[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / form / LostPasswordForm.class.php

<?php
namespace wcf\form;
use wcf\data\user\User;
use wcf\data\user\UserAction;
use wcf\system\email\mime\MimePartFacade;
use wcf\system\email\mime\RecipientAwareTextMimePart;
use wcf\system\email\Email;
use wcf\system\email\UserMailbox;
use wcf\system\exception\NamedUserException;
use wcf\system\exception\UserInputException;
use wcf\system\request\LinkHandler;
use wcf\system\WCF;
use wcf\util\HeaderUtil;
use wcf\util\StringUtil;

/**
 * Shows the lost password form.
 * 
 * @author	Marcel Werk
 * @copyright	2001-2019 WoltLab GmbH
 * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 * @package	WoltLabSuite\Core\Form
 */
class LostPasswordForm extends AbstractCaptchaForm {
	const AVAILABLE_DURING_OFFLINE_MODE = true;
	
	/**
	 * username
	 * @var	string
	 */
	public $username = '';
	
	/**
	 * email address
	 * @var	string
	 */
	public $email = '';
	
	/**
	 * user object
	 * @var	User
	 */
	public $user;
	
	/**
	 * @inheritDoc
	 */
	public $useCaptcha = LOST_PASSWORD_USE_CAPTCHA;
	
	/**
	 * @inheritDoc
	 */
	public function readFormParameters() {
		parent::readFormParameters();
		
		if (isset($_POST['username'])) $this->username = StringUtil::trim($_POST['username']);
		if (isset($_POST['email'])) $this->email = StringUtil::trim($_POST['email']);
	}
	
	/**
	 * @inheritDoc
	 */
	public function validate() {
		parent::validate();
		
		if (empty($this->username) && empty($this->email)) {
			throw new UserInputException('username');
		}
		
		if (!empty($this->username)) {
			$this->user = User::getUserByUsername($this->username);
			if (!$this->user->userID) {
				throw new UserInputException('username', 'notFound');
			}
		}
		else {
			$this->user = User::getUserByEmail($this->email);
			if (!$this->user->userID) {
				throw new UserInputException('email', 'notFound');
			}
		}
		
		// check if using 3rd party
		if ($this->user->authData) {
			HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(ucfirst($this->user->getAuthProvider()) . 'Auth'), WCF::getLanguage()->getDynamicVariable('wcf.user.username.error.3rdParty.redirect', [
				'provider' => WCF::getLanguage()->get('wcf.user.3rdparty.'. $this->user->getAuthProvider())
			]),5, 'info');
			exit;
		}
		
		// check whether a lost password request was sent in the last 24 hours
		if ($this->user->lastLostPasswordRequestTime && TIME_NOW - 86400 < $this->user->lastLostPasswordRequestTime) {
			throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.error.tooManyRequests', ['hours' => ceil(($this->user->lastLostPasswordRequestTime - (TIME_NOW - 86400)) / 3600)]));
		}
	}
	
	/**
	 * @inheritDoc
	 */
	public function save() {
		parent::save();
		
		// generate a new lost password key
		$lostPasswordKey = bin2hex(\random_bytes(20));
		
		// save key and request time in database
		$this->objectAction = new UserAction([$this->user], 'update', [
			'data' => array_merge($this->additionalFields, [
				'lostPasswordKey' => $lostPasswordKey,
				'lastLostPasswordRequestTime' => TIME_NOW
			])
		]);
		$this->objectAction->executeAction();
		
		// reload object
		$this->user = new User($this->user->userID);
		
		$email = new Email();
		$email->addRecipient(new UserMailbox($this->user));
		$email->setSubject($this->user->getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.subject'));
		$email->setBody(new MimePartFacade([
			new RecipientAwareTextMimePart('text/html', 'email_lostPassword'),
			new RecipientAwareTextMimePart('text/plain', 'email_lostPassword')
		]));
		$email->send();
		
		$this->saved();
		
		// forward to index page
		HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.sent'));
		exit;
	}
	
	/**
	 * @inheritDoc
	 */
	public function assignVariables() {
		parent::assignVariables();
		
		WCF::getTPL()->assign([
			'username' => $this->username,
			'email' => $this->email
		]);
	}
}
Commit	Line	Data
320f4a6d MW	1	<?php
	2	namespace wcf\form;
	3	use wcf\data\user\User;
e94d7556	4	use wcf\data\user\UserAction;
69c8d66b TD	5	use wcf\system\email\mime\MimePartFacade;
	6	use wcf\system\email\mime\RecipientAwareTextMimePart;
	7	use wcf\system\email\Email;
	8	use wcf\system\email\UserMailbox;
8e910f87 TD	9	use wcf\system\exception\NamedUserException;
8e910f87 TD	10	use wcf\system\exception\UserInputException;
320f4a6d MW	11	use wcf\system\request\LinkHandler;
	12	use wcf\system\WCF;
	13	use wcf\util\HeaderUtil;
69c8d66b	14	use wcf\util\StringUtil;
320f4a6d MW	15
	16	/**
	17	* Shows the lost password form.
	18	*
	19	* @author Marcel Werk
7b7b9764	20	* @copyright 2001-2019 WoltLab GmbH
320f4a6d	21	* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
e71525e4	22	* @package WoltLabSuite\Core\Form
320f4a6d	23	*/
96714cab	24	class LostPasswordForm extends AbstractCaptchaForm {
320f4a6d MW	25	const AVAILABLE_DURING_OFFLINE_MODE = true;
320f4a6d MW	26
320f4a6d MW	27	/**
	28	* username
	29	* @var string
	30	*/
	31	public $username = '';
	32
	33	/**
	34	* email address
	35	* @var string
	36	*/
	37	public $email = '';
	38
	39	/**
	40	* user object
4e25add7	41	* @var User
320f4a6d MW	42	*/
	43	public $user;
	44
	45	/**
0fcfe5f6	46	* @inheritDoc
320f4a6d	47	*/
fbb526f2	48	public $useCaptcha = LOST_PASSWORD_USE_CAPTCHA;
320f4a6d MW	49
320f4a6d MW	50	/**
0fcfe5f6	51	* @inheritDoc
320f4a6d MW	52	*/
	53	public function readFormParameters() {
	54	parent::readFormParameters();
	55
	56	if (isset($_POST['username'])) $this->username = StringUtil::trim($_POST['username']);
	57	if (isset($_POST['email'])) $this->email = StringUtil::trim($_POST['email']);
	58	}
	59
	60	/**
0fcfe5f6	61	* @inheritDoc
320f4a6d MW	62	*/
	63	public function validate() {
	64	parent::validate();
	65
	66	if (empty($this->username) && empty($this->email)) {
	67	throw new UserInputException('username');
	68	}
	69
	70	if (!empty($this->username)) {
	71	$this->user = User::getUserByUsername($this->username);
	72	if (!$this->user->userID) {
	73	throw new UserInputException('username', 'notFound');
	74	}
	75	}
	76	else {
	77	$this->user = User::getUserByEmail($this->email);
	78	if (!$this->user->userID) {
	79	throw new UserInputException('email', 'notFound');
	80	}
	81	}
	82
cad2e3f0	83	// check if using 3rd party
320f4a6d	84	if ($this->user->authData) {
cad2e3f0 JR	85	HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(ucfirst($this->user->getAuthProvider()) . 'Auth'), WCF::getLanguage()->getDynamicVariable('wcf.user.username.error.3rdParty.redirect', [
	86	'provider' => WCF::getLanguage()->get('wcf.user.3rdparty.'. $this->user->getAuthProvider())
	87	]),5, 'info');
	88	exit;
320f4a6d MW	89	}
	90
	91	// check whether a lost password request was sent in the last 24 hours
	92	if ($this->user->lastLostPasswordRequestTime && TIME_NOW - 86400 < $this->user->lastLostPasswordRequestTime) {
058cbd6a	93	throw new NamedUserException(WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.error.tooManyRequests', ['hours' => ceil(($this->user->lastLostPasswordRequestTime - (TIME_NOW - 86400)) / 3600)]));
320f4a6d MW	94	}
	95	}
	96
	97	/**
0fcfe5f6	98	* @inheritDoc
320f4a6d MW	99	*/
	100	public function save() {
	101	parent::save();
	102
	103	// generate a new lost password key
8e0aaeaf	104	$lostPasswordKey = bin2hex(\random_bytes(20));
320f4a6d MW	105
320f4a6d MW	106	// save key and request time in database
058cbd6a MS	107	$this->objectAction = new UserAction([$this->user], 'update', [
058cbd6a MS	108	'data' => array_merge($this->additionalFields, [
e94d7556 TD	109	'lostPasswordKey' => $lostPasswordKey,
e94d7556 TD	110	'lastLostPasswordRequestTime' => TIME_NOW
058cbd6a MS	111	])
058cbd6a MS	112	]);
e94d7556	113	$this->objectAction->executeAction();
320f4a6d	114
69c8d66b TD	115	// reload object
	116	$this->user = new User($this->user->userID);
	117
	118	$email = new Email();
	119	$email->addRecipient(new UserMailbox($this->user));
	120	$email->setSubject($this->user->getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.subject'));
	121	$email->setBody(new MimePartFacade([
	122	new RecipientAwareTextMimePart('text/html', 'email_lostPassword'),
	123	new RecipientAwareTextMimePart('text/plain', 'email_lostPassword')
058cbd6a	124	]));
69c8d66b TD	125	$email->send();
69c8d66b TD	126
320f4a6d MW	127	$this->saved();
	128
	129	// forward to index page
a5e49f61	130	HeaderUtil::delayedRedirect(LinkHandler::getInstance()->getLink(), WCF::getLanguage()->getDynamicVariable('wcf.user.lostPassword.mail.sent'));
320f4a6d MW	131	exit;
	132	}
	133
	134	/**
0fcfe5f6	135	* @inheritDoc
320f4a6d MW	136	*/
	137	public function assignVariables() {
	138	parent::assignVariables();
	139
058cbd6a	140	WCF::getTPL()->assign([
320f4a6d MW	141	'username' => $this->username,
320f4a6d MW	142	'email' => $this->email
058cbd6a	143	]);
320f4a6d MW	144	}
320f4a6d MW	145	}