-
Notifications
You must be signed in to change notification settings - Fork 307
/
passwordReset.php
125 lines (98 loc) · 4.91 KB
/
passwordReset.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
/*
Gibbon: the flexible, open school platform
Founded by Ross Parker at ICHK Secondary. Built by Ross Parker, Sandra Kuipers and the Gibbon community (https://gibbonedu.org/about/)
Copyright © 2010, Gibbon Foundation
Gibbon™, Gibbon Education Ltd. (Hong Kong)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use Gibbon\Data\PasswordPolicy;
use Gibbon\Forms\Form;
use Gibbon\Data\Validator;
$page->breadcrumbs->add(__('Password Reset'));
$page->return->addReturns([
'error0' => __('Email address not set.'),
'error4' => __('Your request failed due to incorrect, non-existent or non-unique email address or username.'),
'error3' => __('Email failed to send to {email}', ['email' => $_GET['email'] ?? '']),
'error5' => __('Your request failed due to non-matching passwords.'),
'error6' => __('Your request failed because your password does not meet the minimum requirements for strength.'),
'error7' => __('Your request failed because your new password is the same as your current password.'),
'fail2' => __('You do not have sufficient privileges to login.'),
'fail9' => __('Your primary role does not support the ability to log into the specified year.'),
'success0' => __('Password reset request successfully initiated, please check your email.'),
]);
$step = 1;
if (isset($_GET['step']) and $_GET['step'] == 2) {
$step = 2;
}
if ($step == 1) {
?>
<p>
<?php echo sprintf(__('Enter your %1$s username, or the email address you have listed in the system, and press submit: a unique password reset link will be emailed to you.'), $session->get('systemName')); ?>
</p>
<?php
$form = Form::create('action', $session->get('absoluteURL').'/passwordResetProcess.php?step=1');
$form->addClass('disable-warnings');
$form->addHiddenValue('address', $session->get('address'));
$row = $form->addRow();
$row->addLabel('email', __('Username/Email'));
$row->addTextField('email')->maxLength(255)->required();
$row = $form->addRow()->addSubmit();
echo $form->getOutput();
}
else {
// Sanitize the whole $_GET array
$validator = $container->get(Validator::class);
$_GET = $validator->sanitize($_GET);
//Get URL parameters
$input = $_GET['input'] ?? null;
$key = (!empty($_GET['key']) ? $_GET['key'] : null);
$gibbonPersonResetID = (!empty($_GET['gibbonPersonResetID']) ? $_GET['gibbonPersonResetID'] : null);
$step = 2;
$urlParams = compact('input', 'key', 'gibbonPersonResetID', 'step');
//Verify authenticity of this request and check it is fresh (within 48 hours)
$data = array('key' => $key, 'gibbonPersonResetID' => $gibbonPersonResetID);
$sql = "SELECT * FROM gibbonPersonReset WHERE `key`=:key AND gibbonPersonResetID=:gibbonPersonResetID AND (timestamp > DATE_SUB(now(), INTERVAL 2 DAY))";
$result = $connection2->prepare($sql);
$result->execute($data);
if ($result->rowCount() != 1) {
$page->addError(__('Your reset request is invalid: you may not proceed.'));
} else {
echo "<div class='success'>";
echo __('Your reset request is valid: you may proceed.');
echo '</div>';
$form = Form::create('action', $session->get('absoluteURL').'/passwordResetProcess.php?'.http_build_query($urlParams));
$form->addClass('disable-warnings');
$form->addHiddenValue('address', $session->get('address'));
$form->addRow()->addHeading('Reset Password', __('Reset Password'));
/** @var PasswordPolicy */
$passwordPolicy = $container->get(PasswordPolicy::class);
if (($policiesHTML = $passwordPolicy->describeHTML()) !== '') {
$form->addRow()->addAlert($policiesHTML, 'warning');
}
$row = $form->addRow();
$row->addLabel('passwordNew', __('New Password'));
$row->addPassword('passwordNew')
->addPasswordPolicy($passwordPolicy)
->addGeneratePasswordButton($form)
->required()
->maxLength(30);
$row = $form->addRow();
$row->addLabel('passwordConfirm', __('Confirm New Password'));
$row->addPassword('passwordConfirm')
->addConfirmation('passwordNew')
->required()
->maxLength(30);
$row = $form->addRow()->addSubmit();
echo $form->getOutput();
}
}