Commit | Line | Data |
---|---|---|
320f4a6d MW |
1 | <?php |
2 | namespace wcf\form; | |
3 | use wcf\data\user\User; | |
e94d7556 | 4 | use wcf\data\user\UserAction; |
320f4a6d MW |
5 | use wcf\system\exception\NamedUserException; |
6 | use wcf\system\exception\UserInputException; | |
69c8d66b TD |
7 | use wcf\system\email\mime\MimePartFacade; |
8 | use wcf\system\email\mime\RecipientAwareTextMimePart; | |
9 | use wcf\system\email\Email; | |
10 | use wcf\system\email\UserMailbox; | |
320f4a6d MW |
11 | use wcf\system\request\LinkHandler; |
12 | use wcf\system\WCF; | |
5f6542f1 | 13 | use wcf\util\CryptoUtil; |
320f4a6d | 14 | use wcf\util\HeaderUtil; |
69c8d66b | 15 | use wcf\util\StringUtil; |
320f4a6d MW |
16 | |
17 | /** | |
18 | * Shows the lost password form. | |
19 | * | |
20 | * @author Marcel Werk | |
7d739af0 | 21 | * @copyright 2001-2016 WoltLab GmbH |
320f4a6d | 22 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> |
e71525e4 | 23 | * @package WoltLabSuite\Core\Form |
320f4a6d | 24 | */ |
96714cab | 25 | class LostPasswordForm extends AbstractCaptchaForm { |
320f4a6d MW |
26 | const AVAILABLE_DURING_OFFLINE_MODE = true; |
27 | ||
320f4a6d MW |
28 | /** |
29 | * username | |
30 | * @var string | |
31 | */ | |
32 | public $username = ''; | |
33 | ||
34 | /** | |
35 | * email address | |
36 | * @var string | |
37 | */ | |
38 | public $email = ''; | |
39 | ||
40 | /** | |
41 | * user object | |
0ad90fc3 | 42 | * @var \wcf\data\user\User |
320f4a6d MW |
43 | */ |
44 | public $user; | |
45 | ||
46 | /** | |
0fcfe5f6 | 47 | * @inheritDoc |
320f4a6d | 48 | */ |
fbb526f2 | 49 | public $useCaptcha = LOST_PASSWORD_USE_CAPTCHA; |
320f4a6d MW |
50 | |
51 | /** | |
0fcfe5f6 | 52 | * @inheritDoc |
320f4a6d MW |
53 | */ |
54 | public function readFormParameters() { | |
55 | parent::readFormParameters(); | |
56 | ||
57 | if (isset($_POST['username'])) $this->username = StringUtil::trim($_POST['username']); | |
58 | if (isset($_POST['email'])) $this->email = StringUtil::trim($_POST['email']); | |
59 | } | |
60 | ||
61 | /** | |
0fcfe5f6 | 62 | * @inheritDoc |
320f4a6d MW |
63 | */ |
64 | public function validate() { | |
65 | parent::validate(); | |
66 | ||
67 | if (empty($this->username) && empty($this->email)) { | |
68 | throw new UserInputException('username'); | |
69 | } | |
70 | ||
71 | if (!empty($this->username)) { | |
72 | $this->user = User::getUserByUsername($this->username); | |
73 | if (!$this->user->userID) { | |
74 | throw new UserInputException('username', 'notFound'); | |
75 | } | |
76 | } | |
77 | else { | |
78 | $this->user = User::getUserByEmail($this->email); | |
79 | if (!$this->user->userID) { | |
80 | throw new UserInputException('email', 'notFound'); | |
81 | } | |
82 | } | |
83 | ||
84 | // check if using 3rd party @author dtdesign | |
85 | if ($this->user->authData) { | |
86 | throw new UserInputException('username', '3rdParty'); | |
87 | } | |
88 | ||
89 | // check whether a lost password request was sent in the last 24 hours | |
90 | if ($this->user->lastLostPasswordRequestTime && TIME_NOW - 86400 < $this->user->lastLostPasswordRequestTime) { | |
058cbd6a | 91 | throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.error.tooManyRequests', ['hours' => ceil(($this->user->lastLostPasswordRequestTime - (TIME_NOW - 86400)) / 3600)])); |
320f4a6d MW |
92 | } |
93 | } | |
94 | ||
95 | /** | |
0fcfe5f6 | 96 | * @inheritDoc |
320f4a6d MW |
97 | */ |
98 | public function save() { | |
99 | parent::save(); | |
100 | ||
101 | // generate a new lost password key | |
5f6542f1 | 102 | $lostPasswordKey = bin2hex(CryptoUtil::randomBytes(20)); |
320f4a6d MW |
103 | |
104 | // save key and request time in database | |
058cbd6a MS |
105 | $this->objectAction = new UserAction([$this->user], 'update', [ |
106 | 'data' => array_merge($this->additionalFields, [ | |
e94d7556 TD |
107 | 'lostPasswordKey' => $lostPasswordKey, |
108 | 'lastLostPasswordRequestTime' => TIME_NOW | |
058cbd6a MS |
109 | ]) |
110 | ]); | |
e94d7556 | 111 | $this->objectAction->executeAction(); |
320f4a6d | 112 | |
69c8d66b TD |
113 | // reload object |
114 | $this->user = new User($this->user->userID); | |
115 | ||
116 | $email = new Email(); | |
117 | $email->addRecipient(new UserMailbox($this->user)); | |
118 | $email->setSubject($this->user->getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.subject')); | |
119 | $email->setBody(new MimePartFacade([ | |
120 | new RecipientAwareTextMimePart('text/html', 'email_lostPassword'), | |
121 | new RecipientAwareTextMimePart('text/plain', 'email_lostPassword') | |
058cbd6a | 122 | ])); |
69c8d66b TD |
123 | $email->send(); |
124 | ||
320f4a6d MW |
125 | $this->saved(); |
126 | ||
127 | // forward to index page | |
128 | HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->get('wcf.user.lostPassword.mail.sent')); | |
129 | exit; | |
130 | } | |
131 | ||
132 | /** | |
0fcfe5f6 | 133 | * @inheritDoc |
320f4a6d MW |
134 | */ |
135 | public function assignVariables() { | |
136 | parent::assignVariables(); | |
137 | ||
058cbd6a | 138 | WCF::getTPL()->assign([ |
320f4a6d MW |
139 | 'username' => $this->username, |
140 | 'email' => $this->email | |
058cbd6a | 141 | ]); |
320f4a6d MW |
142 | } |
143 | } |