1<?php
2/**
3 * Copyright 2004-2017 Horde LLC (http://www.horde.org/)
4 *
5 * See the enclosed file COPYING for license information (LGPL-2). If you
6 * did not receive this file, see http://www.horde.org/licenses/lgpl.
7 *
8 * @author Marko Djukic <marko@oblo.com>
9 * @category Horde
10 * @license  http://www.horde.org/licenses/lgpl LGPL-2
11 * @package  Horde
12 */
13
14require_once __DIR__ . '/../lib/Application.php';
15Horde_Registry::appInit('horde', array('authentication' => 'none'));
16
17$vars = $injector->getInstance('Horde_Variables');
18
19// Make sure auth backend allows passwords to be reset.
20$auth = $injector->getInstance('Horde_Core_Factory_Auth')->create();
21if (empty($conf['auth']['resetpassword']) ||
22    !$auth->hasCapability('resetpassword')) {
23    $notification->push(_("Cannot reset password automatically, contact your administrator."), 'horde.error');
24    $registry->getServiceLink('login')->add('url', $vars->url)->redirect();
25}
26
27$title = _("Reset your password");
28$form = new Horde_Form($vars, $title);
29$form->setButtons(_("Continue"));
30
31/* Set up the fields for the username and alternate email. */
32$form->addHidden('', 'url', 'text', false);
33$v = $form->addVariable(_("Username"), 'username', 'text', true);
34$v->setOption('trackchange', true);
35$form->addVariable(_("Alternate email address"), 'email', 'email', true);
36$can_validate = false;
37
38/* If a username has been supplied try fetching the prefs stored info. */
39if ($username = $vars->get('username')) {
40    $username = $registry->convertUsername($username, true);
41    $prefs = $injector->getInstance('Horde_Core_Factory_Prefs')->create('horde', array(
42        'cache' => false,
43        'user' => $username
44    ));
45    $email = $prefs->getValue('alternate_email');
46    /* Does the alternate email stored in prefs match the one submitted? */
47    if ($vars->get('email') == $email) {
48        $can_validate = true;
49        $form->setButtons(_("Reset Password"));
50        $question = $prefs->getValue('security_question');
51        $form->addVariable($question, 'question', 'description', false);
52        $form->addVariable(_("Answer"), 'answer', 'text', true);
53        if (!$question) {
54            $notification->push(_("No security question has been set. Please contact your administrator."), 'horde.error');
55            $registry->getServiceLink('login')->add('url', $vars->url)->redirect();
56        }
57    } else {
58        $notification->push(_("Incorrect username or alternate address. Try again or contact your administrator if you need further help."), 'horde.error');
59    }
60}
61
62/* Validate the form. */
63if ($can_validate && $form->validate($vars)) {
64    $form->getInfo($vars, $info);
65
66    /* Fetch values from prefs for selected user. */
67    $answer = $prefs->getValue('security_answer');
68
69    /* Check the given values witht the prefs stored ones. */
70    if ($email == $info['email'] &&
71        strtolower($answer) == strtolower($info['answer'])) {
72        /* Info matches, so reset the password. */
73        try {
74            $password = $auth->resetPassword($info['username']);
75            $success = true;
76        } catch (Horde_Exception $e) {
77            $notification->push($e);
78            $success = false;
79        }
80
81        $mail = new Horde_Mime_Mail(array(
82            'body' => sprintf(_("Your new password for %s is: %s"),
83                        $registry->get('name', 'horde'),
84                        $password
85                      ),
86            'charset' => 'UTF-8',
87            'From' => empty($conf['auth']['resetpassword_from']) ? $email : $conf['auth']['resetpassword_from'],
88            'To' => $email,
89            'Subject' => _("Your password has been reset")
90        ));
91
92        try {
93            $mail->send($injector->getInstance('Horde_Mail'));
94            $notification->push(_("Your password has been reset, check your email and log in with your new password."), 'horde.success');
95            $registry->getServiceLink('login')->add('url', $info['url'])->redirect();
96            exit;
97        } catch (Horde_Exception $e) {
98            Horde::log($e, 'ERR');
99            $notification->push(_("Your password has been reset, but couldn't be sent to you. Please contact the administrator."), 'horde.error');
100        }
101    } else {
102        /* Info submitted does not match what is in prefs, redirect user back
103         * to login. */
104        $notification->push(_("Could not reset the password for the requested user. Some or all of the details are not correct. Try again or contact your administrator if you need further help."), 'horde.error');
105    }
106}
107
108$renderer = new Horde_Core_Ui_ModalFormRenderer();
109
110$page_output->topbar = $page_output->sidebar = false;
111
112$page_output->header(array(
113    'body_class' => 'modal-form',
114    'title' => $title
115));
116require $registry->get('templates', 'horde') . '/login/resetpassword.inc';
117$page_output->footer();
118