WebSVN – oidplus – Diff – /trunk/plugins/publicPages/091_forgot_password/OIDplusPagePublicForgotPassword.class.php


<?php
 
/*
 * OIDplus 2.0
 * Copyright 2019 Daniel Marschall, ViaThinkSoft
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
class OIDplusPagePublicForgotPassword extends OIDplusPagePluginPublic {
 
        public function action(&$handled) {
                if (isset($_POST["action"]) && ($_POST["action"] == "forgot_password")) {
                        $handled = true;
 
                        $email = $_POST['email'];
 
                        if (!OIDplus::mailUtils()->validMailAddress($email)) {
                                throw new OIDplusException('Invalid email address');
                        }
 
                        if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false)) {
                                $secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', '');
                                $response=$_POST["captcha"];
                                $verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");
                                $captcha_success=json_decode($verify);
                                if ($captcha_success->success==false) {
                                        throw new OIDplusException('Captcha wrong');
                                }
                        }
 
                        OIDplus::logger()->log("RA($email)!", "A new password for '$email' was requested (forgot password)");
 
                        $timestamp = time();
                        $activate_url = OIDplus::getSystemUrl() . '?goto='.urlencode('oidplus:reset_password$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()::makeAuthKey('reset_password;'.$email.';'.$timestamp));
 
                        $message = $this->getForgotPasswordText($_POST['email']);
                        $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message);
 
                        OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Password reset request', $message, OIDplus::config()->getValue('global_cc'));
 
                        echo json_encode(array("status" => 0));
                }
 
                if (isset($_POST["action"]) && ($_POST["action"] == "reset_password")) {
                        $handled = true;
 
                        $password1 = $_POST['password1'];
                        $password2 = $_POST['password2'];
                        $email = $_POST['email'];
                        $auth = $_POST['auth'];
                        $timestamp = $_POST['timestamp'];
 
                        if (!OIDplus::authUtils()::validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {
                                throw new OIDplusException('Invalid auth key');
                        }
 
                        if ((OIDplus::config()->getValue('max_ra_pwd_reset_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_pwd_reset_time'))) {
                                throw new OIDplusException('Invitation expired!');
                        }
 
                        if ($password1 !== $password2) {
                                throw new OIDplusException('Passwords are not equal');
                        }
 
                        if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) {
                                throw new OIDplusException('Password is too short. Minimum password length: '.OIDplus::config()->getValue('ra_min_password_length'));
                        }
 
                        OIDplus::logger()->log("RA($email)!", "RA '$email' has reset his password (forgot passwort)");
 
                        $ra = new OIDplusRA($email);
                        $ra->change_password($password1);
 
                        echo json_encode(array("status" => 0));
                }
        }
 
        public function init($html=true) {
                OIDplus::config()->prepareConfigKey('max_ra_pwd_reset_time', 'Max RA password reset time in seconds (0 = infinite)', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
                        if (!is_numeric($value) || ($value < 0)) {
                                throw new OIDplusException("Please enter a valid value.");
                        }
                });
        }
 
        public function gui($id, &$out, &$handled) {
                if (explode('$',$id)[0] == 'oidplus:forgot_password') {
                        $handled = true;
 
                        $out['title'] = 'Forgot password';
                        $out['icon'] = OIDplus::webpath(__DIR__).'forgot_password_big.png';
 
                        try {
                                $out['text'] .= '<p>Please enter the email address of your account, and information about the password reset will be sent to you.</p>
                                  <form id="forgotPasswordForm" onsubmit="return forgotPasswordFormOnSubmit();">
                                    E-Mail: <input type="text" id="email" value=""/><br><br>'.
                                 (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false) ?
                                 '<script> grecaptcha.render(document.getElementById("g-recaptcha"), { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'.
                                 '<div id="g-recaptcha" class="g-recaptcha" data-sitekey="'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'"></div>' : '').
                                ' <br>
                                    <input type="submit" value="Send recovery information">
                                  </form>';
 
                        } catch (Exception $e) {
 
                                $out['icon'] = 'img/error_big.png';
                                $out['text'] = '<p>Error: '.htmlentities($e->getMessage()).'</p>';
 
                        }
                } else if (explode('$',$id)[0] == 'oidplus:reset_password') {
                        $handled = true;
 
                        $email = explode('$',$id)[1];
                        $timestamp = explode('$',$id)[2];
                        $auth = explode('$',$id)[3];
 
                        $out['title'] = 'Reset password';
                        $out['icon'] = OIDplus::webpath(__DIR__).'reset_password_big.png';
 
                        if (!OIDplus::authUtils()::validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {
                                $out['icon'] = 'img/error_big.png';
                                $out['text'] = 'Invalid authorization. Is the URL OK?';
                        } else {
                                $out['text'] = '<p>E-Mail-Adress: <b>'.$email.'</b></p>
 
                                  <form id="resetPasswordForm" onsubmit="return resetPasswordFormOnSubmit();">
                                    <input type="hidden" id="email" value="'.htmlentities($email).'"/>
                                    <input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/>
                                    <input type="hidden" id="auth" value="'.htmlentities($auth).'"/>
                                    <div><label class="padding_label">New password:</label><input type="password" id="password1" value=""/></div>
                                    <div><label class="padding_label">Repeat:</label><input type="password" id="password2" value=""/></div>
                                    <br><input type="submit" value="Change password">
                                  </form>';
                        }
                }
        }
 
        public function publicSitemap(&$out) {
                $out[] = OIDplus::getSystemUrl().'?goto=oidplus:forgot_password';
        }
 
        public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {
                return false;
        }
 
        private function getForgotPasswordText($email) {
                $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email));
                if ($res->num_rows() == 0) {
                        throw new OIDplusException("This RA does not exist.");
                }
 
                $message = file_get_contents(__DIR__ . '/forgot_password.tpl');
 
                // Resolve stuff
                $message = str_replace('{{SYSTEM_URL}}', OIDplus::getSystemUrl(), $message);
                $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message);
 
                // {{ACTIVATE_URL}} will be resolved in ajax.php
 
                return $message;
        }
 
        public function tree_search($request) {
                return false;
        }
}
 

Subversion Repositories oidplus

oidplus/trunk/plugins/publicPages/091_forgot_password/OIDplusPagePublicForgotPassword.class.php – Rev 279 → 282

Rev 279		Rev 282
1	<?php	1	<?php
2		2
3	/*	3	/*
4	* OIDplus 2.0	4	* OIDplus 2.0
5	* Copyright 2019 Daniel Marschall, ViaThinkSoft	5	* Copyright 2019 Daniel Marschall, ViaThinkSoft
6	*	6	*
7	* Licensed under the Apache License, Version 2.0 (the "License");	7	* Licensed under the Apache License, Version 2.0 (the "License");
8	* you may not use this file except in compliance with the License.	8	* you may not use this file except in compliance with the License.
9	* You may obtain a copy of the License at	9	* You may obtain a copy of the License at
10	*	10	*
11	* http://www.apache.org/licenses/LICENSE-2.0	11	* http://www.apache.org/licenses/LICENSE-2.0
12	*	12	*
13	* Unless required by applicable law or agreed to in writing, software	13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS,	14	* distributed under the License is distributed on an "AS IS" BASIS,
15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.	15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and	16	* See the License for the specific language governing permissions and
17	* limitations under the License.	17	* limitations under the License.
18	*/	18	*/
19		19
20	class OIDplusPagePublicForgotPassword extends OIDplusPagePluginPublic {	20	class OIDplusPagePublicForgotPassword extends OIDplusPagePluginPublic {
21		21
22	public function action(&$handled) {	22	public function action(&$handled) {
23	if (isset($_POST["action"]) && ($_POST["action"] == "forgot_password")) {	23	if (isset($_POST["action"]) && ($_POST["action"] == "forgot_password")) {
24	$handled = true;	24	$handled = true;
25		25
26	$email = $_POST['email'];	26	$email = $_POST['email'];
27		27
28	if (!OIDplus::mailUtils()->validMailAddress($email)) {	28	if (!OIDplus::mailUtils()->validMailAddress($email)) {
29	throw new OIDplusException('Invalid email address');	29	throw new OIDplusException('Invalid email address');
30	}	30	}
31		31
32	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false)) {	32	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false)) {
33	$secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', '');	33	$secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', '');
34	$response=$_POST["captcha"];	34	$response=$_POST["captcha"];
35	$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");	35	$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");
36	$captcha_success=json_decode($verify);	36	$captcha_success=json_decode($verify);
37	if ($captcha_success->success==false) {	37	if ($captcha_success->success==false) {
38	throw new OIDplusException('Captcha wrong');	38	throw new OIDplusException('Captcha wrong');
39	}	39	}
40	}	40	}
41		41
42	OIDplus::logger()->log("RA($email)!", "A new password for '$email' was requested (forgot password)");	42	OIDplus::logger()->log("RA($email)!", "A new password for '$email' was requested (forgot password)");
43		43
44	$timestamp = time();	44	$timestamp = time();
45	$activate_url = OIDplus::getSystemUrl() . '?goto='.urlencode('oidplus:reset_password$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()::makeAuthKey('reset_password;'.$email.';'.$timestamp));	45	$activate_url = OIDplus::getSystemUrl() . '?goto='.urlencode('oidplus:reset_password$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()::makeAuthKey('reset_password;'.$email.';'.$timestamp));
46		46
47	$message = $this->getForgotPasswordText($_POST['email']);	47	$message = $this->getForgotPasswordText($_POST['email']);
48	$message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message);	48	$message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message);
49		49
50	OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Password reset request', $message, OIDplus::config()->getValue('global_cc'));	50	OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Password reset request', $message, OIDplus::config()->getValue('global_cc'));
51		51
52	echo json_encode(array("status" => 0));	52	echo json_encode(array("status" => 0));
53	}	53	}
54		54
55	if (isset($_POST["action"]) && ($_POST["action"] == "reset_password")) {	55	if (isset($_POST["action"]) && ($_POST["action"] == "reset_password")) {
56	$handled = true;	56	$handled = true;
57		57
58	$password1 = $_POST['password1'];	58	$password1 = $_POST['password1'];
59	$password2 = $_POST['password2'];	59	$password2 = $_POST['password2'];
60	$email = $_POST['email'];	60	$email = $_POST['email'];
61	$auth = $_POST['auth'];	61	$auth = $_POST['auth'];
62	$timestamp = $_POST['timestamp'];	62	$timestamp = $_POST['timestamp'];
63		63
64	if (!OIDplus::authUtils()::validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {	64	if (!OIDplus::authUtils()::validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {
65	throw new OIDplusException('Invalid auth key');	65	throw new OIDplusException('Invalid auth key');
66	}	66	}
67		67
68	if ((OIDplus::config()->getValue('max_ra_pwd_reset_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_pwd_reset_time'))) {	68	if ((OIDplus::config()->getValue('max_ra_pwd_reset_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_pwd_reset_time'))) {
69	throw new OIDplusException('Invitation expired!');	69	throw new OIDplusException('Invitation expired!');
70	}	70	}
71		71
72	if ($password1 !== $password2) {	72	if ($password1 !== $password2) {
73	throw new OIDplusException('Passwords are not equal');	73	throw new OIDplusException('Passwords are not equal');
74	}	74	}
75		75
76	if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) {	76	if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) {
77	throw new OIDplusException('Password is too short. Minimum password length: '.OIDplus::config()->getValue('ra_min_password_length'));	77	throw new OIDplusException('Password is too short. Minimum password length: '.OIDplus::config()->getValue('ra_min_password_length'));
78	}	78	}
79		79
80	OIDplus::logger()->log("RA($email)!", "RA '$email' has reset his password (forgot passwort)");	80	OIDplus::logger()->log("RA($email)!", "RA '$email' has reset his password (forgot passwort)");
81		81
82	$ra = new OIDplusRA($email);	82	$ra = new OIDplusRA($email);
83	$ra->change_password($password1);	83	$ra->change_password($password1);
84		84
85	echo json_encode(array("status" => 0));	85	echo json_encode(array("status" => 0));
86	}	86	}
87	}	87	}
88		88
89	public function init($html=true) {	89	public function init($html=true) {
90	OIDplus::config()->prepareConfigKey('max_ra_pwd_reset_time', 'Max RA password reset time in seconds (0 = infinite)', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {	90	OIDplus::config()->prepareConfigKey('max_ra_pwd_reset_time', 'Max RA password reset time in seconds (0 = infinite)', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
91	if (!is_numeric($value) \|\| ($value < 0)) {	91	if (!is_numeric($value) \|\| ($value < 0)) {
92	throw new OIDplusException("Please enter a valid value.");	92	throw new OIDplusException("Please enter a valid value.");
93	}	93	}
94	});	94	});
95	}	95	}
96		96
97	public function gui($id, &$out, &$handled) {	97	public function gui($id, &$out, &$handled) {
98	if (explode('$',$id)[0] == 'oidplus:forgot_password') {	98	if (explode('$',$id)[0] == 'oidplus:forgot_password') {
99	$handled = true;	99	$handled = true;
100		100
101	$out['title'] = 'Forgot password';	101	$out['title'] = 'Forgot password';
102	$out['icon'] = OIDplus::webpath(__DIR__).'forgot_password_big.png';	102	$out['icon'] = OIDplus::webpath(__DIR__).'forgot_password_big.png';
103		103
104	try {	104	try {
105	$out['text'] .= '<p>Please enter the email address of your account, and information about the password reset will be sent to you.</p>	105	$out['text'] .= '<p>Please enter the email address of your account, and information about the password reset will be sent to you.</p>
106	<form id="forgotPasswordForm" onsubmit="return forgotPasswordFormOnSubmit();">	106	<form id="forgotPasswordForm" onsubmit="return forgotPasswordFormOnSubmit();">
107	E-Mail: <input type="text" id="email" value=""/><br><br>'.	107	E-Mail: <input type="text" id="email" value=""/><br><br>'.
108	(OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false) ?	108	(OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false) ?
109	'<script> grecaptcha.render(document.getElementById("g-recaptcha"), { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'.	109	'<script> grecaptcha.render(document.getElementById("g-recaptcha"), { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'.
110	'<div id="g-recaptcha" class="g-recaptcha" data-sitekey="'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'"></div>' : '').	110	'<div id="g-recaptcha" class="g-recaptcha" data-sitekey="'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'"></div>' : '').
111	' <br>	111	' <br>
112	<input type="submit" value="Send recovery information">	112	<input type="submit" value="Send recovery information">
113	</form>';	113	</form>';
114		114
115	} catch (Exception $e) {	115	} catch (Exception $e) {
116		116
117	$out['icon'] = 'img/error_big.png';	117	$out['icon'] = 'img/error_big.png';
118	$out['text'] = '<p>Error: '.htmlentities($e->getMessage()).'</p>';	118	$out['text'] = '<p>Error: '.htmlentities($e->getMessage()).'</p>';
119		119
120	}	120	}
121	} else if (explode('$',$id)[0] == 'oidplus:reset_password') {	121	} else if (explode('$',$id)[0] == 'oidplus:reset_password') {
122	$handled = true;	122	$handled = true;
123		123
124	$email = explode('$',$id)[1];	124	$email = explode('$',$id)[1];
125	$timestamp = explode('$',$id)[2];	125	$timestamp = explode('$',$id)[2];
126	$auth = explode('$',$id)[3];	126	$auth = explode('$',$id)[3];
127		127
128	$out['title'] = 'Reset password';	128	$out['title'] = 'Reset password';
129	$out['icon'] = OIDplus::webpath(__DIR__).'reset_password_big.png';	129	$out['icon'] = OIDplus::webpath(__DIR__).'reset_password_big.png';
130		130
131	if (!OIDplus::authUtils()::validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {	131	if (!OIDplus::authUtils()::validateAuthKey('reset_password;'.$email.';'.$timestamp, $auth)) {
132	$out['icon'] = 'img/error_big.png';	132	$out['icon'] = 'img/error_big.png';
133	$out['text'] = 'Invalid authorization. Is the URL OK?';	133	$out['text'] = 'Invalid authorization. Is the URL OK?';
134	} else {	134	} else {
135	$out['text'] = '<p>E-Mail-Adress: <b>'.$email.'</b></p>	135	$out['text'] = '<p>E-Mail-Adress: <b>'.$email.'</b></p>
136		136
137	<form id="resetPasswordForm" onsubmit="return resetPasswordFormOnSubmit();">	137	<form id="resetPasswordForm" onsubmit="return resetPasswordFormOnSubmit();">
138	<input type="hidden" id="email" value="'.htmlentities($email).'"/>	138	<input type="hidden" id="email" value="'.htmlentities($email).'"/>
139	<input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/>	139	<input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/>
140	<input type="hidden" id="auth" value="'.htmlentities($auth).'"/>	140	<input type="hidden" id="auth" value="'.htmlentities($auth).'"/>
141	<div><label class="padding_label">New password:</label><input type="password" id="password1" value=""/></div>	141	<div><label class="padding_label">New password:</label><input type="password" id="password1" value=""/></div>
142	<div><label class="padding_label">Repeat:</label><input type="password" id="password2" value=""/></div>	142	<div><label class="padding_label">Repeat:</label><input type="password" id="password2" value=""/></div>
143	<br><input type="submit" value="Change password">	143	<br><input type="submit" value="Change password">
144	</form>';	144	</form>';
145	}	145	}
146	}	146	}
147	}	147	}
148		148
-		149	public function publicSitemap(&$out) {
-		150	$out[] = OIDplus::getSystemUrl().'?goto=oidplus:forgot_password';
-		151	}
-		152
149	public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {	153	public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {
150	return false;	154	return false;
151	}	155	}
152		156
153	private function getForgotPasswordText($email) {	157	private function getForgotPasswordText($email) {
154	$res = OIDplus::db()->query("select * from ###ra where email = ?", array($email));	158	$res = OIDplus::db()->query("select * from ###ra where email = ?", array($email));
155	if ($res->num_rows() == 0) {	159	if ($res->num_rows() == 0) {
156	throw new OIDplusException("This RA does not exist.");	160	throw new OIDplusException("This RA does not exist.");
157	}	161	}
158		162
159	$message = file_get_contents(__DIR__ . '/forgot_password.tpl');	163	$message = file_get_contents(__DIR__ . '/forgot_password.tpl');
160		164
161	// Resolve stuff	165	// Resolve stuff
162	$message = str_replace('{{SYSTEM_URL}}', OIDplus::getSystemUrl(), $message);	166	$message = str_replace('{{SYSTEM_URL}}', OIDplus::getSystemUrl(), $message);
163	$message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message);	167	$message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message);
164		168
165	// {{ACTIVATE_URL}} will be resolved in ajax.php	169	// {{ACTIVATE_URL}} will be resolved in ajax.php
166		170
167	return $message;	171	return $message;
168	}	172	}
169		173
170	public function tree_search($request) {	174	public function tree_search($request) {
171	return false;	175	return false;
172	}	176	}
173	}	177	}
174		178