xref: /dokuwiki/inc/Action/Resendpwd.php (revision a838eeeb9e5e9db9627ba45d149c7d37be363bdb) 
1f21dad39SAndreas Gohr<?php
2f21dad39SAndreas Gohr
3f21dad39SAndreas Gohrnamespace dokuwiki\Action;
4f21dad39SAndreas Gohr
5f21dad39SAndreas Gohruse dokuwiki\Action\Exception\ActionAbort;
6480336a3SAndreas Gohruse dokuwiki\Action\Exception\ActionDisabledException;
7*a838eeebSSatoshi Saharause dokuwiki\Ui;
8f21dad39SAndreas Gohr
9ab583a1bSAndreas Gohr/**
10ab583a1bSAndreas Gohr * Class Resendpwd
11ab583a1bSAndreas Gohr *
12ab583a1bSAndreas Gohr * Handle password recovery
13ab583a1bSAndreas Gohr *
14ab583a1bSAndreas Gohr * @package dokuwiki\Action
15ab583a1bSAndreas Gohr */
16*a838eeebSSatoshi Saharaclass Resendpwd extends AbstractAclAction
17*a838eeebSSatoshi Sahara{
18f21dad39SAndreas Gohr    /** @inheritdoc */
19*a838eeebSSatoshi Sahara    public function minimumPermission()
20*a838eeebSSatoshi Sahara    {
21f21dad39SAndreas Gohr        return AUTH_NONE;
22f21dad39SAndreas Gohr    }
23f21dad39SAndreas Gohr
24f21dad39SAndreas Gohr    /** @inheritdoc */
25*a838eeebSSatoshi Sahara    public function checkPreconditions()
26*a838eeebSSatoshi Sahara    {
27b2c9cd19SAndreas Gohr        parent::checkPreconditions();
28480336a3SAndreas Gohr
29e1d9dcc8SAndreas Gohr        /** @var \dokuwiki\Extension\AuthPlugin $auth */
30480336a3SAndreas Gohr        global $auth;
31480336a3SAndreas Gohr        global $conf;
32*a838eeebSSatoshi Sahara        if (isset($conf['resendpasswd']) && !$conf['resendpasswd'])
33*a838eeebSSatoshi Sahara            throw new ActionDisabledException(); //legacy option
34480336a3SAndreas Gohr        if (!$auth->canDo('modPass')) throw new ActionDisabledException();
35480336a3SAndreas Gohr    }
36480336a3SAndreas Gohr
37480336a3SAndreas Gohr    /** @inheritdoc */
38*a838eeebSSatoshi Sahara    public function preProcess()
39*a838eeebSSatoshi Sahara    {
40f21dad39SAndreas Gohr        if ($this->resendpwd()) {
41f21dad39SAndreas Gohr            throw new ActionAbort('login');
42f21dad39SAndreas Gohr        }
43f21dad39SAndreas Gohr    }
44f21dad39SAndreas Gohr
454347c5bbSAndreas Gohr    /** @inheritdoc */
46*a838eeebSSatoshi Sahara    public function tplContent()
47*a838eeebSSatoshi Sahara    {
48*a838eeebSSatoshi Sahara        (new Ui\UserResendPwd)->show();
494347c5bbSAndreas Gohr    }
504347c5bbSAndreas Gohr
51f21dad39SAndreas Gohr    /**
52f21dad39SAndreas Gohr     * Send a  new password
53f21dad39SAndreas Gohr     *
54f21dad39SAndreas Gohr     * This function handles both phases of the password reset:
55f21dad39SAndreas Gohr     *
56f21dad39SAndreas Gohr     *   - handling the first request of password reset
57f21dad39SAndreas Gohr     *   - validating the password reset auth token
58f21dad39SAndreas Gohr     *
59f21dad39SAndreas Gohr     * @author Benoit Chesneau <benoit@bchesneau.info>
60f21dad39SAndreas Gohr     * @author Chris Smith <chris@jalakai.co.uk>
61f21dad39SAndreas Gohr     * @author Andreas Gohr <andi@splitbrain.org>
62f21dad39SAndreas Gohr     * @fixme this should be split up into multiple methods
63f21dad39SAndreas Gohr     * @return bool true on success, false on any error
64f21dad39SAndreas Gohr     */
65*a838eeebSSatoshi Sahara    protected function resendpwd()
66*a838eeebSSatoshi Sahara    {
67f21dad39SAndreas Gohr        global $lang;
68f21dad39SAndreas Gohr        global $conf;
69e1d9dcc8SAndreas Gohr        /* @var \dokuwiki\Extension\AuthPlugin $auth */
70f21dad39SAndreas Gohr        global $auth;
71f21dad39SAndreas Gohr        global $INPUT;
72f21dad39SAndreas Gohr
73f21dad39SAndreas Gohr        if (!actionOK('resendpwd')) {
74f21dad39SAndreas Gohr            msg($lang['resendna'], -1);
75f21dad39SAndreas Gohr            return false;
76f21dad39SAndreas Gohr        }
77f21dad39SAndreas Gohr
78f21dad39SAndreas Gohr        $token = preg_replace('/[^a-f0-9]+/', '', $INPUT->str('pwauth'));
79f21dad39SAndreas Gohr
80f21dad39SAndreas Gohr        if ($token) {
81f21dad39SAndreas Gohr            // we're in token phase - get user info from token
82f21dad39SAndreas Gohr
832401f18dSSyntaxseed            $tfile = $conf['cachedir'] .'/'. $token[0] .'/'. $token . '.pwauth';
84f21dad39SAndreas Gohr            if (!file_exists($tfile)) {
85f21dad39SAndreas Gohr                msg($lang['resendpwdbadauth'], -1);
86f21dad39SAndreas Gohr                $INPUT->remove('pwauth');
87f21dad39SAndreas Gohr                return false;
88f21dad39SAndreas Gohr            }
89f21dad39SAndreas Gohr            // token is only valid for 3 days
90f21dad39SAndreas Gohr            if ((time() - filemtime($tfile)) > (3 * 60 * 60 * 24)) {
91f21dad39SAndreas Gohr                msg($lang['resendpwdbadauth'], -1);
92f21dad39SAndreas Gohr                $INPUT->remove('pwauth');
93f21dad39SAndreas Gohr                @unlink($tfile);
94f21dad39SAndreas Gohr                return false;
95f21dad39SAndreas Gohr            }
96f21dad39SAndreas Gohr
97f21dad39SAndreas Gohr            $user = io_readfile($tfile);
98f21dad39SAndreas Gohr            $userinfo = $auth->getUserData($user, $requireGroups = false);
99f21dad39SAndreas Gohr            if (!$userinfo['mail']) {
100f21dad39SAndreas Gohr                msg($lang['resendpwdnouser'], -1);
101f21dad39SAndreas Gohr                return false;
102f21dad39SAndreas Gohr            }
103f21dad39SAndreas Gohr
104f21dad39SAndreas Gohr            if (!$conf['autopasswd']) { // we let the user choose a password
105f21dad39SAndreas Gohr                $pass = $INPUT->str('pass');
106f21dad39SAndreas Gohr
107f21dad39SAndreas Gohr                // password given correctly?
108f21dad39SAndreas Gohr                if (!$pass) return false;
109f21dad39SAndreas Gohr                if ($pass != $INPUT->str('passchk')) {
110f21dad39SAndreas Gohr                    msg($lang['regbadpass'], -1);
111f21dad39SAndreas Gohr                    return false;
112f21dad39SAndreas Gohr                }
113f21dad39SAndreas Gohr
114f21dad39SAndreas Gohr                // change it
115f21dad39SAndreas Gohr                if (!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
116f21dad39SAndreas Gohr                    msg($lang['proffail'], -1);
117f21dad39SAndreas Gohr                    return false;
118f21dad39SAndreas Gohr                }
119f21dad39SAndreas Gohr
120f21dad39SAndreas Gohr            } else { // autogenerate the password and send by mail
121f21dad39SAndreas Gohr
122f21dad39SAndreas Gohr                $pass = auth_pwgen($user);
123f21dad39SAndreas Gohr                if (!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) {
124f21dad39SAndreas Gohr                    msg($lang['proffail'], -1);
125f21dad39SAndreas Gohr                    return false;
126f21dad39SAndreas Gohr                }
127f21dad39SAndreas Gohr
128f21dad39SAndreas Gohr                if (auth_sendPassword($user, $pass)) {
129f21dad39SAndreas Gohr                    msg($lang['resendpwdsuccess'], 1);
130f21dad39SAndreas Gohr                } else {
131f21dad39SAndreas Gohr                    msg($lang['regmailfail'], -1);
132f21dad39SAndreas Gohr                }
133f21dad39SAndreas Gohr            }
134f21dad39SAndreas Gohr
135f21dad39SAndreas Gohr            @unlink($tfile);
136f21dad39SAndreas Gohr            return true;
137f21dad39SAndreas Gohr
138f21dad39SAndreas Gohr        } else {
139f21dad39SAndreas Gohr            // we're in request phase
140f21dad39SAndreas Gohr
141f21dad39SAndreas Gohr            if (!$INPUT->post->bool('save')) return false;
142f21dad39SAndreas Gohr
143f21dad39SAndreas Gohr            if (!$INPUT->post->str('login')) {
144f21dad39SAndreas Gohr                msg($lang['resendpwdmissing'], -1);
145f21dad39SAndreas Gohr                return false;
146f21dad39SAndreas Gohr            } else {
147f21dad39SAndreas Gohr                $user = trim($auth->cleanUser($INPUT->post->str('login')));
148f21dad39SAndreas Gohr            }
149f21dad39SAndreas Gohr
150f21dad39SAndreas Gohr            $userinfo = $auth->getUserData($user, $requireGroups = false);
151f21dad39SAndreas Gohr            if (!$userinfo['mail']) {
152f21dad39SAndreas Gohr                msg($lang['resendpwdnouser'], -1);
153f21dad39SAndreas Gohr                return false;
154f21dad39SAndreas Gohr            }
155f21dad39SAndreas Gohr
156f21dad39SAndreas Gohr            // generate auth token
157f21dad39SAndreas Gohr            $token = md5(auth_randombytes(16)); // random secret
1582401f18dSSyntaxseed            $tfile = $conf['cachedir'] .'/'. $token[0] .'/'. $token .'.pwauth';
159f21dad39SAndreas Gohr            $url = wl('', array('do' => 'resendpwd', 'pwauth' => $token), true, '&');
160f21dad39SAndreas Gohr
161f21dad39SAndreas Gohr            io_saveFile($tfile, $user);
162f21dad39SAndreas Gohr
163f21dad39SAndreas Gohr            $text = rawLocale('pwconfirm');
164f21dad39SAndreas Gohr            $trep = array(
165f21dad39SAndreas Gohr                'FULLNAME' => $userinfo['name'],
166f21dad39SAndreas Gohr                'LOGIN' => $user,
167f21dad39SAndreas Gohr                'CONFIRM' => $url
168f21dad39SAndreas Gohr            );
169f21dad39SAndreas Gohr
170f21dad39SAndreas Gohr            $mail = new \Mailer();
171f21dad39SAndreas Gohr            $mail->to($userinfo['name'] .' <'. $userinfo['mail'] .'>');
172f21dad39SAndreas Gohr            $mail->subject($lang['regpwmail']);
173f21dad39SAndreas Gohr            $mail->setBody($text, $trep);
174f21dad39SAndreas Gohr            if ($mail->send()) {
175f21dad39SAndreas Gohr                msg($lang['resendpwdconfirm'], 1);
176f21dad39SAndreas Gohr            } else {
177f21dad39SAndreas Gohr                msg($lang['regmailfail'], -1);
178f21dad39SAndreas Gohr            }
179f21dad39SAndreas Gohr            return true;
180f21dad39SAndreas Gohr        }
181f21dad39SAndreas Gohr        // never reached
182f21dad39SAndreas Gohr    }
183f21dad39SAndreas Gohr
184f21dad39SAndreas Gohr}
185