ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
ilPasswordAssistanceGUI Class Reference

Password assistance facility for users who have forgotten their password or for users for whom no password has been assigned yet. More...

+ Collaboration diagram for ilPasswordAssistanceGUI:

Public Member Functions

 ilPasswordAssistanceGUI ()
 constructor
executeCommand ()
 execute command
 showAssistanceForm ($message="", $username="", $email="")
 showUsernameAssistanceForm ($message="", $username="", $email="")
 submitAssistanceForm ()
 Reads the submitted data from the password assistance form.
 submitUsernameAssistanceForm ()
 Reads the submitted data from the password assistance form.
 sendPasswordAssistanceMail ($userObj)
 Creates (or reuses) a password assistance session, and sends a password assistance mail to the specified user.
 sendUsernameAssistanceMail ($email, $logins)
 Creates (or reuses) a password assistance session, and sends a password assistance mail to the specified user.
 showAssignPasswordForm ($message="", $username="", $password1="", $password2="", $pwassist_id="")
 submitAssignPasswordForm ()
 Reads the submitted data from the password assistance form.
 showMessageForm ($message="", $text="")

Detailed Description

Password assistance facility for users who have forgotten their password or for users for whom no password has been assigned yet.

Author
Werner Randelshofer wrand.nosp@m.els@.nosp@m.hsw.f.nosp@m.hz.c.nosp@m.h
Version
Id:
class.ilPasswordAssistanceGUI.php 23021 2010-02-21 22:03:30Z akill

Definition at line 33 of file class.ilPasswordAssistanceGUI.php.

Member Function Documentation

& ilPasswordAssistanceGUI::executeCommand ( )

execute command

Definition at line 48 of file class.ilPasswordAssistanceGUI.php.

References $_GET, $_SESSION, $cmd, $ilAuth, $ilErr, $ilSetting, $lang, $lng, showAssignPasswordForm(), and showAssistanceForm().

{
global $ilias, $lng, $ilSetting, $ilErr, $ilAuth;
// check hack attempts
if (!$ilSetting->get("password_assistance")) // || AUTH_DEFAULT != AUTH_LOCAL)
{
if (empty($_SESSION["AccountId"]) and $_SESSION["AccountId"] !== false)
{
$ilErr->raiseError($lng->txt("permission_denied"),$ilias->error_obj->WARNING);
}
}
// check correct setup
if (!$ilSetting->get("setup_ok"))
{
die("Setup is not completed. Please run setup routine again. (pwassist.php)");
}
// Change the language, if necessary.
// And load the 'pwassist' language module
$lang = $_GET['lang'];
if ($lang != null && $lang != "" && $lng->getLangKey() != $lang)
{
$lng = new ilLanguage($lang);
}
$lng->loadLanguageModule('pwassist');
$cmd = $this->ctrl->getCmd();
$next_class = $this->ctrl->getNextClass($this);
switch($next_class)
{
default:
if ($cmd != "")
{
return $this->$cmd();
}
else
{
if (!empty($_GET["key"])) {
} else {
}
}
break;
}
// Logout current session
//$ilAuth->logout();
//session_destroy();
}

+ Here is the call graph for this function:

ilPasswordAssistanceGUI::ilPasswordAssistanceGUI ( )

constructor

Definition at line 38 of file class.ilPasswordAssistanceGUI.php.

References $ilCtrl.

{
global $ilCtrl;
$this->ctrl =& $ilCtrl;
}
ilPasswordAssistanceGUI::sendPasswordAssistanceMail (   $userObj)

Creates (or reuses) a password assistance session, and sends a password assistance mail to the specified user.

Note: To prevent DOS attacks, a new session is created only, if no session exists, or if the existing session has been expired.

The password assistance mail contains an URL, which points to this script and contains the following URL parameters: client_id key

Parameters
usrObjAn instance of class.ilObjUserObject.php.

Definition at line 419 of file class.ilPasswordAssistanceGUI.php.

References $lng, db_pwassist_create_id(), db_pwassist_session_find(), db_pwassist_session_write(), and db_set_save_handler().

Referenced by submitAssistanceForm().

{
global $lng, $ilias;
include_once "Services/Mail/classes/class.ilMailbox.php";
include_once "Services/Mail/classes/class.ilMimeMail.php";
require_once "include/inc.pwassist_session_handler.php";
// Check if we need to create a new session
$pwassist_session = db_pwassist_session_find($userObj->getId());
if (count($pwassist_session) == 0 || $pwassist_session["expires"] < time())
{
// Create a new session id
session_start();
$pwassist_session["pwassist_id"] = db_pwassist_create_id();
session_destroy();
$pwassist_session["pwassist_id"],
3600,
$userObj->getId()
);
}
$protocol = isset($_SERVER['HTTPS'])?"https://":"http://";
// Compose the mail
$server_url=$protocol.$_SERVER['HTTP_HOST'].
substr($_SERVER['PHP_SELF'],0,strrpos($_SERVER['PHP_SELF'],'/')).
'/';
// XXX - Werner Randelshofer - Insert code here to dynamically get the
// the delimiter. For URL's that are sent by e-mail to a user,
// it is best to use semicolons as parameter delimiter
$delimiter = "&";
$pwassist_url=$protocol .$_SERVER['HTTP_HOST']
.str_replace("ilias.php", "pwassist.php", $_SERVER['PHP_SELF'])
."?client_id=".$ilias->getClientId()
.$delimiter."lang=".$lng->getLangKey()
.$delimiter."key=".$pwassist_session["pwassist_id"];
$alternative_pwassist_url=$protocol.$_SERVER['HTTP_HOST']
.str_replace("ilias.php", "pwassist.php", $_SERVER['PHP_SELF'])
."?client_id=".$ilias->getClientId()
.$delimiter."lang=".$lng->getLangKey()
.$delimiter."key=".$pwassist_session["pwassist_id"];
$contact_address=$ilias->getSetting("admin_email");
//echo "<br>-".htmlentities($pwassist_url)."-";
$mm = new ilMimeMail();
$mm->Subject($lng->txt("pwassist_mail_subject"));
$mm->From($contact_address);
$mm->To($userObj->getEmail());
$mm->Body
(
str_replace
(
array("\\n","\\t"),
array("\n","\t"),
sprintf
(
$lng->txt("pwassist_mail_body"),
$pwassist_url,
$server_url,
$_SERVER['REMOTE_ADDR'],
$userObj->getLogin(),
// BEGIN Mail Provide alternative assist URL
'mailto:'.$contact_address,
$alternative_pwassist_url
// END Mail Provide alternative assist URL
)
)
);
$mm->Send();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPasswordAssistanceGUI::sendUsernameAssistanceMail (   $email,
  $logins 
)

Creates (or reuses) a password assistance session, and sends a password assistance mail to the specified user.

Note: To prevent DOS attacks, a new session is created only, if no session exists, or if the existing session has been expired.

The password assistance mail contains an URL, which points to this script and contains the following URL parameters: client_id key

Parameters
usrObjAn instance of class.ilObjUserObject.php.

Definition at line 509 of file class.ilPasswordAssistanceGUI.php.

References $lng.

Referenced by submitUsernameAssistanceForm().

{
global $lng, $ilias;
include_once "Services/Mail/classes/class.ilMailbox.php";
include_once "Services/Mail/classes/class.ilMimeMail.php";
require_once "include/inc.pwassist_session_handler.php";
$protocol = isset($_SERVER['HTTPS'])?"https://":"http://";
// Compose the mail
$server_url=$protocol.$_SERVER['HTTP_HOST'].
substr($_SERVER['PHP_SELF'],0,strrpos($_SERVER['PHP_SELF'],'/')).
'/';
$login_url=$server_url."pwassist.php"
."?client_id=".$ilias->getClientId()
."&lang=".$lng->getLangKey();
//echo "-".htmlentities($login_url)."-";
$contact_address=$ilias->getSetting("admin_email");
$mm = new ilMimeMail();
$mm->Subject($lng->txt("pwassist_mail_subject"));
$mm->From($contact_address);
$mm->To($email);
$mm->Body
(
str_replace
(
array("\\n","\\t"),
array("\n","\t"),
sprintf
(
$lng->txt("pwassist_username_mail_body"),
join ($logins,",\n"),
$server_url,
$_SERVER['REMOTE_ADDR'],
$email,
'mailto:'.$contact_address,
$login_url
)
)
);
$mm->Send();
}

+ Here is the caller graph for this function:

ilPasswordAssistanceGUI::showAssignPasswordForm (   $message = "",
  $username = "",
  $password1 = "",
  $password2 = "",
  $pwassist_id = "" 
)

Definition at line 575 of file class.ilPasswordAssistanceGUI.php.

References $_GET, $lng, $tpl, db_pwassist_session_read(), ilUtil\getImagePath(), and showAssistanceForm().

Referenced by executeCommand(), and submitAssignPasswordForm().

{
global $tpl, $ilias, $lng, $rbacadmin, $rbacreview;
require_once "include/inc.pwassist_session_handler.php";
require_once "./Services/Language/classes/class.ilLanguage.php";
// Retrieve form data
if ($pwassist_id == "")
{
$pwassist_id = $_GET["key"];
}
// Retrieve the session, and check if it is valid
$pwassist_session = db_pwassist_session_read($pwassist_id);
if (count($pwassist_session) == 0 || $pwassist_session["expires"] < time())
{
$this->showAssistanceForm($lng->txt("pwassist_session_expired"));
}
else
{
$tpl->addBlockFile("CONTENT", "content", "tpl.pwassist_assignpassword.html");
if ($message != "")
{
$tpl->setCurrentBlock("pw_message");
$tpl->setVariable("TXT_MESSAGE", str_replace("\\n","<br>",$message));
$tpl->parseCurrentBlock();
}
$tpl->setVariable("FORMACTION",
$this->ctrl->getFormAction($this));
$tpl->setVariable("TARGET","target=\"_parent\"");
$tpl->setVariable("IMG_AUTH",
ilUtil::getImagePath("icon_auth_b.gif"));
$tpl->setVariable("TXT_PAGEHEADLINE", $lng->txt("password_assistance"));
$tpl->setVariable("TXT_ENTER_USERNAME_AND_NEW_PASSWORD", $lng->txt("pwassist_enter_username_and_new_password"));
$tpl->setVariable("TXT_USERNAME", $lng->txt("username"));
$tpl->setVariable("TXT_PASSWORD1", $lng->txt("password"));
$tpl->setVariable("TXT_PASSWORD2", $lng->txt("retype_password"));
$tpl->setVariable("USERNAME", $username);
$tpl->setVariable("PASSWORD1", $password1);
$tpl->setVariable("PASSWORD2", $password2);
$tpl->setVariable("TXT_SUBMIT", $lng->txt("submit"));
$tpl->setVariable("KEY", $pwassist_id);
$tpl->setVariable("BACK", $lng->txt("back"));
$tpl->setVariable("CMD_BACK",
$this->ctrl->getLinkTargetByClass("ilstartupgui", "showLogin"));
$tpl->setVariable("LANG", $lng->getLangKey());
$tpl->show();
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPasswordAssistanceGUI::showAssistanceForm (   $message = "",
  $username = "",
  $email = "" 
)

Definition at line 118 of file class.ilPasswordAssistanceGUI.php.

References $lng, $tpl, and ilUtil\getImagePath().

Referenced by executeCommand(), showAssignPasswordForm(), submitAssignPasswordForm(), and submitAssistanceForm().

{
global $tpl, $ilias, $lng;
// Create the form
$tpl->addBlockFile("CONTENT", "content", "tpl.pwassist_assistance.html");
if ($message != "")
{
$tpl->setCurrentBlock("pw_message");
$tpl->setVariable("TXT_MESSAGE", str_replace("\\n","<br>",$message));
$tpl->parseCurrentBlock();
}
$tpl->setVariable("FORMACTION",
$this->ctrl->getFormAction($this));
$tpl->setVariable("TARGET","target=\"_parent\"");
$tpl->setVariable("IMG_AUTH",
ilUtil::getImagePath("icon_auth_b.gif"));
$tpl->setVariable("TXT_PAGEHEADLINE", $lng->txt("password_assistance"));
$contact_address = $ilias->getSetting("admin_email");
$tpl->setVariable
(
"TXT_ENTER_USERNAME_AND_EMAIL",
str_replace
(
"\\n","<br>",
sprintf
(
$lng->txt("pwassist_enter_username_and_email"),
"<a href=\"mailto:".$contact_address."\">".$contact_address."</a>"
)
)
);
$tpl->setVariable("TXT_USERNAME", $lng->txt("username"));
$tpl->setVariable("TXT_EMAIL", $lng->txt("email"));
$tpl->setVariable("USERNAME", htmlentities($username));
$tpl->setVariable("EMAIL", htmlentities($email));
$tpl->setVariable("TXT_SUBMIT", $lng->txt("submit"));
$tpl->setVariable("BACK", $lng->txt("back"));
$tpl->setVariable("LINK_BACK",
$this->ctrl->getLinkTargetByClass("ilstartupgui", "showLogin"));
$tpl->setVariable("LANG", $lng->getLangKey());
$tpl->show();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPasswordAssistanceGUI::showMessageForm (   $message = "",
  $text = "" 
)

Definition at line 762 of file class.ilPasswordAssistanceGUI.php.

References $lng, $tpl, and ilUtil\getImagePath().

Referenced by submitAssignPasswordForm(), submitAssistanceForm(), and submitUsernameAssistanceForm().

{
global $tpl, $ilias, $lng;
if ($message != "")
{
$tpl->setCurrentBlock("pw_message");
$tpl->setVariable("TXT_MESSAGE", str_replace("\\n","<br>",$message));
$tpl->parseCurrentBlock();
}
$tpl->addBlockFile("CONTENT", "content", "tpl.pwassist_message.html");
$tpl->setVariable("TXT_PAGEHEADLINE", $lng->txt("password_assistance"));
$tpl->setVariable("IMG_AUTH",
ilUtil::getImagePath("icon_auth_b.gif"));
$tpl->setVariable("TXT_TEXT",str_replace("\\n","<br>",$text));
$tpl->setVariable("BACK", $lng->txt("back"));
$tpl->setVariable("LINK_BACK",
$this->ctrl->getLinkTargetByClass("ilstartupgui", "showLogin"));
$tpl->setVariable("LANG", $lng->getLangKey());
$tpl->show();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPasswordAssistanceGUI::showUsernameAssistanceForm (   $message = "",
  $username = "",
  $email = "" 
)

Definition at line 181 of file class.ilPasswordAssistanceGUI.php.

References $lng, $tpl, and ilUtil\getImagePath().

Referenced by submitUsernameAssistanceForm().

{
global $tpl, $ilias, $lng;
// Create the form
$tpl->addBlockFile("CONTENT", "content", "tpl.pwassist_username_assistance.html");
if ($message != "")
{
$tpl->setCurrentBlock("pw_message");
$tpl->setVariable("TXT_MESSAGE", str_replace("\\n","<br>",$message));
$tpl->parseCurrentBlock();
}
$tpl->setVariable("FORMACTION",
$this->ctrl->getFormAction($this));
$tpl->setVariable("IMG_AUTH",
ilUtil::getImagePath("icon_auth_b.gif"));
$tpl->setVariable("TARGET","target=\"_parent\"");
$tpl->setVariable("TXT_PAGEHEADLINE", $lng->txt("password_assistance"));
$contact_address = $ilias->getSetting("admin_email");
$tpl->setVariable
(
"TXT_ENTER_USERNAME_AND_EMAIL",
str_replace
(
"\\n","<br>",
sprintf
(
$lng->txt("pwassist_enter_email"),
"<a href=\"mailto:".$contact_address."\">".$contact_address."</a>"
)
)
);
$tpl->setVariable("TXT_USERNAME", $lng->txt("username"));
$tpl->setVariable("TXT_EMAIL", $lng->txt("email"));
$tpl->setVariable("USERNAME", $username);
$tpl->setVariable("EMAIL", htmlentities($email));
$tpl->setVariable("TXT_SUBMIT", $lng->txt("submit"));
$tpl->setVariable("BACK", $lng->txt("back"));
$tpl->setVariable("LINK_BACK",
$this->ctrl->getLinkTargetByClass("ilstartupgui", "showLogin"));
$tpl->setVariable("LANG", $lng->getLangKey());
$tpl->show();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPasswordAssistanceGUI::submitAssignPasswordForm ( )

Reads the submitted data from the password assistance form.

The following form fields are read as HTTP POST parameters: key username password1 password2

The key is used to retrieve the password assistance session. If the key is missing, or if the password assistance session has expired, the password assistance form will be shown instead of this form.

If the password assistance session is valid, and if the username matches the username, for which the password assistance has been requested, and if the new password is valid, ILIAS assigns the password to the user.

Note: To prevent replay attacks, the session is deleted when the password has been assigned successfully.

Definition at line 647 of file class.ilPasswordAssistanceGUI.php.

References $_POST, $lng, $tpl, db_pwassist_session_destroy(), db_pwassist_session_read(), ilUtil\isPassword(), showAssignPasswordForm(), showAssistanceForm(), showMessageForm(), and ilUtil\stripSlashes().

{
global $tpl, $ilias, $lng, $rbacadmin, $rbacreview;
require_once "include/inc.pwassist_session_handler.php";
// Retrieve form data
$pwassist_id = ilUtil::stripSlashes($_POST["key"]);
$username = ilUtil::stripSlashes($_POST["username"]);
$password1 = ilUtil::stripSlashes($_POST["password1"]);
$password2 = ilUtil::stripSlashes($_POST["password2"]);
// Retrieve the session
$pwassist_session = db_pwassist_session_read($pwassist_id);
if (count($pwassist_session) == 0 || $pwassist_session["expires"] < time())
{
$this->showAssistanceForm($lng->txt("pwassist_session_expired"));
}
else
{
$is_successful = true;
$message = "";
$userObj = new ilObjUser($pwassist_session["user_id"]);
// Validate the entries of the user
// ----------------------------------
// check if the user still exists
if ($userObj == null)
{
$message = $lng->txt("user_does_not_exist");
$is_successful = false;
}
// check if the username entered by the user matches the
// one of the user object.
if ($is_successful && strcasecmp($userObj->getLogin(), $username) != 0)
{
$message = $lng->txt("pwassist_login_not_match");
$is_successful = false;
}
// check if the user entered the password correctly into the
// two entry fields.
if ($is_successful && $password1 != $password2)
{
$message = $lng->txt("passwd_not_match");
$is_successful = false;
}
// validate the password
if ($is_successful && !ilUtil::isPassword($password1))
{
$message = $lng->txt("passwd_invalid");
$is_successful = false;
}
// End of validation
// If the validation was successful, we change the password of the
// user.
// ------------------
if ($is_successful)
{
$is_successful = $userObj->resetPassword($password1,$password2);
if (! $is_successful)
{
$message = $lng->txt("passwd_invalid");
}
}
// If we are successful so far, we update the user object.
// ------------------
if ($is_successful)
{
$is_successfull = $userObj->update();
if (! $is_successful)
{
$message = $lng->txt("update_error");
}
}
// If we are successful, we destroy the password assistance
// session and redirect to the login page.
// Else we display the form again along with an error message.
// ------------------
if ($is_successful)
{
(
null,
sprintf
(
$lng->txt("pwassist_password_assigned"),
$username
)
);
}
else
{
(
$message,
$username,
$password1,
$password2,
$pwassist_id
);
}
}
}

+ Here is the call graph for this function:

ilPasswordAssistanceGUI::submitAssistanceForm ( )

Reads the submitted data from the password assistance form.

The following form fields are read as HTTP POST parameters: username email

If the submitted username and email address matches an entry in the user data table, then ILIAS creates a password assistance session for the user, and sends a password assistance mail to the email address. For details about the creation of the session and the e-mail see function sendPasswordAssistanceMail().

Definition at line 241 of file class.ilPasswordAssistanceGUI.php.

References $_POST, $lng, $tpl, AUTH_LOCAL, ilObjUser\getUserIdByLogin(), sendPasswordAssistanceMail(), showAssistanceForm(), showMessageForm(), and ilUtil\stripSlashes().

{
global $tpl, $ilias, $lng, $rbacadmin, $rbacreview;
require_once './Services/User/classes/class.ilObjUser.php';
require_once "./Services/Utilities/classes/class.ilUtil.php";
// Retrieve form data
$username = ilUtil::stripSlashes($_POST["username"]);
$email = ilUtil::stripSlashes($_POST["email"]);
// Retrieve a user object with matching user name and email address.
$userObj = null;
$userid = ilObjUser::getUserIdByLogin($username);
$txt_key = "pwassist_invalid_username_or_email";
if ($userid != 0)
{
$userObj = new ilObjUser($userid);
if (strcasecmp($userObj->getEmail(), $email) != 0)
{
$userObj = null;
}
elseif(!strlen($email))
{
$userObj = null;
$txt_key = 'pwassist_no_email_found';
}
else if ($userObj->getAuthMode(true) != AUTH_LOCAL ||
($userObj->getAuthMode(true) == AUTH_DEFAULT && AUTH_DEFAULT != AUTH_LOCAL))
{
$userObj = null;
$txt_key = "pwassist_invalid_auth_mode";
}
}
// No matching user object found?
// Show the password assistance form again, and display an error message.
if ($userObj == null)
{
(
$lng->txt($txt_key),
$username,
$email
);
}
// Matching user object found?
// Check if the user is permitted to use the password assistance function,
// and then send a password assistance mail to the email address.
else
{
// FIXME: Extend this if-statement to check whether the user
// has the permission to use the password assistance function.
// The anonymous user and users who are system administrators are
// not allowed to use this feature
if ($rbacreview->isAssigned($userObj->getID, ANONYMOUS_ROLE_ID)
|| $rbacreview->isAssigned($userObj->getID, SYSTEM_ROLE_ID)
)
{
(
$lng->txt("pwassist_not_permitted"),
$username,
$email
);
}
else
{
$this->sendPasswordAssistanceMail($userObj);
(
null,
sprintf
(
$lng->txt("pwassist_mail_sent"),
$email
)
);
}
}
}

+ Here is the call graph for this function:

ilPasswordAssistanceGUI::submitUsernameAssistanceForm ( )

Reads the submitted data from the password assistance form.

The following form fields are read as HTTP POST parameters: username email

If the submitted username and email address matches an entry in the user data table, then ILIAS creates a password assistance session for the user, and sends a password assistance mail to the email address. For details about the creation of the session and the e-mail see function sendPasswordAssistanceMail().

Definition at line 336 of file class.ilPasswordAssistanceGUI.php.

References $_POST, $lng, $tpl, ilObjUser\_getUserIdsByEmail(), sendUsernameAssistanceMail(), showMessageForm(), showUsernameAssistanceForm(), and ilUtil\stripSlashes().

{
global $tpl, $ilias, $lng, $rbacadmin, $rbacreview;
require_once './Services/User/classes/class.ilObjUser.php';
require_once "./Services/Utilities/classes/class.ilUtil.php";
// Retrieve form data
$email = ilUtil::stripSlashes($_POST["email"]);
// Retrieve a user object with matching user name and email address.
$logins = ilObjUser::_getUserIdsByEmail($email);
// No matching user object found?
// Show the password assistance form again, and display an error message.
if (count($logins)< 1)
{
(
$lng->txt("pwassist_invalid_email"),
"",
$email
);
}
elseif(!strlen($email))
{
(
$lng->txt("pwassist_invalid_email"),
"",
$email
);
}
// Matching user object found?
// Check if the user is permitted to use the password assistance function,
// and then send a password assistance mail to the email address.
else
{
// FIXME: Extend this if-statement to check whether the user
// has the permission to use the password assistance function.
// The anonymous user and users who are system administrators are
// not allowed to use this feature
/* if ($rbacreview->isAssigned($userObj->getID, ANONYMOUS_ROLE_ID)
|| $rbacreview->isAssigned($userObj->getID, SYSTEM_ROLE_ID)
)
{
$this->showAssistanceForm
(
$lng->txt("pwassist_not_permitted"),
$username,
$email
);
}
else */
{
$this->sendUsernameAssistanceMail($email, $logins);
(
null,
sprintf
(
$lng->txt("pwassist_mail_sent"),
$email
)
);
}
}
}

+ Here is the call graph for this function:


The documentation for this class was generated from the following file: