| [ Index ] |
PHP Cross Reference of DokuWiki |
[Summary view] [Print] [Text view]
1 <?php 2 3 namespace dokuwiki\Action; 4 5 use dokuwiki\Ui\UserResendPwd; 6 use dokuwiki\Action\Exception\ActionAbort; 7 use dokuwiki\Action\Exception\ActionDisabledException; 8 use dokuwiki\Extension\AuthPlugin; 9 use dokuwiki\Ui; 10 11 /** 12 * Class Resendpwd 13 * 14 * Handle password recovery 15 * 16 * @package dokuwiki\Action 17 */ 18 class Resendpwd extends AbstractAclAction 19 { 20 /** @inheritdoc */ 21 public function minimumPermission() 22 { 23 return AUTH_NONE; 24 } 25 26 /** @inheritdoc */ 27 public function checkPreconditions() 28 { 29 parent::checkPreconditions(); 30 31 /** @var AuthPlugin $auth */ 32 global $auth; 33 global $conf; 34 if (isset($conf['resendpasswd']) && !$conf['resendpasswd']) 35 throw new ActionDisabledException(); //legacy option 36 if (!$auth->canDo('modPass')) throw new ActionDisabledException(); 37 } 38 39 /** @inheritdoc */ 40 public function preProcess() 41 { 42 if ($this->resendpwd()) { 43 throw new ActionAbort('login'); 44 } 45 } 46 47 /** @inheritdoc */ 48 public function tplContent() 49 { 50 (new UserResendPwd())->show(); 51 } 52 53 /** 54 * Send a new password 55 * 56 * This function handles both phases of the password reset: 57 * 58 * - handling the first request of password reset 59 * - validating the password reset auth token 60 * 61 * @author Benoit Chesneau <benoit@bchesneau.info> 62 * @author Chris Smith <chris@jalakai.co.uk> 63 * @author Andreas Gohr <andi@splitbrain.org> 64 * @fixme this should be split up into multiple methods 65 * @return bool true on success, false on any error 66 */ 67 protected function resendpwd() 68 { 69 global $lang; 70 global $conf; 71 /* @var AuthPlugin $auth */ 72 global $auth; 73 global $INPUT; 74 75 if (!actionOK('resendpwd')) { 76 msg($lang['resendna'], -1); 77 return false; 78 } 79 80 $token = preg_replace('/[^a-f0-9]+/', '', $INPUT->str('pwauth')); 81 82 if ($token) { 83 // we're in token phase - get user info from token 84 85 $tfile = $conf['cachedir'] . '/' . $token[0] . '/' . $token . '.pwauth'; 86 if (!file_exists($tfile)) { 87 msg($lang['resendpwdbadauth'], -1); 88 $INPUT->remove('pwauth'); 89 return false; 90 } 91 // token is only valid for 3 days 92 if ((time() - filemtime($tfile)) > (3 * 60 * 60 * 24)) { 93 msg($lang['resendpwdbadauth'], -1); 94 $INPUT->remove('pwauth'); 95 @unlink($tfile); 96 return false; 97 } 98 99 $user = io_readfile($tfile); 100 $userinfo = $auth->getUserData($user, $requireGroups = false); 101 if (empty($userinfo['mail'])) { 102 msg($lang['resendpwdnouser'], -1); 103 return false; 104 } 105 106 if (!$conf['autopasswd']) { // we let the user choose a password 107 $pass = $INPUT->str('pass'); 108 109 // password given correctly? 110 if (!$pass) return false; 111 if ($pass != $INPUT->str('passchk')) { 112 msg($lang['regbadpass'], -1); 113 return false; 114 } 115 116 // change it 117 if (!$auth->triggerUserMod('modify', [$user, ['pass' => $pass]])) { 118 msg($lang['proffail'], -1); 119 return false; 120 } 121 } else { // autogenerate the password and send by mail 122 $pass = auth_pwgen($user); 123 if (!$auth->triggerUserMod('modify', [$user, ['pass' => $pass]])) { 124 msg($lang['proffail'], -1); 125 return false; 126 } 127 128 if (auth_sendPassword($user, $pass)) { 129 msg($lang['resendpwdsuccess'], 1); 130 } else { 131 msg($lang['regmailfail'], -1); 132 } 133 } 134 135 @unlink($tfile); 136 return true; 137 } else { 138 // we're in request phase 139 140 if (!$INPUT->post->bool('save')) return false; 141 142 if (!$INPUT->post->str('login')) { 143 msg($lang['resendpwdmissing'], -1); 144 return false; 145 } else { 146 $user = trim($auth->cleanUser($INPUT->post->str('login'))); 147 } 148 149 $userinfo = $auth->getUserData($user, $requireGroups = false); 150 if (empty($userinfo['mail'])) { 151 msg($lang['resendpwdnouser'], -1); 152 return false; 153 } 154 155 // generate auth token 156 $token = md5(auth_randombytes(16)); // random secret 157 $tfile = $conf['cachedir'] . '/' . $token[0] . '/' . $token . '.pwauth'; 158 $url = wl('', ['do' => 'resendpwd', 'pwauth' => $token], true, '&'); 159 160 io_saveFile($tfile, $user); 161 162 $text = rawLocale('pwconfirm'); 163 $trep = [ 164 'FULLNAME' => $userinfo['name'], 165 'LOGIN' => $user, 166 'CONFIRM' => $url 167 ]; 168 169 $mail = new \Mailer(); 170 $mail->to($userinfo['name'] . ' <' . $userinfo['mail'] . '>'); 171 $mail->subject($lang['regpwmail']); 172 $mail->setBody($text, $trep); 173 if ($mail->send()) { 174 msg($lang['resendpwdconfirm'], 1); 175 } else { 176 msg($lang['regmailfail'], -1); 177 } 178 return true; 179 } 180 // never reached 181 } 182 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body