4 * Copyright (C) 2006 $ThePhpWikiProgrammingTeam
6 * This file is part of PhpWiki.
8 * PhpWiki is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * PhpWiki is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 * 1. User forgot password but has email in the prefs.
25 * => action=email&user=username will send the password per email in plaintext.
27 * If no email is stored, because user might not exist,
28 * => "No e-mail stored for user %s.
29 * You need to ask an Administrator to reset this password."
30 * Problem: How to contact Admin? Present a link to ADMIN_USER
32 * If no email exists but is not verified,
33 * => "Warning: This users email address is unverified!"
35 * 2. Admin may reset any users password, with verification.
36 * => action=reset&user=username
38 class WikiPlugin_PasswordReset
41 function getDescription()
43 return _("Allow admin to reset any users password, allow user to request his password by e-mail.");
46 function getDefaultArguments()
48 return array('user' => '');
51 /* reset password, verified */
52 private function doReset($userid)
55 $user = WikiUser($userid);
56 $prefs = $user->getPreferences();
57 $prefs->set('passwd', '');
58 if ($user->setPreferences($prefs)) {
59 $alert = new Alert(_("Message"),
60 fmt("The password for user %s has been deleted.", $userid));
62 $alert = new Alert(_("Error"),
63 fmt("The password for user %s could not be deleted.", $userid));
69 * @param WikiRequest $request
70 * @param string $userid
72 private function doEmail(&$request, $userid)
75 $thisuser = WikiUser($userid);
76 $prefs = $thisuser->getPreferences();
77 $email = $prefs->get('email');
78 $passwd = $prefs->get('passwd'); // plain?
79 $from = $request->_user->getId() . '@' . $request->get('REMOTE_HOST');
81 "[" . WIKI_NAME . "] PasswortReset",
82 "PasswortReset requested by $from\r\n" .
83 "Password for " . WIKI_NAME . ": $passwd",
86 $alert = new Alert(_("Message"),
87 fmt("E-mail sent to the stored e-mail address for user %s", $userid));
89 $alert = new Alert(_("Error"),
90 fmt("Error sending e-mail with password for user %s.", $userid));
95 * @param WikiRequest $request
96 * @param string $userid
97 * @param string $header
98 * @param string $footer
101 private function doForm(&$request, $userid = '', $header = '', $footer = '')
104 $header = HTML::p(_("Reset password of user: "),
106 HTML::input(array('type' => 'text',
112 $isadmin = $request->_user->isAdmin();
113 $footer = HTML::p(Button('submit:admin_reset[reset]',
114 $isadmin ? _("Yes") : _("Send e-mail"),
115 $isadmin ? 'wikiadmin' : 'button'),
117 Button('submit:admin_reset[cancel]', _("Cancel"), 'button'));
119 return HTML::form(array('action' => $request->getPostURL(),
122 HiddenInputs($request->getArgs(), false, array('admin_reset', 'user')),
123 ENABLE_PAGEPERM ? '' : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)),
129 * @param string $argstr
130 * @param WikiRequest $request
131 * @param string $basepage
134 function run($dbi, $argstr, &$request, $basepage)
136 $args = $this->getArgs($argstr, $request);
137 $user =& $request->_user;
138 $post_args = $request->getArg('admin_reset');
139 $userid = $args['user'];
140 if (!$userid) $userid = $request->getArg('user');
141 $isadmin = $user->isAdmin();
142 if ($request->isPost()) {
143 @$reset = $post_args['reset'];
145 return $this->doForm($request, $userid);
147 $alert = new Alert(_("Warning:"),
148 _("You need to specify the userid!"));
150 return $this->doForm($request);
152 if ($userid and !empty($post_args['verify'])) {
153 if ($user->isAdmin()) {
154 $this->doReset($userid);
157 $this->doEmail($request, $userid);
160 } elseif (empty($post_args['verify'])) {
161 //TODO: verify should check if the user exists, his prefs can be read/safed
162 // and the email is verified, even if admin.
163 $buttons = HTML::p(Button('submit:admin_reset[reset]',
164 $isadmin ? _("Yes") : _("Send e-mail"),
165 $isadmin ? 'wikiadmin' : 'button'),
167 Button('submit:admin_reset[cancel]', _("Cancel"), 'button'));
168 $header = HTML::strong(_("Verify"));
169 if (!$user->isAdmin()) {
171 if ($userid == $user->UserName() and $user->isAuthenticated()) {
172 $alert = new Alert(_("Already logged in"),
173 HTML(fmt("Changing passwords is done at "), WikiLink(_("UserPreferences"))));
177 $thisuser = WikiUser($userid);
178 $prefs = $thisuser->getPreferences();
179 $email = $prefs->get('email');
181 $alert = new Alert(_("Error"),
182 HTML(fmt("No e-mail stored for user %s.", $userid),
184 fmt("You need to ask an Administrator to reset this password. See below: "),
185 HTML::br(), WikiLink(ADMIN_USER)));
189 $verified = $thisuser->_prefs->_prefs['email']->getraw('emailVerified');
191 $header->pushContent(HTML::br(), _("Warning: This users email address is unverified!"));
193 return $this->doForm($request, $userid,
196 fmt("Do you really want to reset the password of user %s?", $userid),
197 $isadmin ? '' : _("An e-mail will be sent."),
198 HiddenInputs(array('admin_reset[verify]' => 1, 'user' => $userid)),
200 } else { // verify ok, but no userid
201 return $this->doForm($request, $userid);
204 return $this->doForm($request, $userid);
213 // c-hanging-comment-ender-p: nil
214 // indent-tabs-mode: nil