Commit | Line | Data |
---|---|---|
320f4a6d MW |
1 | <?php |
2 | namespace wcf\form; | |
3 | use wcf\data\user\User; | |
e94d7556 | 4 | use wcf\data\user\UserAction; |
69c8d66b TD |
5 | use wcf\system\email\mime\MimePartFacade; |
6 | use wcf\system\email\mime\RecipientAwareTextMimePart; | |
7 | use wcf\system\email\Email; | |
8 | use wcf\system\email\UserMailbox; | |
8e910f87 TD |
9 | use wcf\system\exception\NamedUserException; |
10 | use wcf\system\exception\UserInputException; | |
320f4a6d MW |
11 | use wcf\system\request\LinkHandler; |
12 | use wcf\system\WCF; | |
13 | use wcf\util\HeaderUtil; | |
69c8d66b | 14 | use wcf\util\StringUtil; |
320f4a6d MW |
15 | |
16 | /** | |
17 | * Shows the lost password form. | |
18 | * | |
19 | * @author Marcel Werk | |
7b7b9764 | 20 | * @copyright 2001-2019 WoltLab GmbH |
320f4a6d | 21 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> |
e71525e4 | 22 | * @package WoltLabSuite\Core\Form |
320f4a6d | 23 | */ |
96714cab | 24 | class LostPasswordForm extends AbstractCaptchaForm { |
320f4a6d MW |
25 | const AVAILABLE_DURING_OFFLINE_MODE = true; |
26 | ||
320f4a6d MW |
27 | /** |
28 | * username | |
29 | * @var string | |
30 | */ | |
31 | public $username = ''; | |
32 | ||
33 | /** | |
34 | * email address | |
35 | * @var string | |
36 | */ | |
37 | public $email = ''; | |
38 | ||
39 | /** | |
40 | * user object | |
4e25add7 | 41 | * @var User |
320f4a6d MW |
42 | */ |
43 | public $user; | |
44 | ||
45 | /** | |
0fcfe5f6 | 46 | * @inheritDoc |
320f4a6d | 47 | */ |
fbb526f2 | 48 | public $useCaptcha = LOST_PASSWORD_USE_CAPTCHA; |
320f4a6d MW |
49 | |
50 | /** | |
0fcfe5f6 | 51 | * @inheritDoc |
320f4a6d MW |
52 | */ |
53 | public function readFormParameters() { | |
54 | parent::readFormParameters(); | |
55 | ||
56 | if (isset($_POST['username'])) $this->username = StringUtil::trim($_POST['username']); | |
57 | if (isset($_POST['email'])) $this->email = StringUtil::trim($_POST['email']); | |
58 | } | |
59 | ||
60 | /** | |
0fcfe5f6 | 61 | * @inheritDoc |
320f4a6d MW |
62 | */ |
63 | public function validate() { | |
64 | parent::validate(); | |
65 | ||
66 | if (empty($this->username) && empty($this->email)) { | |
67 | throw new UserInputException('username'); | |
68 | } | |
69 | ||
70 | if (!empty($this->username)) { | |
71 | $this->user = User::getUserByUsername($this->username); | |
72 | if (!$this->user->userID) { | |
73 | throw new UserInputException('username', 'notFound'); | |
74 | } | |
75 | } | |
76 | else { | |
77 | $this->user = User::getUserByEmail($this->email); | |
78 | if (!$this->user->userID) { | |
79 | throw new UserInputException('email', 'notFound'); | |
80 | } | |
81 | } | |
82 | ||
cad2e3f0 | 83 | // check if using 3rd party |
320f4a6d | 84 | if ($this->user->authData) { |
cad2e3f0 JR |
85 | HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(ucfirst($this->user->getAuthProvider()) . 'Auth'), WCF::getLanguage()->getDynamicVariable('wcf.user.username.error.3rdParty.redirect', [ |
86 | 'provider' => WCF::getLanguage()->get('wcf.user.3rdparty.'. $this->user->getAuthProvider()) | |
87 | ]),5, 'info'); | |
88 | exit; | |
320f4a6d MW |
89 | } |
90 | ||
91 | // check whether a lost password request was sent in the last 24 hours | |
92 | if ($this->user->lastLostPasswordRequestTime && TIME_NOW - 86400 < $this->user->lastLostPasswordRequestTime) { | |
058cbd6a | 93 | throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.error.tooManyRequests', ['hours' => ceil(($this->user->lastLostPasswordRequestTime - (TIME_NOW - 86400)) / 3600)])); |
320f4a6d MW |
94 | } |
95 | } | |
96 | ||
97 | /** | |
0fcfe5f6 | 98 | * @inheritDoc |
320f4a6d MW |
99 | */ |
100 | public function save() { | |
101 | parent::save(); | |
102 | ||
103 | // generate a new lost password key | |
8e0aaeaf | 104 | $lostPasswordKey = bin2hex(\random_bytes(20)); |
320f4a6d MW |
105 | |
106 | // save key and request time in database | |
058cbd6a MS |
107 | $this->objectAction = new UserAction([$this->user], 'update', [ |
108 | 'data' => array_merge($this->additionalFields, [ | |
e94d7556 TD |
109 | 'lostPasswordKey' => $lostPasswordKey, |
110 | 'lastLostPasswordRequestTime' => TIME_NOW | |
058cbd6a MS |
111 | ]) |
112 | ]); | |
e94d7556 | 113 | $this->objectAction->executeAction(); |
320f4a6d | 114 | |
69c8d66b TD |
115 | // reload object |
116 | $this->user = new User($this->user->userID); | |
117 | ||
118 | $email = new Email(); | |
119 | $email->addRecipient(new UserMailbox($this->user)); | |
120 | $email->setSubject($this->user->getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.subject')); | |
121 | $email->setBody(new MimePartFacade([ | |
122 | new RecipientAwareTextMimePart('text/html', 'email_lostPassword'), | |
123 | new RecipientAwareTextMimePart('text/plain', 'email_lostPassword') | |
058cbd6a | 124 | ])); |
69c8d66b TD |
125 | $email->send(); |
126 | ||
320f4a6d MW |
127 | $this->saved(); |
128 | ||
129 | // forward to index page | |
a5e49f61 | 130 | HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.sent')); |
320f4a6d MW |
131 | exit; |
132 | } | |
133 | ||
134 | /** | |
0fcfe5f6 | 135 | * @inheritDoc |
320f4a6d MW |
136 | */ |
137 | public function assignVariables() { | |
138 | parent::assignVariables(); | |
139 | ||
058cbd6a | 140 | WCF::getTPL()->assign([ |
320f4a6d MW |
141 | 'username' => $this->username, |
142 | 'email' => $this->email | |
058cbd6a | 143 | ]); |
320f4a6d MW |
144 | } |
145 | } |