[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / form / LostPasswordForm.class.php

<?php
namespace wcf\form;
use wcf\data\user\User;
use wcf\data\user\UserAction;
use wcf\system\exception\NamedUserException;
use wcf\system\exception\UserInputException;
use wcf\system\email\mime\MimePartFacade;
use wcf\system\email\mime\RecipientAwareTextMimePart;
use wcf\system\email\Email;
use wcf\system\email\UserMailbox;
use wcf\system\request\LinkHandler;
use wcf\system\WCF;
use wcf\util\CryptoUtil;
use wcf\util\HeaderUtil;
use wcf\util\StringUtil;

/**
 * Shows the lost password form.
 * 
 * @author	Marcel Werk
 * @copyright	2001-2016 WoltLab GmbH
 * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 * @package	WoltLabSuite\Core\Form
 */
class LostPasswordForm extends AbstractCaptchaForm {
	const AVAILABLE_DURING_OFFLINE_MODE = true;
	
	/**
	 * username
	 * @var	string
	 */
	public $username = '';
	
	/**
	 * email address
	 * @var	string
	 */
	public $email = '';
	
	/**
	 * user object
	 * @var	\wcf\data\user\User
	 */
	public $user;
	
	/**
	 * @inheritDoc
	 */
	public $useCaptcha = LOST_PASSWORD_USE_CAPTCHA;
	
	/**
	 * @inheritDoc
	 */
	public function readFormParameters() {
		parent::readFormParameters();
		
		if (isset($_POST['username'])) $this->username = StringUtil::trim($_POST['username']);
		if (isset($_POST['email'])) $this->email = StringUtil::trim($_POST['email']);
	}
	
	/**
	 * @inheritDoc
	 */
	public function validate() {
		parent::validate();
		
		if (empty($this->username) && empty($this->email)) {
			throw new UserInputException('username');
		}
		
		if (!empty($this->username)) {
			$this->user = User::getUserByUsername($this->username);
			if (!$this->user->userID) {
				throw new UserInputException('username', 'notFound');
			}
		}
		else {
			$this->user = User::getUserByEmail($this->email);
			if (!$this->user->userID) {
				throw new UserInputException('email', 'notFound');
			}
		}
		
		// check if using 3rd party @author dtdesign
		if ($this->user->authData) {
			throw new UserInputException('username', '3rdParty');
		}
		
		// check whether a lost password request was sent in the last 24 hours
		if ($this->user->lastLostPasswordRequestTime && TIME_NOW - 86400 < $this->user->lastLostPasswordRequestTime) {
			throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.error.tooManyRequests', ['hours' => ceil(($this->user->lastLostPasswordRequestTime - (TIME_NOW - 86400)) / 3600)]));
		}
	}
	
	/**
	 * @inheritDoc
	 */
	public function save() {
		parent::save();
		
		// generate a new lost password key
		$lostPasswordKey = bin2hex(CryptoUtil::randomBytes(20));
		
		// save key and request time in database
		$this->objectAction = new UserAction([$this->user], 'update', [
			'data' => array_merge($this->additionalFields, [
				'lostPasswordKey' => $lostPasswordKey,
				'lastLostPasswordRequestTime' => TIME_NOW
			])
		]);
		$this->objectAction->executeAction();
		
		// reload object
		$this->user = new User($this->user->userID);
		
		$email = new Email();
		$email->addRecipient(new UserMailbox($this->user));
		$email->setSubject($this->user->getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.subject'));
		$email->setBody(new MimePartFacade([
			new RecipientAwareTextMimePart('text/html', 'email_lostPassword'),
			new RecipientAwareTextMimePart('text/plain', 'email_lostPassword')
		]));
		$email->send();
		
		$this->saved();
		
		// forward to index page
		HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->get('wcf.user.lostPassword.mail.sent'));
		exit;
	}
	
	/**
	 * @inheritDoc
	 */
	public function assignVariables() {
		parent::assignVariables();
		
		WCF::getTPL()->assign([
			'username' => $this->username,
			'email' => $this->email
		]);
	}
}
Commit	Line	Data
320f4a6d MW	1	<?php
	2	namespace wcf\form;
	3	use wcf\data\user\User;
e94d7556	4	use wcf\data\user\UserAction;
320f4a6d MW	5	use wcf\system\exception\NamedUserException;
320f4a6d MW	6	use wcf\system\exception\UserInputException;
69c8d66b TD	7	use wcf\system\email\mime\MimePartFacade;
	8	use wcf\system\email\mime\RecipientAwareTextMimePart;
	9	use wcf\system\email\Email;
	10	use wcf\system\email\UserMailbox;
320f4a6d MW	11	use wcf\system\request\LinkHandler;
320f4a6d MW	12	use wcf\system\WCF;
5f6542f1	13	use wcf\util\CryptoUtil;
320f4a6d	14	use wcf\util\HeaderUtil;
69c8d66b	15	use wcf\util\StringUtil;
320f4a6d MW	16
	17	/**
	18	* Shows the lost password form.
	19	*
	20	* @author Marcel Werk
7d739af0	21	* @copyright 2001-2016 WoltLab GmbH
320f4a6d	22	* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
e71525e4	23	* @package WoltLabSuite\Core\Form
320f4a6d	24	*/
96714cab	25	class LostPasswordForm extends AbstractCaptchaForm {
320f4a6d MW	26	const AVAILABLE_DURING_OFFLINE_MODE = true;
320f4a6d MW	27
320f4a6d MW	28	/**
	29	* username
	30	* @var string
	31	*/
	32	public $username = '';
	33
	34	/**
	35	* email address
	36	* @var string
	37	*/
	38	public $email = '';
	39
	40	/**
	41	* user object
0ad90fc3	42	* @var \wcf\data\user\User
320f4a6d MW	43	*/
	44	public $user;
	45
	46	/**
0fcfe5f6	47	* @inheritDoc
320f4a6d	48	*/
fbb526f2	49	public $useCaptcha = LOST_PASSWORD_USE_CAPTCHA;
320f4a6d MW	50
320f4a6d MW	51	/**
0fcfe5f6	52	* @inheritDoc
320f4a6d MW	53	*/
	54	public function readFormParameters() {
	55	parent::readFormParameters();
	56
	57	if (isset($_POST['username'])) $this->username = StringUtil::trim($_POST['username']);
	58	if (isset($_POST['email'])) $this->email = StringUtil::trim($_POST['email']);
	59	}
	60
	61	/**
0fcfe5f6	62	* @inheritDoc
320f4a6d MW	63	*/
	64	public function validate() {
	65	parent::validate();
	66
	67	if (empty($this->username) && empty($this->email)) {
	68	throw new UserInputException('username');
	69	}
	70
	71	if (!empty($this->username)) {
	72	$this->user = User::getUserByUsername($this->username);
	73	if (!$this->user->userID) {
	74	throw new UserInputException('username', 'notFound');
	75	}
	76	}
	77	else {
	78	$this->user = User::getUserByEmail($this->email);
	79	if (!$this->user->userID) {
	80	throw new UserInputException('email', 'notFound');
	81	}
	82	}
	83
	84	// check if using 3rd party @author dtdesign
	85	if ($this->user->authData) {
	86	throw new UserInputException('username', '3rdParty');
	87	}
	88
	89	// check whether a lost password request was sent in the last 24 hours
	90	if ($this->user->lastLostPasswordRequestTime && TIME_NOW - 86400 < $this->user->lastLostPasswordRequestTime) {
058cbd6a	91	throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.error.tooManyRequests', ['hours' => ceil(($this->user->lastLostPasswordRequestTime - (TIME_NOW - 86400)) / 3600)]));
320f4a6d MW	92	}
	93	}
	94
	95	/**
0fcfe5f6	96	* @inheritDoc
320f4a6d MW	97	*/
	98	public function save() {
	99	parent::save();
	100
	101	// generate a new lost password key
5f6542f1	102	$lostPasswordKey = bin2hex(CryptoUtil::randomBytes(20));
320f4a6d MW	103
320f4a6d MW	104	// save key and request time in database
058cbd6a MS	105	$this->objectAction = new UserAction([$this->user], 'update', [
058cbd6a MS	106	'data' => array_merge($this->additionalFields, [
e94d7556 TD	107	'lostPasswordKey' => $lostPasswordKey,
e94d7556 TD	108	'lastLostPasswordRequestTime' => TIME_NOW
058cbd6a MS	109	])
058cbd6a MS	110	]);
e94d7556	111	$this->objectAction->executeAction();
320f4a6d	112
69c8d66b TD	113	// reload object
	114	$this->user = new User($this->user->userID);
	115
	116	$email = new Email();
	117	$email->addRecipient(new UserMailbox($this->user));
	118	$email->setSubject($this->user->getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.subject'));
	119	$email->setBody(new MimePartFacade([
	120	new RecipientAwareTextMimePart('text/html', 'email_lostPassword'),
	121	new RecipientAwareTextMimePart('text/plain', 'email_lostPassword')
058cbd6a	122	]));
69c8d66b TD	123	$email->send();
69c8d66b TD	124
320f4a6d MW	125	$this->saved();
	126
	127	// forward to index page
	128	HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->get('wcf.user.lostPassword.mail.sent'));
	129	exit;
	130	}
	131
	132	/**
0fcfe5f6	133	* @inheritDoc
320f4a6d MW	134	*/
	135	public function assignVariables() {
	136	parent::assignVariables();
	137
058cbd6a	138	WCF::getTPL()->assign([
320f4a6d MW	139	'username' => $this->username,
320f4a6d MW	140	'email' => $this->email
058cbd6a	141	]);
320f4a6d MW	142	}
320f4a6d MW	143	}