lib/plugin/PasswordReset.php

   1 <?php // -*-php-*-
   2 rcs_id('$Id: PasswordReset.php,v 1.3 2006-08-25 22:13:56 rurban Exp $');
   3 /**
   4  Copyright (C) 2006 $ThePhpWikiProgrammingTeam
   5
   6  This file is part of PhpWiki.
   7
   8  PhpWiki is free software; you can redistribute it and/or modify
   9  it under the terms of the GNU General Public License as published by
  10  the Free Software Foundation; either version 2 of the License, or
  11  (at your option) any later version.
  12
  13  PhpWiki is distributed in the hope that it will be useful,
  14  but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  GNU General Public License for more details.
  17
  18  You should have received a copy of the GNU General Public License
  19  along with PhpWiki; if not, write to the Free Software
  20  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  21  */
  22
  23 /**
  24  * 1. User forgot password but has email in the prefs.
  25  *    => action=email&user=username will send the password per email in plaintext.
  26  *
  27  *    If no email is stored, because user might not exist,
  28  *    => "No email stored for user %s.
  29  *        You need to ask an Administrator to reset this password."
  30  *       Problem: How to contact Admin? Present a link to ADMIN_USER
  31
  32  *    If no email exists but is not verified,
  33  *    => "Warning: This users email address is unverified!"
  34  *
  35  * 2. Admin may reset any users password, with verification.
  36  *    => action=reset&user=username
  37  */
  38 class WikiPlugin_PasswordReset
  39 extends WikiPlugin
  40 {
  41     function getName () {
  42         return _("PasswordReset");
  43     }
  44
  45     function getVersion() {
  46         return preg_replace("/[Revision: $]/", '',
  47                             "\$Revision: 1.3 $");
  48     }
  49
  50     function getDefaultArguments() {
  51         return array('user' => 0);
  52     }
  53
  54     /* reset password, verified */
  55     function doReset($userid) {
  56
  57         $user = WikiUser($userid);
  58         $prefs = $user->getPreferences();
  59         $prefs->set('passwd','');
  60         if ($user->setPreferences($prefs)) {
  61             $alert = new Alert(_("Message"),
  62                                fmt("The password for user %s has been deleted.", $userid));
  63         } else {
  64             $alert = new Alert(_("Error"),
  65                                fmt("The password for user %s could not be deleted.", $userid));
  66         }
  67         $alert->show();
  68     }
  69
  70     function doEmail(&$request, $userid) {
  71
  72         $thisuser = WikiUser($userid);
  73         $prefs = $thisuser->getPreferences();
  74         $email = $prefs->get('email');
  75         $passwd = $prefs->get('passwd'); // plain?
  76         $from = $request->_user->getId() . '@' .  $request->get('REMOTE_HOST');
  77         if (mail($email,
  78                  "[".WIKI_NAME."] PasswortReset",
  79                  "PasswortReset requested by $from\r\n".
  80                  "Password for ".WIKI_NAME.": $passwd",
  81                  "From: $from"))
  82             $alert = new Alert(_("Message"),
  83                                fmt("Email sent to the stored email address for user %s", $userid));
  84         else
  85             $alert = new Alert(_("Error"),
  86                                fmt("Error sending email with password for user %s.", $userid));
  87         $alert->show();
  88     }
  89
  90     function doForm(&$request, $header = '', $footer = '') {
  91         $post_args = $request->getArg('admin_reset');
  92         $userid = $request->getArg('user');
  93         if (!$header) {
  94             $header = HTML::p(_("Reset password of user: "),
  95                               HTML::Raw('&nbsp;'),
  96                               HTML::input(array('type' => 'text',
  97                                                 'name' => "user",
  98                                                 'value' => $userid))
  99                               );
 100         }
 101         if (!$footer) {
 102             $isadmin = $request->_user->isAdmin();
 103             $footer = HTML::p(Button('submit:admin_reset[reset]',
 104                                       $isadmin ? _("Yes") : _("Send email"),
 105                                       $isadmin ? 'wikiadmin' : 'button'),
 106                                HTML::Raw('&nbsp;'),
 107                                Button('submit:admin_reset[cancel]', _("Cancel"), 'button'));
 108         }
 109         return HTML::form(array('action' => $request->getPostURL(),
 110                                 'method' => 'post'),
 111                           $header,
 112                           HiddenInputs($request->getArgs(), false, array('admin_reset', 'user')),
 113                           ENABLE_PAGEPERM ? '' : HiddenInputs(array('require_authority_for_post' => WIKIAUTH_ADMIN)),
 114                           $footer );
 115     }
 116
 117     function run($dbi, $argstr, &$request, $basepage) {
 118         $args = $this->getArgs($argstr, $request);
 119         if (isa($request,'MockRequest'))
 120             return '';
 121
 122         $user =& $request->_user;
 123         $post_args = $request->getArg('admin_reset');
 124         $userid = $request->getArg('user');
 125         $isadmin = $user->isAdmin();
 126         if ($request->isPost()) {
 127             @$reset = $post_args['reset'];
 128             if (empty($reset))
 129                 return $this->doForm($request);
 130             if (!$userid) {
 131                 $alert = new Alert(_("Warning:"),
 132                                    _("You need to specify the userid!"));
 133                 $alert->show();
 134                 return $this->doForm($request);
 135             }
 136             if ($userid and !empty($post_args['verify'])) {
 137                 if ($user->isAdmin()) {
 138                     return $this->doReset($userid);
 139                 } else {
 140                     return $this->doEmail($request, $userid);
 141                 }
 142             } elseif (empty($post_args['verify'])) {
 143                 $buttons = HTML::p(Button('submit:admin_reset[reset]',
 144                                           $isadmin ? _("Yes") : _("Send email"),
 145                                           $isadmin ? 'wikiadmin' : 'button'),
 146                                    HTML::Raw('&nbsp;'),
 147                                    Button('submit:admin_reset[cancel]', _("Cancel"), 'button'));
 148                 $header = HTML::strong("Verify");
 149                 if (!$user->isAdmin()) {
 150                     // check for email
 151                     if ($userid == $user->UserName() and $user->isAuthenticated()) {
 152                         $alert = new Alert(_("Already logged in"),
 153                                            HTML(fmt("Changing passwords is done at "), WikiLink(_("UserPreferences"))));
 154                         $alert->show();
 155                         return;
 156                     }
 157                     $thisuser = WikiUser($userid);
 158                     $prefs = $thisuser->getPreferences();
 159                     $email = $prefs->get('email');
 160                     if (!$email) {
 161                         $alert = new Alert(_("Error"),
 162                                            HTML(fmt("No email stored for user %s.", $userid),
 163                                                 HTML::br(),
 164                                                 fmt("You need to ask an Administrator to reset this password. See below: "),
 165                                                 HTML::br(), WikiLink(ADMIN_USER)));
 166                         $alert->show();
 167                         return;
 168                     }
 169                     $verified = $thisuser->_prefs->_prefs['email']->getraw('emailVerified');
 170                     if (!$verified)
 171                         $header->pushContent(HTML::br(), "Warning: This users email address is unverified!");
 172                 }
 173                 return $this->doForm($request,
 174                                      $header,
 175                                      HTML(HTML::hr(),
 176                                           fmt("Do you really want to reset the password of user %s?", $userid),
 177                                           $isadmin ? '' : _("An email will be sent."),
 178                                           HiddenInputs(array('admin_reset[verify]' => 1, 'user' => $userid)),
 179                                           $buttons));
 180             } else { // verify ok, but no userid
 181                 return $this->doForm($request);
 182             }
 183         } else {
 184             return $this->doForm($request);
 185         }
 186     }
 187 };
 188
 189 // $Log: not supported by cvs2svn $
 190 // Revision 1.2  2006/06/18 11:04:50  rurban
 191 // unify gettext msg
 192 //
 193 // Revision 1.1  2006/03/19 16:31:57  rurban
 194 // I would have needed that very often
 195 //
 196
 197 // For emacs users
 198 // Local Variables:
 199 // mode: php
 200 // tab-width: 8
 201 // c-basic-offset: 4
 202 // c-hanging-comment-ender-p: nil
 203 // indent-tabs-mode: nil
 204 // End:
 205 ?>