" => 'Captcha wrong')));
104	daniel-mar	48	}
		49	}
		50
115	daniel-mar	51	OIDplus::logger()->log("RA($email)!", "A new password for '$email' was requested (forgot password)");
		52
104	daniel-mar	53	$timestamp = time();
		54	$activate_url = OIDplus::system_url() . '?goto='.urlencode('oidplus:reset_password$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()::makeAuthKey('reset_password;'.$email.';'.$timestamp));
		55
		56	$message = $this->getForgotPasswordText($_POST['email']);
		57	$message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message);
		58
		59	my_mail($email, OIDplus::config()->systemTitle().' - Password reset request', $message, OIDplus::config()->globalCC());
		60
107	daniel-mar	61	echo json_encode(array("status" => 0));
104	daniel-mar	62	}
		63
107	daniel-mar	64	if (isset($_POST["action"]) && ($_POST["action"] == "reset_password")) {
104	daniel-mar	65	$handled = true;
		66
		67	$password1 = $_POST['password1'];
		68	$password2 = $_POST['password2'];
		69	$email = $_POST['email'];
		70	$auth = $_POST['auth'];
		71	$timestamp = $_POST['timestamp'];
		72
		73	if (!OIDplus::authUtils()::validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {
107	daniel-mar	74	die(json_encode(array("error" => 'Invalid auth key')));
104	daniel-mar	75	}
		76
		77	if ((OIDplus::config()->getValue('max_ra_pwd_reset_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_pwd_reset_time'))) {
107	daniel-mar	78	die(json_encode(array("error" => 'Invitation expired!')));
104	daniel-mar	79	}
		80
		81	if ($password1 !== $password2) {
107	daniel-mar	82	die(json_encode(array("error" => 'Passwords are not equal')));
104	daniel-mar	83	}
		84
		85	if (strlen($password1) < OIDplus::config()->minRaPasswordLength()) {
107	daniel-mar	86	die(json_encode(array("error" => 'Password is too short. Minimum password length: '.OIDplus::config()->minRaPasswordLength())));
104	daniel-mar	87	}
		88
115	daniel-mar	89	OIDplus::logger()->log("RA($email)!", "RA '$email' has reset his password (forgot passwort)");
		90
104	daniel-mar	91	$ra = new OIDplusRA($email);
		92	$ra->change_password($password1);
		93
107	daniel-mar	94	echo json_encode(array("status" => 0));
104	daniel-mar	95	}
		96	}
		97
		98	public function init($html=true) {
		99	OIDplus::config()->prepareConfigKey('max_ra_pwd_reset_time', 'Max RA password reset time in seconds (0 = infinite)', '0', 0, 1);
		100	}
		101
		102	public function cfgSetValue($name, $value) {
		103	if ($name == 'max_ra_pwd_reset_time') {
		104	if (!is_numeric($value) \|\| ($value < 0)) {
		105	throw new Exception("Please enter a valid value.");
		106	}
		107	}
		108	}
		109
		110	public function gui($id, &$out, &$handled) {
		111	if (explode('$',$id)[0] == 'oidplus:forgot_password') {
		112	$handled = true;
		113
		114	$out['title'] = 'Forgot password';
148	daniel-mar	115	$out['icon'] = 'plugins/'.basename(dirname(__DIR__)).'/'.basename(__DIR__).'/forgot_password_big.png';
104	daniel-mar	116
		117	try {
		118	$out['text'] .= '<p>Please enter the email address of your account, and information about the password reset will be sent to you.</p>
		119	<form id="forgotPasswordForm" onsubmit="return forgotPasswordFormOnSubmit();">
		120	E-Mail: <input type="text" id="email" value=""/><br><br>'.
		121	(RECAPTCHA_ENABLED ? '<script> grecaptcha.render(document.getElementById("g-recaptcha"), { "sitekey" : "'.RECAPTCHA_PUBLIC.'" }); </script>'.
		122	'<div id="g-recaptcha" class="g-recaptcha" data-sitekey="'.RECAPTCHA_PUBLIC.'"></div>' : '').
		123	' <br>
		124	<input type="submit" value="Send recovery information">
		125	</form>';
		126
		127	} catch (Exception $e) {
		128
		129	$out['icon'] = 'img/error_big.png';
		130	$out['text'] = "Error: ".$e->getMessage();
		131
		132	}
		133	} else if (explode('$',$id)[0] == 'oidplus:reset_password') {
		134	$handled = true;
		135
		136	$email = explode('$',$id)[1];
		137	$timestamp = explode('$',$id)[2];
		138	$auth = explode('$',$id)[3];
		139
		140	$out['title'] = 'Reset password';
148	daniel-mar	141	$out['icon'] = 'plugins/'.basename(dirname(__DIR__)).'/'.basename(__DIR__).'/reset_password_big.png';
104	daniel-mar	142
		143	if (!OIDplus::authUtils()::validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {
		144	$out['icon'] = 'img/error_big.png';
		145	$out['text'] = 'Invalid authorization. Is the URL OK?';
		146	} else {
		147	$out['text'] = '<p>E-Mail-Adress: <b>'.$email.'</b></p>
		148
		149	<form id="resetPasswordForm" onsubmit="return resetPasswordFormOnSubmit();">
		150	<input type="hidden" id="email" value="'.htmlentities($email).'"/>
		151	<input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/>
		152	<input type="hidden" id="auth" value="'.htmlentities($auth).'"/>
		153	<label class="padding_label">New password:</label><input type="password" id="password1" value=""/><br><br>
		154	<label class="padding_label">Again:</label><input type="password" id="password2" value=""/><br><br>
		155	<input type="submit" value="Change password">
		156	</form>';
		157	}
		158	}
		159	}
		160
106	daniel-mar	161	public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {
104	daniel-mar	162	return false;
		163	}
		164
		165	private function getForgotPasswordText($email) {
150	daniel-mar	166	$res = OIDplus::db()->query("select * from ".OIDPLUS_TABLENAME_PREFIX."ra where email = ?", array($email));
104	daniel-mar	167	if (OIDplus::db()->num_rows($res) == 0) {
		168	throw new Exception("This RA does not exist.");
		169	}
		170
108	daniel-mar	171	$message = file_get_contents(__DIR__ . '/forgot_password.tpl');
104	daniel-mar	172
		173	// Resolve stuff
		174	$message = str_replace('{{SYSTEM_URL}}', OIDplus::system_url(), $message);
		175	$message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message);
		176
107	daniel-mar	177	// {{ACTIVATE_URL}} will be resolved in ajax.php
104	daniel-mar	178
		179	return $message;
		180	}
108	daniel-mar	181
		182	public function tree_search($request) {
		183	return false;
		184	}
104	daniel-mar	185	}
		186
		187	OIDplus::registerPagePlugin(new OIDplusPagePublicForgotPassword());

Subversion Repositories oidplus

oidplus/trunk/plugins/publicPages/091_forgot_password/plugin.inc.php – Rev 150