1<?php 2/** 3 * Copyright 2004-2017 Horde LLC (http://www.horde.org/) 4 * 5 * See the enclosed file COPYING for license information (LGPL-2). If you 6 * did not receive this file, see http://www.horde.org/licenses/lgpl. 7 * 8 * @author Marko Djukic <marko@oblo.com> 9 * @category Horde 10 * @license http://www.horde.org/licenses/lgpl LGPL-2 11 * @package Horde 12 */ 13 14require_once __DIR__ . '/../lib/Application.php'; 15Horde_Registry::appInit('horde', array('authentication' => 'none')); 16 17$vars = $injector->getInstance('Horde_Variables'); 18 19// Make sure auth backend allows passwords to be reset. 20$auth = $injector->getInstance('Horde_Core_Factory_Auth')->create(); 21if (empty($conf['auth']['resetpassword']) || 22 !$auth->hasCapability('resetpassword')) { 23 $notification->push(_("Cannot reset password automatically, contact your administrator."), 'horde.error'); 24 $registry->getServiceLink('login')->add('url', $vars->url)->redirect(); 25} 26 27$title = _("Reset your password"); 28$form = new Horde_Form($vars, $title); 29$form->setButtons(_("Continue")); 30 31/* Set up the fields for the username and alternate email. */ 32$form->addHidden('', 'url', 'text', false); 33$v = $form->addVariable(_("Username"), 'username', 'text', true); 34$v->setOption('trackchange', true); 35$form->addVariable(_("Alternate email address"), 'email', 'email', true); 36$can_validate = false; 37 38/* If a username has been supplied try fetching the prefs stored info. */ 39if ($username = $vars->get('username')) { 40 $username = $registry->convertUsername($username, true); 41 $prefs = $injector->getInstance('Horde_Core_Factory_Prefs')->create('horde', array( 42 'cache' => false, 43 'user' => $username 44 )); 45 $email = $prefs->getValue('alternate_email'); 46 /* Does the alternate email stored in prefs match the one submitted? */ 47 if ($vars->get('email') == $email) { 48 $can_validate = true; 49 $form->setButtons(_("Reset Password")); 50 $question = $prefs->getValue('security_question'); 51 $form->addVariable($question, 'question', 'description', false); 52 $form->addVariable(_("Answer"), 'answer', 'text', true); 53 if (!$question) { 54 $notification->push(_("No security question has been set. Please contact your administrator."), 'horde.error'); 55 $registry->getServiceLink('login')->add('url', $vars->url)->redirect(); 56 } 57 } else { 58 $notification->push(_("Incorrect username or alternate address. Try again or contact your administrator if you need further help."), 'horde.error'); 59 } 60} 61 62/* Validate the form. */ 63if ($can_validate && $form->validate($vars)) { 64 $form->getInfo($vars, $info); 65 66 /* Fetch values from prefs for selected user. */ 67 $answer = $prefs->getValue('security_answer'); 68 69 /* Check the given values witht the prefs stored ones. */ 70 if ($email == $info['email'] && 71 strtolower($answer) == strtolower($info['answer'])) { 72 /* Info matches, so reset the password. */ 73 try { 74 $password = $auth->resetPassword($info['username']); 75 $success = true; 76 } catch (Horde_Exception $e) { 77 $notification->push($e); 78 $success = false; 79 } 80 81 $mail = new Horde_Mime_Mail(array( 82 'body' => sprintf(_("Your new password for %s is: %s"), 83 $registry->get('name', 'horde'), 84 $password 85 ), 86 'charset' => 'UTF-8', 87 'From' => empty($conf['auth']['resetpassword_from']) ? $email : $conf['auth']['resetpassword_from'], 88 'To' => $email, 89 'Subject' => _("Your password has been reset") 90 )); 91 92 try { 93 $mail->send($injector->getInstance('Horde_Mail')); 94 $notification->push(_("Your password has been reset, check your email and log in with your new password."), 'horde.success'); 95 $registry->getServiceLink('login')->add('url', $info['url'])->redirect(); 96 exit; 97 } catch (Horde_Exception $e) { 98 Horde::log($e, 'ERR'); 99 $notification->push(_("Your password has been reset, but couldn't be sent to you. Please contact the administrator."), 'horde.error'); 100 } 101 } else { 102 /* Info submitted does not match what is in prefs, redirect user back 103 * to login. */ 104 $notification->push(_("Could not reset the password for the requested user. Some or all of the details are not correct. Try again or contact your administrator if you need further help."), 'horde.error'); 105 } 106} 107 108$renderer = new Horde_Core_Ui_ModalFormRenderer(); 109 110$page_output->topbar = $page_output->sidebar = false; 111 112$page_output->header(array( 113 'body_class' => 'modal-form', 114 'title' => $title 115)); 116require $registry->get('templates', 'horde') . '/login/resetpassword.inc'; 117$page_output->footer(); 118