ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilPasswordAssistanceGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
3
13{
14 const PERMANENT_LINK_TARGET_PW = 'pwassist';
15 const PERMANENT_LINK_TARGET_NAME = 'nameassist';
16
20 protected $ctrl;
21
25 protected $lng;
26
30 protected $rbacreview;
31
35 protected $tpl;
36
40 protected $settings;
41
45 protected $ilias;
46
50 protected $https;
51
55 public function __construct()
56 {
67
68 $this->ctrl = $ilCtrl;
69 $this->lng = $lng;
70 $this->rbacreview = $rbacreview;
71 $this->tpl = $tpl;
72 $this->settings = $ilSetting;
73 $this->ilias = $ilias;
74 $this->https = $https;
75 }
76
80 public function executeCommand()
81 {
82 // check hack attempts
83 if (!$this->settings->get('password_assistance')) { // || AUTH_DEFAULT != AUTH_LOCAL)
84 //
85 #if(empty($_SESSION['AccountId']) && $_SESSION['AccountId'] !== false)
86 {
87 #$this->ilias->error_obj->raiseError($this->lng->txt('permission_denied'), $this->ilias->error_obj->WARNING);
88 }
89 }
90
91 // check correct setup
92 if (!$this->settings->get('setup_ok')) {
93 die('Setup is not completed. Please run setup routine again.');
94 }
95
96 // Change the language, if necessary.
97 // And load the 'pwassist' language module
98 $lang = $_GET['lang'];
99 if ($lang != null && $lang != '' && $this->lng->getLangKey() != $lang) {
100 $lng = new ilLanguage($lang);
101 }
102 $this->lng->loadLanguageModule('pwassist');
103
104 $cmd = $this->ctrl->getCmd();
105 $next_class = $this->ctrl->getNextClass($this);
106
107 switch ($next_class) {
108 default:
109 if ($cmd != '') {
110 return $this->$cmd();
111 } else {
112 if (!empty($_GET['key'])) {
113 $this->showAssignPasswordForm();
114 } else {
115 $this->showAssistanceForm();
116 }
117 }
118 break;
119 }
120 }
121
125 protected function getAssistanceForm()
126 {
127 require_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
128 $form = new ilPropertyFormGUI();
129
130 $form->setFormAction($this->ctrl->getFormAction($this, 'submitAssistanceForm'));
131 $form->setTarget('_parent');
132
133 $username = new ilTextInputGUI($this->lng->txt('username'), 'username');
134 $username->setRequired(true);
135 $form->addItem($username);
136
137 $email = new ilTextInputGUI($this->lng->txt('email'), 'email');
138 $email->setRequired(true);
139 $form->addItem($email);
140
141 $form->addCommandButton('submitAssistanceForm', $this->lng->txt('submit'));
142
143 return $form;
144 }
145
150 {
151 ilStartUpGUI::initStartUpTemplate('tpl.pwassist_assistance.html', true);
152 $this->tpl->setVariable('IMG_PAGEHEADLINE', ilUtil::getImagePath('icon_auth.svg'));
153 $this->tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('password_assistance'));
154
155 $this->tpl->setVariable(
156 'TXT_ENTER_USERNAME_AND_EMAIL',
157 str_replace(
158 "\\n",
159 '<br />',
160 sprintf(
161 $this->lng->txt('pwassist_enter_username_and_email'),
162 '<a href="mailto:' . ilUtil::prepareFormOutput($this->settings->get('admin_email')) . '">' . ilUtil::prepareFormOutput($this->settings->get('admin_email')) . '</a>'
163 )
164 )
165 );
166
167 if (!$form) {
168 $form = $this->getAssistanceForm();
169 }
170 $this->tpl->setVariable('FORM', $form->getHTML());
171 $this->fillPermanentLink(self::PERMANENT_LINK_TARGET_PW);
172 $this->tpl->show();
173 }
174
186 public function submitAssistanceForm()
187 {
188 $form = $this->getAssistanceForm();
189 if (!$form->checkInput()) {
190 $form->setValuesByPost();
192 return;
193 }
194
195 $username = $form->getInput('username');
196 $email = $form->getInput('email');
197
198 $userObj = null;
200 $txt_key = 'pwassist_invalid_username_or_email';
201 if ($userid != 0) {
202 $userObj = new ilObjUser($userid);
203 if (strcasecmp($userObj->getEmail(), $email) != 0) {
204 $userObj = null;
205 } elseif (!strlen($email)) {
206 $userObj = null;
207 $txt_key = 'pwassist_no_email_found';
208 } elseif (
209 (
210 $userObj->getAuthMode(true) != AUTH_LOCAL ||
211 ($userObj->getAuthMode(true) == AUTH_DEFAULT && AUTH_DEFAULT != AUTH_LOCAL)
212 ) && !(
213 $userObj->getAuthMode(true) == AUTH_SAML
214 )
215 ) {
216 $userObj = null;
217 $txt_key = 'pwassist_invalid_auth_mode';
218 }
219 }
220
221 // No matching user object found?
222 // Show the password assistance form again, and display an error message.
223 if ($userObj == null) {
224 ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt($txt_key)));
225 $form->setValuesByPost();
227 } else {
228 // Matching user object found?
229 // Check if the user is permitted to use the password assistance function,
230 // and then send a password assistance mail to the email address.
231 // FIXME: Extend this if-statement to check whether the user
232 // has the permission to use the password assistance function.
233 // The anonymous user and users who are system administrators are
234 // not allowed to use this feature
235 if (
236 $this->rbacreview->isAssigned($userObj->getId(), ANONYMOUS_ROLE_ID) ||
237 $this->rbacreview->isAssigned($userObj->getId(), SYSTEM_ROLE_ID)
238 ) {
239 ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_not_permitted')));
240 $form->setValuesByPost();
242 } else {
243 $this->sendPasswordAssistanceMail($userObj);
244 $this->showMessageForm(sprintf($this->lng->txt('pwassist_mail_sent'), $email));
245 }
246 }
247 }
248
260 public function sendPasswordAssistanceMail(ilObjUser $userObj)
261 {
262 global $DIC;
263
264 require_once 'Services/Mail/classes/class.ilMailbox.php';
265 require_once 'Services/Mail/classes/class.ilMail.php';
266 require_once 'Services/Mail/classes/class.ilMimeMail.php';
267 require_once 'include/inc.pwassist_session_handler.php';
268
269 // Check if we need to create a new session
270 $pwassist_session = db_pwassist_session_find($userObj->getId());
271 if (
272 !is_array($pwassist_session) ||
273 count($pwassist_session) == 0 ||
274 $pwassist_session['expires'] < time() ||
275 true // comment by mjansen: wtf? :-)
276 ) {
277 // Create a new session id
278 // #9700 - this didn't do anything before?!
279 // db_set_save_handler();
280 session_start();
281 $pwassist_session['pwassist_id'] = db_pwassist_create_id();
282 session_destroy();
284 $pwassist_session['pwassist_id'],
285 3600,
286 $userObj->getId()
287 );
288 }
289 $protocol = $this->https->isDetected() ? 'https://' : 'http://';
290 // Compose the mail
291 $server_url = $protocol . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')) . '/';
292 // XXX - Werner Randelshofer - Insert code here to dynamically get the
293 // the delimiter. For URL's that are sent by e-mail to a user,
294 // it is best to use semicolons as parameter delimiter
295 $delimiter = '&';
296 $pwassist_url = $protocol . $_SERVER['HTTP_HOST']
297 . str_replace('ilias.php', 'pwassist.php', $_SERVER['PHP_SELF'])
298 . '?client_id=' . $this->ilias->getClientId()
299 . $delimiter . 'lang=' . $this->lng->getLangKey()
300 . $delimiter . 'key=' . $pwassist_session['pwassist_id'];
301 $alternative_pwassist_url = $protocol . $_SERVER['HTTP_HOST']
302 . str_replace('ilias.php', 'pwassist.php', $_SERVER['PHP_SELF'])
303 . '?client_id=' . $this->ilias->getClientId()
304 . $delimiter . 'lang=' . $this->lng->getLangKey()
305 . $delimiter . 'key=' . $pwassist_session['pwassist_id'];
306
308 $senderFactory = $DIC["mail.mime.sender.factory"];
309 $sender = $senderFactory->system();
310
311 $mm = new ilMimeMail();
312 $mm->Subject($this->lng->txt('pwassist_mail_subject'));
313 $mm->From($sender);
314 $mm->To($userObj->getEmail());
315 $mm->Body(
316 str_replace(
317 array("\\n", "\\t"),
318 array("\n", "\t"),
319 sprintf(
320 $this->lng->txt('pwassist_mail_body'),
321 $pwassist_url,
322 $server_url,
323 $_SERVER['REMOTE_ADDR'],
324 $userObj->getLogin(),
325 'mailto:' . $DIC->settings()->get("admin_email"),
326 $alternative_pwassist_url
327 )
328 )
329 );
330 $mm->Send();
331 }
332
337 protected function getAssignPasswordForm($pwassist_id)
338 {
339 require_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
340 $form = new ilPropertyFormGUI();
341
342 $form->setFormAction($this->ctrl->getFormAction($this, 'submitAssignPasswordForm'));
343 $form->setTarget('_parent');
344
345 $username = new ilTextInputGUI($this->lng->txt('username'), 'username');
346 $username->setRequired(true);
347 $form->addItem($username);
348
349 $password = new ilPasswordInputGUI($this->lng->txt('password'), 'password');
350 $password->setRequired(true);
351 $form->addItem($password);
352
353 $key = new ilHiddenInputGUI('key');
354 $key->setValue($pwassist_id);
355 $form->addItem($key);
356
357 $form->addCommandButton('submitAssignPasswordForm', $this->lng->txt('submit'));
358
359 return $form;
360 }
361
374 public function showAssignPasswordForm(ilPropertyFormGUI $form = null, $pwassist_id = '')
375 {
376 require_once 'include/inc.pwassist_session_handler.php';
377 require_once 'Services/Language/classes/class.ilLanguage.php';
378
379 // Retrieve form data
380 if (!$pwassist_id) {
381 $pwassist_id = $_GET['key'];
382 }
383
384 // Retrieve the session, and check if it is valid
385 $pwassist_session = db_pwassist_session_read($pwassist_id);
386 if (
387 !is_array($pwassist_session) ||
388 count($pwassist_session) == 0 ||
389 $pwassist_session['expires'] < time()
390 ) {
391 ilUtil::sendFailure($this->lng->txt('pwassist_session_expired'));
392 $this->showAssistanceForm(null);
393 } else {
394 ilStartUpGUI::initStartUpTemplate('tpl.pwassist_assignpassword.html', true);
395 $this->tpl->setVariable('IMG_PAGEHEADLINE', ilUtil::getImagePath('icon_auth.svg'));
396 $this->tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('password_assistance'));
397
398 $this->tpl->setVariable('TXT_ENTER_USERNAME_AND_NEW_PASSWORD', $this->lng->txt('pwassist_enter_username_and_new_password'));
399
400 if (!$form) {
401 $form = $this->getAssignPasswordForm($pwassist_id);
402 }
403 $this->tpl->setVariable('FORM', $form->getHTML());
404 $this->fillPermanentLink(self::PERMANENT_LINK_TARGET_PW);
405 $this->tpl->show();
406 }
407 }
408
425 public function submitAssignPasswordForm()
426 {
427 require_once 'include/inc.pwassist_session_handler.php';
428
429 // We need to fetch this before form instantiation
430 $pwassist_id = ilUtil::stripSlashes($_POST['key']);
431
432 $form = $this->getAssignPasswordForm($pwassist_id);
433 if (!$form->checkInput()) {
434 $form->setValuesByPost();
436 return;
437 }
438
439 $username = $form->getInput('username');
440 $password = $form->getInput('password');
441 $pwassist_id = $form->getInput('key');
442
443 // Retrieve the session
444 $pwassist_session = db_pwassist_session_read($pwassist_id);
445
446 if (
447 !is_array($pwassist_session) ||
448 count($pwassist_session) == 0 ||
449 $pwassist_session['expires'] < time()
450 ) {
451 ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_session_expired')));
452 $form->setValuesByPost();
454 return;
455 } else {
456 $is_successful = true;
457 $message = '';
458
459 $userObj = new ilObjUser($pwassist_session['user_id']);
460 if ($userObj == null) {
461 $message = $this->lng->txt('user_does_not_exist');
462 $is_successful = false;
463 }
464
465 // check if the username entered by the user matches the
466 // one of the user object.
467 if ($is_successful && strcasecmp($userObj->getLogin(), $username) != 0) {
468 $message = $this->lng->txt('pwassist_login_not_match');
469 $is_successful = false;
470 }
471
472 $error_lng_var = '';
473 if (!ilUtil::isPasswordValidForUserContext($password, $userObj, $error_lng_var)) {
474 $message = $this->lng->txt($error_lng_var);
475 $is_successful = false;
476 }
477
478 // End of validation
479 // If the validation was successful, we change the password of the
480 // user.
481 // ------------------
482 if ($is_successful) {
483 $is_successful = $userObj->resetPassword($password, $password);
484 if (!$is_successful) {
485 $message = $this->lng->txt('passwd_invalid');
486 }
487 }
488
489 // If we are successful so far, we update the user object.
490 // ------------------
491 if ($is_successful) {
492 $userObj->update();
493 }
494
495 // If we are successful, we destroy the password assistance
496 // session and redirect to the login page.
497 // Else we display the form again along with an error message.
498 // ------------------
499 if ($is_successful) {
500 db_pwassist_session_destroy($pwassist_id);
501 $this->showMessageForm(sprintf($this->lng->txt('pwassist_password_assigned'), $username));
502 } else {
503 ilUtil::sendFailure(str_replace("\\n", '', $message));
504 $form->setValuesByPost();
505 $this->showAssignPasswordForm($form, $pwassist_id);
506 }
507 }
508 }
509
513 protected function getUsernameAssistanceForm()
514 {
515 require_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
516 $form = new ilPropertyFormGUI();
517
518 $form->setFormAction($this->ctrl->getFormAction($this, 'submitUsernameAssistanceForm'));
519 $form->setTarget('_parent');
520
521 $email = new ilTextInputGUI($this->lng->txt('email'), 'email');
522 $email->setRequired(true);
523 $form->addItem($email);
524
525 $form->addCommandButton('submitUsernameAssistanceForm', $this->lng->txt('submit'));
526
527 return $form;
528 }
529
541 {
542 ilStartUpGUI::initStartUpTemplate('tpl.pwassist_username_assistance.html', true);
543 $this->tpl->setVariable('IMG_PAGEHEADLINE', ilUtil::getImagePath('icon_auth.svg'));
544 $this->tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('password_assistance'));
545
546 $this->tpl->setVariable(
547 'TXT_ENTER_USERNAME_AND_EMAIL',
548 str_replace(
549 "\\n",
550 '<br />',
551 sprintf(
552 $this->lng->txt('pwassist_enter_email'),
553 '<a href="mailto:' . ilUtil::prepareFormOutput($this->settings->get('admin_email')) . '">' . ilUtil::prepareFormOutput($this->settings->get('admin_email')) . '</a>'
554 )
555 )
556 );
557
558 if (!$form) {
560 }
561 $this->tpl->setVariable('FORM', $form->getHTML());
562 $this->fillPermanentLink(self::PERMANENT_LINK_TARGET_NAME);
563 $this->tpl->show();
564 }
565
578 {
579 require_once 'Services/User/classes/class.ilObjUser.php';
580 require_once 'Services/Utilities/classes/class.ilUtil.php';
581
583 if (!$form->checkInput()) {
584 $form->setValuesByPost();
586 return;
587 }
588
589 // Retrieve form data
590 $email = $form->getInput('email');
591
592 // Retrieve a user object with matching user name and email address.
594
595 // No matching user object found?
596 // Show the password assistance form again, and display an error message.
597 if (!is_array($logins) || count($logins) < 1) {
598 ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_invalid_email')));
599 $form->setValuesByPost();
601 } else {
602 // Matching user object found?
603 // Check if the user is permitted to use the password assistance function,
604 // and then send a password assistance mail to the email address.
605
606 // FIXME: Extend this if-statement to check whether the user
607 // has the permission to use the password assistance function.
608 // The anonymous user and users who are system administrators are
609 // not allowed to use this feature
610 /* if ($rbacreview->isAssigned($userObj->getID, ANONYMOUS_ROLE_ID)
611 || $rbacreview->isAssigned($userObj->getID, SYSTEM_ROLE_ID)
612 )
613 {
614 $this->showAssistanceForm
615 (
616 $lng->txt("pwassist_not_permitted"),
617 $username,
618 $email
619 );
620 }
621 else */
622 {
623 $this->sendUsernameAssistanceMail($email, $logins);
624 $this->showMessageForm(sprintf($this->lng->txt('pwassist_mail_sent'), $email));
625 }
626 }
627 }
628
641 public function sendUsernameAssistanceMail($email, array $logins)
642 {
643 global $DIC;
644
645 require_once 'Services/Mail/classes/class.ilMailbox.php';
646 require_once 'Services/Mail/classes/class.ilMail.php';
647 require_once 'Services/Mail/classes/class.ilMimeMail.php';
648 require_once 'include/inc.pwassist_session_handler.php';
649
650 $protocol = $this->https->isDetected() ? 'https://' : 'http://';
651
652 $server_url = $protocol . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')) . '/';
653 $login_url = $server_url . 'pwassist.php' . '?client_id=' . $this->ilias->getClientId() . '&lang=' . $this->lng->getLangKey();
654
656 $senderFactory = $DIC["mail.mime.sender.factory"];
657 $sender = $senderFactory->system();
658
659 $mm = new ilMimeMail();
660 $mm->Subject($this->lng->txt('pwassist_mail_subject'));
661 $mm->From($sender);
662 $mm->To($email);
663 $mm->Body(
664 str_replace(
665 array("\\n", "\\t"),
666 array("\n", "\t"),
667 sprintf(
668 $this->lng->txt('pwassist_username_mail_body'),
669 join($logins, ",\n"),
670 $server_url,
671 $_SERVER['REMOTE_ADDR'],
672 $email,
673 'mailto:' . $DIC->settings()->get("admin_email"),
674 $login_url
675 )
676 )
677 );
678 $mm->Send();
679 }
680
685 public function showMessageForm($text)
686 {
687 ilStartUpGUI::initStartUpTemplate('tpl.pwassist_message.html', true);
688 $this->tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('password_assistance'));
689 $this->tpl->setVariable('IMG_PAGEHEADLINE', ilUtil::getImagePath('icon_auth.svg'));
690
691 $this->tpl->setVariable('TXT_TEXT', str_replace("\\n", '<br />', $text));
692 $this->fillPermanentLink(self::PERMANENT_LINK_TARGET_NAME);
693 $this->tpl->show();
694 }
695
699 protected function fillPermanentLink($context)
700 {
701 $this->tpl->setPermanentLink('usr', null, $context);
702 }
703}
sprintf('%.4f', $callTime)
$_GET["client_id"]
$_POST["username"]
An exception for terminatinating execution or to throw for unit testing.
const AUTH_SAML
const AUTH_LOCAL
This class represents a hidden form property in a property form.
language handling
Class ilMimeMail.
static getUserIdByLogin($a_login)
getEmail()
get email address @access public
getLogin()
get login / username @access public
static _getUserIdsByEmail($a_email)
STATIC METHOD get all user_ids of an email address.
update()
update object in db
getId()
get object id @access public
Password assistance facility for users who have forgotten their password or for users for whom no pas...
showAssistanceForm(ilPropertyFormGUI $form=null)
submitUsernameAssistanceForm()
Reads the submitted data from the password assistance form.
showUsernameAssistanceForm(ilPropertyFormGUI $form=null)
Shows the password assistance form.
submitAssistanceForm()
Reads the submitted data from the password assistance form.
showAssignPasswordForm(ilPropertyFormGUI $form=null, $pwassist_id='')
Assign password form.
submitAssignPasswordForm()
Reads the submitted data from the password assistance form.
showMessageForm($text)
This form is used to show a message to the user.
This class represents a password property in a property form.
This class represents a property form user interface.
This class represents a text property in a property form.
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static isPasswordValidForUserContext($clear_text_password, $user, &$error_language_variable=null)
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static prepareFormOutput($a_str, $a_strip=false)
prepares string output for html forms @access public
if(empty($userids)) $userid
$lang
Definition: consent.php:3
$key
Definition: croninfo.php:18
foreach( $name as $i=> $nameSection)( $i==count( $name) - 1)( $nameSection) ?></span ><?php else from https
Definition: header.html.php:45
global $ilCtrl
Definition: ilias.php:18
db_pwassist_session_destroy($pwassist_id)
destroy session
db_pwassist_session_find($user_id)
db_pwassist_session_write($pwassist_id, $maxlifetime, $user_id)
Writes serialized session data to the database.
db_pwassist_session_read($pwassist_id)
if( $orgName !==null) if($spconfig->hasValue('contacts')) $email
Definition: metadata.php:193
catch(Exception $e) $message
redirection script todo: (a better solution should control the processing via a xml file)
global $ilSetting
Definition: privfeed.php:17
$password
Definition: pwgen.php:17
if(isset($_POST['submit'])) $form
global $DIC
Definition: saml.php:7
$delimiter
Definition: showstats.php:16
settings()
Definition: settings.php:2
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
$text
Definition: errorreport.php:18