From: moodler Date: Sun, 4 May 2003 03:00:52 +0000 (+0000) Subject: Fixes to improve the password recovery process. There is now a X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=eb347b6b68f968db95e0d1e15fd8806150c830d5;p=moodle.git Fixes to improve the password recovery process. There is now a confirmation step required before the password is changed and sent. Also, many of the email texts have been cleaned up. TRANSLATORS: check your texts in moodle.php starting with "email.." --- diff --git a/lang/en/moodle.php b/lang/en/moodle.php index f3f79e2040..75018cf0bb 100644 --- a/lang/en/moodle.php +++ b/lang/en/moodle.php @@ -151,8 +151,7 @@ $string['emailconfirmation'] = "Hi \$a->firstname, A new account has been requested at '\$a->sitename' using your email address. -To confirm your new account, please go to the -following web address: +To confirm your new account, please go to this web address: \$a->link @@ -161,15 +160,40 @@ which you can just click on. If that doesn't work, then cut and paste the address into the address line at the top of your web browser window. -Cheers from the '\$a->sitename' administrator, +If you need help, please contact the site administrator, \$a->admin"; - +$string['emailconfirmationsubject'] = "\$a: account confirmation"; $string['emaildisplay'] = "Email display"; $string['emaildisplayno'] = "Hide my real email address from everyone"; $string['emaildisplayyes'] = "Allow everyone to see my email address"; $string['emaildisplaycourse'] = "Allow only other course members to see my email address"; $string['emailexists'] = "This email address is already registered."; $string['emailmustbereal'] = "Note: your email address must be a real one"; +$string['emailpasswordconfirmation'] = "Hi \$a->firstname, + +Someone (probably you) has requested a new password for your +account on '\$a->sitename'. + +To confirm this and have a new password sent to you via email, +go to the following web address: + + \$a->link + +In most mail programs, this should appear as a blue link +which you can just click on. If that doesn't work, +then cut and paste the address into the address +line at the top of your web browser window. + +If you need help, please contact the site administrator, +\$a->admin"; +$string['emailpasswordconfirmationsubject'] = "\$a: change password confirmation"; +$string['emailpasswordconfirmsent'] = "An email should have been sent to your address at \$a. +

It contains easy instructions to confirm and complete this password change. +If you continue to have difficulty, contact the site administrator."; +$string['emailpasswordsent'] = "Thank you for confirming the change of password. +

An email containing your new password has been sent to your address at \$a->email. +

The new password was automatically generated - you might like to +link>change your password to something easier to remember."; $string['enrolmentkey'] = "Enrolment key"; $string['enrolmentkeyfrom'] = "This course requires an 'enrolment key' - a one-time
password that you should have got from \$a"; @@ -431,6 +455,7 @@ $string['outline'] = "Outline"; $string['participants'] = "Participants"; $string['password'] = "Password"; $string['passwordchanged'] = "Password has been changed"; +$string['passwordconfirmchange'] = "Confirm password change"; $string['passwordsdiffer'] = "These passwords do not match"; $string['passwordrecovery'] = "Yes, help me log in"; $string['passwordsent'] = "Password has been sent"; diff --git a/lib/moodlelib.php b/lib/moodlelib.php index ba0e99e75e..46ac26a815 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -771,12 +771,32 @@ function send_confirmation_email($user) { $data->admin = "$from->firstname $from->lastname ($from->email)"; $message = get_string("emailconfirmation", "", $data); - $subject = "$site->fullname account confirmation"; + $subject = get_string("emailconfirmationsubject", "", $site->fullname); return email_to_user($user, $from, $subject, $message); } +function send_password_change_confirmation_email($user) { + + global $CFG; + + $site = get_site(); + $from = get_admin(); + + $data->firstname = $user->firstname; + $data->sitename = $site->fullname; + $data->link = "$CFG->wwwroot/login/forgot_password.php?p=$user->secret&s=$user->username"; + $data->admin = "$from->firstname $from->lastname ($from->email)"; + + $message = get_string("emailpasswordconfirmation", "", $data); + $subject = get_string("emailpasswordconfirmationsubject", "", $site->fullname); + + return email_to_user($user, $from, $subject, $message); + +} + + /// FILE HANDLING ///////////////////////////////////////////// diff --git a/lib/weblib.php b/lib/weblib.php index 738e442d87..5fe0f6f61a 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -715,7 +715,7 @@ function print_navigation ($navigation) { if (! $site = get_site()) { $site->shortname = get_string("home");; } - echo "framename}\" HREF=\"$CFG->wwwroot/\">$site->shortname -> $navigation"; + echo "framename}\" href=\"$CFG->wwwroot/\">$site->shortname -> $navigation"; } } @@ -725,9 +725,9 @@ function print_heading($text, $align="CENTER", $size=3) { function print_heading_with_help($text, $helppage, $module="moodle") { // Centered heading with attached help button (same title text) - echo "

".stripslashes_safe($text); + echo "

".stripslashes_safe($text); helpbutton($helppage, $text, $module); - echo "

"; + echo "

"; } function print_continue($link) { @@ -736,7 +736,7 @@ function print_continue($link) { $link = $_SERVER["HTTP_REFERER"]; } - print_heading("".get_string("continue").""); + print_heading("".get_string("continue").""); } @@ -1158,9 +1158,9 @@ function notice ($message, $link="") { } } - echo "
"; - print_simple_box($message, "center", "", "$THEME->cellheading"); - print_heading("".get_string("continue").""); + echo "
"; + print_simple_box($message, "center", "50%", "$THEME->cellheading", "", "noticebox"); + print_heading("".get_string("continue").""); print_footer(get_site()); die; } @@ -1168,13 +1168,13 @@ function notice ($message, $link="") { function notice_yesno ($message, $linkyes, $linkno) { global $THEME; - print_simple_box_start("center", "", "$THEME->cellheading"); - echo "

$message

"; - echo "

"; - echo "".get_string("yes").""; + print_simple_box_start("center", "60%", "$THEME->cellheading"); + echo "

$message

"; + echo "

"; + echo "".get_string("yes").""; echo "      "; - echo "".get_string("no").""; - echo "

"; + echo "".get_string("no").""; + echo "

"; print_simple_box_end(); } diff --git a/login/forgot_password.php b/login/forgot_password.php index d68f969622..82961dedba 100644 --- a/login/forgot_password.php +++ b/login/forgot_password.php @@ -2,36 +2,62 @@ require_once("../config.php"); - if ($frm = data_submitted()) { + optional_variable($p, ""); + optional_variable($s, ""); - validate_form($frm, $err); + if (!empty($p) and !empty($s)) { // User trying to authenticate change password routine update_login_count(); + $user = get_user_info_from_db("username", "$s"); + + if (!empty($user)) { + if ($user->secret == $p) { // They have provided the secret key to get in + + if (isguest($user->id)) { + error("Can't change guest password!"); + } + + if (! reset_password_and_mail($user)) { + error("Could not reset password and mail the new one to you"); + } + + reset_login_count(); + + print_header(get_string("passwordsent"), get_string("passwordsent"), get_string("passwordsent")); + + $a->email = $user->email; + $a->link = "$CFG->wwwroot/login/change_password.php"; + notice(get_string("emailpasswordsent", "", $a), $a->link); + } + } + error(get_string("error")); + } + + if ($frm = data_submitted()) { // Initial request for new password + + validate_form($frm, $err); + if (count((array)$err) == 0) { if (!$user = get_user_info_from_db("email", $frm->email)) { error("No such user with this address: $frm->email"); } - - if (isguest($user->id)) { - error("Can't change guest password!"); + + $user->secret = random_string(15); + + if (!set_field("user", "secret", $user->secret, "id", $user->id)) { + error("Could not set user secret string!"); } - if (! reset_password_and_mail($user)) { - error("Could not reset password and mail the new one to you"); + if (! send_password_change_confirmation_email($user)) { + error("Could not send you an email to confirm the password change"); } - reset_login_count(); - print_header(get_string("passwordsent"), get_string("passwordsent"), get_string("passwordsent")); - echo "
"; - $a->email = $frm->email; - $a->link = "$CFG->wwwroot/login/change_password.php"; - print_string("passwordsenttext", "", $a); - echo "
"; - print_footer(); - exit; - } + print_header(get_string("passwordconfirmchange"), get_string("passwordconfirmchange")); + + notice(get_string('emailpasswordconfirmsent', '', $user->email), $CFG->wwwroot); + } } if (empty($frm->email)) { diff --git a/login/signup.php b/login/signup.php index 7b6485fb21..4b265fdcf9 100644 --- a/login/signup.php +++ b/login/signup.php @@ -5,8 +5,10 @@ require_once("../auth/$CFG->auth/lib.php"); if ($user = data_submitted()) { + validate_form($user, $err); $user->username= trim(moodle_strtolower($user->username)); + if (count((array)$err) == 0) { $plainpass = $user->password; $user->password = md5($user->password); @@ -28,8 +30,6 @@ error("Could not add your record to the database!"); } - - if (! send_confirmation_email($user)) { error("Tried to send you an email but failed!"); }