ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilPasswordAssistanceGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
3
13{
14 const PERMANENT_LINK_TARGET_PW = 'pwassist';
15 const PERMANENT_LINK_TARGET_NAME = 'nameassist';
16
20 protected $ctrl;
21
25 protected $lng;
26
30 protected $rbacreview;
31
35 protected $tpl;
36
40 protected $settings;
41
45 protected $ilias;
46
50 private $ilErr;
51
55 private $help;
56
60 private $actor;
61
62 public function __construct()
63 {
64 global $DIC;
65
66 $this->ctrl = $DIC->ctrl();
67 $this->lng = $DIC->language();
68 $this->rbacreview = $DIC->rbac()->review();
69 $this->tpl = $DIC->ui()->mainTemplate();
70 $this->settings = $DIC->settings();
71 $this->ilias = $DIC['ilias'];
72 $this->ilErr = $DIC['ilErr'];
73 $this->help = $DIC->help();
74 $this->actor = $DIC->user();
75
76 $this->help->setScreenIdComponent('init');
77 }
78
82 public function executeCommand()
83 {
84 // check hack attempts
85 if (!$this->settings->get('setup_ok')) {
86 $this->ilErr->raiseError('Setup is not completed. Please run setup routine again.', $this->ilErr->FATAL);
87 }
88
89 if (!$this->settings->get('password_assistance')) {
90 $this->ilErr->raiseError($this->lng->txt('permission_denied'), $this->ilErr->MESSAGE);
91 }
92
93 if ($this->actor->getId() > 0 && !$this->actor->isAnonymous()) {
94 $this->ilErr->raiseError($this->lng->txt('permission_denied'), $this->ilErr->MESSAGE);
95 }
96
97 // Change the language, if necessary.
98 // And load the 'pwassist' language module
99 $lang = $_GET['lang'];
100 if ($lang != null && $lang != '' && $this->lng->getLangKey() != $lang) {
101 $lng = new ilLanguage($lang);
102 }
103 $this->lng->loadLanguageModule('pwassist');
104
105 $cmd = $this->ctrl->getCmd();
106 $next_class = $this->ctrl->getNextClass($this);
107
108 switch ($next_class) {
109 default:
110 if ($cmd != '' && method_exists($this, $cmd)) {
111 return $this->$cmd();
112 } else {
113 if (!empty($_GET['key'])) {
114 $this->showAssignPasswordForm();
115 } else {
116 $this->showAssistanceForm();
117 }
118 }
119 break;
120 }
121 }
122
127 protected function getBaseUrl() : string
128 {
129 return rtrim(ILIAS_HTTP_PATH, '/');
130 }
131
137 protected function buildUrl(string $script, array $queryParameters) : string
138 {
139 $url = implode('/', [
140 $this->getBaseUrl(),
141 ltrim($script, '/')
142 ]);
143
145 $url,
146 http_build_query($queryParameters, null, '&')
147 );
148
149 return $url;
150 }
151
155 protected function getAssistanceForm()
156 {
157 require_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
158 $form = new ilPropertyFormGUI();
159
160 $form->setFormAction($this->ctrl->getFormAction($this, 'submitAssistanceForm'));
161 $form->setTarget('_parent');
162
163 $username = new ilTextInputGUI($this->lng->txt('username'), 'username');
164 $username->setRequired(true);
165 $form->addItem($username);
166
167 $email = new ilEMailInputGUI($this->lng->txt('email'), 'email');
168 $email->setRequired(true);
169 $form->addItem($email);
170
171 $form->addCommandButton('submitAssistanceForm', $this->lng->txt('submit'));
172
173 return $form;
174 }
175
179 public function showAssistanceForm(ilPropertyFormGUI $form = null)
180 {
181 $this->help->setSubScreenId('password_assistance');
182
183 $tpl = ilStartUpGUI::initStartUpTemplate('tpl.pwassist_assistance.html', true);
184 $tpl->setVariable('IMG_PAGEHEADLINE', ilUtil::getImagePath('icon_auth.svg'));
185 $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('password_assistance'));
186
187 $tpl->setVariable(
188 'TXT_ENTER_USERNAME_AND_EMAIL',
189 str_replace(
190 "\\n",
191 '<br />',
192 sprintf(
193 $this->lng->txt('pwassist_enter_username_and_email'),
194 '<a href="mailto:' . ilUtil::prepareFormOutput($this->settings->get('admin_email')) . '">' . ilUtil::prepareFormOutput($this->settings->get('admin_email')) . '</a>'
195 )
196 )
197 );
198
199 if (!$form) {
200 $form = $this->getAssistanceForm();
201 }
202 $tpl->setVariable('FORM', $form->getHTML());
203 $this->fillPermanentLink(self::PERMANENT_LINK_TARGET_PW);
205 }
206
218 public function submitAssistanceForm()
219 {
220 $form = $this->getAssistanceForm();
221 if (!$form->checkInput()) {
222 $form->setValuesByPost();
223 $this->showAssistanceForm($form);
224 return;
225 }
226
227 $username = $form->getInput('username');
228 $email = trim($form->getInput('email'));
229
230 $usrId = \ilObjUser::getUserIdByLogin($username);
231 if (!is_numeric($usrId) || !($usrId > 0)) {
232 \ilLoggerFactory::getLogger('usr')->info(sprintf(
233 'Could not process password assistance form (reason: no user found) %s / %s',
234 $username,
235 $email
236 ));
237
238 $this->showMessageForm(
239 sprintf($this->lng->txt('pwassist_mail_sent'), $email),
240 self::PERMANENT_LINK_TARGET_PW
241 );
242 return;
243 }
244
245 $defaultAuth = AUTH_LOCAL;
246 if ($GLOBALS['DIC']['ilSetting']->get('auth_mode')) {
247 $defaultAuth = $GLOBALS['DIC']['ilSetting']->get('auth_mode');
248 }
249
250 $user = new \ilObjUser($usrId);
251 $emailAddresses = array_map('strtolower', [$user->getEmail(), $user->getSecondEmail()]);
252
253 if (!in_array(strtolower($email), $emailAddresses)) {
254 if (0 === strlen(implode('', $emailAddresses))) {
255 \ilLoggerFactory::getLogger('usr')->info(sprintf(
256 'Could not process password assistance form (reason: account without email addresses): %s / %s',
257 $username,
258 $email
259 ));
260 } else {
261 \ilLoggerFactory::getLogger('usr')->info(sprintf(
262 'Could not process password assistance form (reason: account email addresses differ from input): %s / %s',
263 $username,
264 $email
265 ));
266 }
267 } elseif (
268 (
269 $user->getAuthMode(true) != AUTH_LOCAL ||
270 ($user->getAuthMode(true) == $defaultAuth && $defaultAuth != AUTH_LOCAL)
271 ) && !(
272 $user->getAuthMode(true) == AUTH_SAML
273 )
274 ) {
275 \ilLoggerFactory::getLogger('usr')->info(sprintf(
276 'Could not process password assistance form (reason: not permitted for accounts using external authentication sources): %s / %s',
277 $username,
278 $email
279 ));
280 } elseif (
281 $this->rbacreview->isAssigned($user->getId(), ANONYMOUS_ROLE_ID) ||
282 $this->rbacreview->isAssigned($user->getId(), SYSTEM_ROLE_ID)
283 ) {
284 \ilLoggerFactory::getLogger('usr')->info(sprintf(
285 'Could not process password assistance form (reason: not permitted for system user or anonymous): %s / %s',
286 $username,
287 $email
288 ));
289 } else {
290 $this->sendPasswordAssistanceMail($user);
291 }
292
293 $this->showMessageForm(
294 sprintf($this->lng->txt('pwassist_mail_sent'), $email),
295 self::PERMANENT_LINK_TARGET_PW
296 );
297 }
298
310 public function sendPasswordAssistanceMail(ilObjUser $userObj)
311 {
312 global $DIC;
313
314 require_once 'include/inc.pwassist_session_handler.php';
315
316 // Check if we need to create a new session
317 $pwassist_session = db_pwassist_session_find($userObj->getId());
318 if (
319 !is_array($pwassist_session) ||
320 count($pwassist_session) == 0 ||
321 $pwassist_session['expires'] < time() ||
322 true // comment by mjansen: wtf? :-)
323 ) {
324 // Create a new session id
325 // #9700 - this didn't do anything before?!
326 // db_set_save_handler();
327 session_start();
328 $pwassist_session['pwassist_id'] = db_pwassist_create_id();
329 session_destroy();
331 $pwassist_session['pwassist_id'],
332 3600,
333 $userObj->getId()
334 );
335 }
336
337 $pwassist_url = $this->buildUrl(
338 'pwassist.php',
339 [
340 'client_id' => $this->ilias->getClientId(),
341 'lang' => $this->lng->getLangKey(),
342 'key' => $pwassist_session['pwassist_id']
343 ]
344 );
345
346 $alternative_pwassist_url = $this->buildUrl(
347 'pwassist.php',
348 [
349 'client_id' => $this->ilias->getClientId(),
350 'lang' => $this->lng->getLangKey(),
351 'key' => $pwassist_session['pwassist_id']
352 ]
353 );
354
356 $senderFactory = $DIC["mail.mime.sender.factory"];
357 $sender = $senderFactory->system();
358
359 $mm = new ilMimeMail();
360 $mm->Subject($this->lng->txt('pwassist_mail_subject'), true);
361 $mm->From($sender);
362 $mm->To($userObj->getEmail());
363 $mm->Body(
364 str_replace(
365 array("\\n", "\\t"),
366 array("\n", "\t"),
367 sprintf(
368 $this->lng->txt('pwassist_mail_body'),
369 $pwassist_url,
370 $this->getBaseUrl() . '/',
371 $_SERVER['REMOTE_ADDR'],
372 $userObj->getLogin(),
373 'mailto:' . $DIC->settings()->get("admin_email"),
374 $alternative_pwassist_url
375 )
376 )
377 );
378 $mm->Send();
379 }
380
385 protected function getAssignPasswordForm($pwassist_id)
386 {
387 require_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
388 $form = new ilPropertyFormGUI();
389
390 $form->setFormAction($this->ctrl->getFormAction($this, 'submitAssignPasswordForm'));
391 $form->setTarget('_parent');
392
393 $username = new ilTextInputGUI($this->lng->txt('username'), 'username');
394 $username->setRequired(true);
395 $form->addItem($username);
396
397 $password = new ilPasswordInputGUI($this->lng->txt('password'), 'password');
399 $password->setRequired(true);
400 $password->setUseStripSlashes(false);
401 $form->addItem($password);
402
403 $key = new ilHiddenInputGUI('key');
404 $key->setValue($pwassist_id);
405 $form->addItem($key);
406
407 $form->addCommandButton('submitAssignPasswordForm', $this->lng->txt('submit'));
408
409 return $form;
410 }
411
424 public function showAssignPasswordForm(ilPropertyFormGUI $form = null, $pwassist_id = '')
425 {
426 require_once 'include/inc.pwassist_session_handler.php';
427 require_once 'Services/Language/classes/class.ilLanguage.php';
428
429 $this->help->setSubScreenId('password_input');
430
431 // Retrieve form data
432 if (!$pwassist_id) {
433 $pwassist_id = $_GET['key'];
434 }
435
436 // Retrieve the session, and check if it is valid
437 $pwassist_session = db_pwassist_session_read($pwassist_id);
438 if (
439 !is_array($pwassist_session) ||
440 count($pwassist_session) == 0 ||
441 $pwassist_session['expires'] < time()
442 ) {
443 ilUtil::sendFailure($this->lng->txt('pwassist_session_expired'));
444 $this->showAssistanceForm(null);
445 } else {
446 $tpl = ilStartUpGUI::initStartUpTemplate('tpl.pwassist_assignpassword.html', true);
447 $tpl->setVariable('IMG_PAGEHEADLINE', ilUtil::getImagePath('icon_auth.svg'));
448 $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('password_assistance'));
449
450 $tpl->setVariable('TXT_ENTER_USERNAME_AND_NEW_PASSWORD', $this->lng->txt('pwassist_enter_username_and_new_password'));
451
452 if (!$form) {
453 $form = $this->getAssignPasswordForm($pwassist_id);
454 }
455 $tpl->setVariable('FORM', $form->getHTML());
456 $this->fillPermanentLink(self::PERMANENT_LINK_TARGET_PW);
458 }
459 }
460
477 public function submitAssignPasswordForm()
478 {
479 require_once 'include/inc.pwassist_session_handler.php';
480
481 // We need to fetch this before form instantiation
482 $pwassist_id = ilUtil::stripSlashes($_POST['key']);
483
484 $form = $this->getAssignPasswordForm($pwassist_id);
485 if (!$form->checkInput()) {
486 $form->setValuesByPost();
487 $this->showAssignPasswordForm($form, $pwassist_id);
488 return;
489 }
490
491 $username = $form->getInput('username');
492 $password = $form->getInput('password');
493 $pwassist_id = $form->getInput('key');
494
495 // Retrieve the session
496 $pwassist_session = db_pwassist_session_read($pwassist_id);
497
498 if (
499 !is_array($pwassist_session) ||
500 count($pwassist_session) == 0 ||
501 $pwassist_session['expires'] < time()
502 ) {
503 ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_session_expired')));
504 $form->setValuesByPost();
505 $this->showAssistanceForm($form);
506 return;
507 } else {
508 $is_successful = true;
509 $message = '';
510
511 $userObj = \ilObjectFactory::getInstanceByObjId($pwassist_session['user_id'], false);
512 if (!$userObj || !($userObj instanceof \ilObjUser)) {
513 $message = $this->lng->txt('user_does_not_exist');
514 $is_successful = false;
515 }
516
517 // check if the username entered by the user matches the
518 // one of the user object.
519 if ($is_successful && strcasecmp($userObj->getLogin(), $username) != 0) {
520 $message = $this->lng->txt('pwassist_login_not_match');
521 $is_successful = false;
522 }
523
524 $error_lng_var = '';
525 if (!ilUtil::isPasswordValidForUserContext($password, $userObj, $error_lng_var)) {
526 $message = $this->lng->txt($error_lng_var);
527 $is_successful = false;
528 }
529
530 // End of validation
531 // If the validation was successful, we change the password of the
532 // user.
533 // ------------------
534 if ($is_successful) {
535 $is_successful = $userObj->resetPassword($password, $password);
536 if (!$is_successful) {
537 $message = $this->lng->txt('passwd_invalid');
538 }
539 }
540
541 // If we are successful so far, we update the user object.
542 // ------------------
543 if ($is_successful) {
544 $userObj->setLastPasswordChangeToNow();
545 $userObj->update();
546 }
547
548 // If we are successful, we destroy the password assistance
549 // session and redirect to the login page.
550 // Else we display the form again along with an error message.
551 // ------------------
552 if ($is_successful) {
553 db_pwassist_session_destroy($pwassist_id);
554 $this->showMessageForm(
555 sprintf($this->lng->txt('pwassist_password_assigned'), $username),
556 self::PERMANENT_LINK_TARGET_PW
557 );
558 } else {
559 ilUtil::sendFailure(str_replace("\\n", '', $message));
560 $form->setValuesByPost();
561 $this->showAssignPasswordForm($form, $pwassist_id);
562 }
563 }
564 }
565
569 protected function getUsernameAssistanceForm()
570 {
571 require_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
572 $form = new ilPropertyFormGUI();
573
574 $form->setFormAction($this->ctrl->getFormAction($this, 'submitUsernameAssistanceForm'));
575 $form->setTarget('_parent');
576
577 $email = new ilTextInputGUI($this->lng->txt('email'), 'email');
578 $email->setRequired(true);
579 $form->addItem($email);
580
581 $form->addCommandButton('submitUsernameAssistanceForm', $this->lng->txt('submit'));
582
583 return $form;
584 }
585
596 public function showUsernameAssistanceForm(ilPropertyFormGUI $form = null)
597 {
598 $this->help->setSubScreenId('username_assistance');
599
600 $tpl = ilStartUpGUI::initStartUpTemplate('tpl.pwassist_username_assistance.html', true);
601 $tpl->setVariable('IMG_PAGEHEADLINE', ilUtil::getImagePath('icon_auth.svg'));
602 $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('password_assistance'));
603
604 $tpl->setVariable(
605 'TXT_ENTER_USERNAME_AND_EMAIL',
606 str_replace(
607 "\\n",
608 '<br />',
609 sprintf(
610 $this->lng->txt('pwassist_enter_email'),
611 '<a href="mailto:' . ilUtil::prepareFormOutput($this->settings->get('admin_email')) . '">' . ilUtil::prepareFormOutput($this->settings->get('admin_email')) . '</a>'
612 )
613 )
614 );
615
616 if (!$form) {
617 $form = $this->getUsernameAssistanceForm();
618 }
619 $tpl->setVariable('FORM', $form->getHTML());
620 //$this->fillPermanentLink(self::PERMANENT_LINK_TARGET_NAME);
622 }
623
636 {
637 require_once 'Services/User/classes/class.ilObjUser.php';
638 require_once 'Services/Utilities/classes/class.ilUtil.php';
639
640 $form = $this->getUsernameAssistanceForm();
641 if (!$form->checkInput()) {
642 $form->setValuesByPost();
643 $this->showUsernameAssistanceForm($form);
644
645 return;
646 }
647
648 $email = trim($form->getInput('email'));
650
651 if (is_array($logins) && count($logins) > 0) {
652 $this->sendUsernameAssistanceMail($email, $logins);
653 } else {
654 \ilLoggerFactory::getLogger('usr')->info(sprintf(
655 'Could not sent username assistance emails to (reason: no user found): %s',
656 $email
657 ));
658 }
659
660 $this->showMessageForm(
661 $this->lng->txt('pwassist_mail_sent_generic'),
662 self::PERMANENT_LINK_TARGET_NAME
663 );
664 }
665
678 public function sendUsernameAssistanceMail($email, array $logins)
679 {
680 global $DIC;
681
682 require_once 'Services/Mail/classes/class.ilMailbox.php';
683 require_once 'Services/Mail/classes/class.ilMail.php';
684 require_once 'Services/Mail/classes/class.ilMimeMail.php';
685 require_once 'include/inc.pwassist_session_handler.php';
686
687 $login_url = $this->buildUrl(
688 'pwassist.php',
689 [
690 'client_id' => $this->ilias->getClientId(),
691 'lang' => $this->lng->getLangKey()
692 ]
693 );
694
696 $senderFactory = $DIC["mail.mime.sender.factory"];
697 $sender = $senderFactory->system();
698
699 $mm = new ilMimeMail();
700 $mm->Subject($this->lng->txt('pwassist_mail_subject'), true);
701 $mm->From($sender);
702 $mm->To($email);
703 $mm->Body(
704 str_replace(
705 array("\\n", "\\t"),
706 array("\n", "\t"),
707 sprintf(
708 $this->lng->txt('pwassist_username_mail_body'),
709 join(",\n", $logins),
710 $this->getBaseUrl() . '/',
711 $_SERVER['REMOTE_ADDR'],
712 $email,
713 'mailto:' . $DIC->settings()->get("admin_email"),
714 $login_url
715 )
716 )
717 );
718 $mm->Send();
719 }
720
725 public function showMessageForm($text, string $permanent_link_context)
726 {
727 $tpl = ilStartUpGUI::initStartUpTemplate('tpl.pwassist_message.html', true);
728 $tpl->setVariable('TXT_PAGEHEADLINE', $this->lng->txt('password_assistance'));
729 $tpl->setVariable('IMG_PAGEHEADLINE', ilUtil::getImagePath('icon_auth.svg'));
730
731 $tpl->setVariable('TXT_TEXT', str_replace("\\n", '<br />', $text));
732 $this->fillPermanentLink($permanent_link_context);
734 }
735
739 protected function fillPermanentLink($context)
740 {
741 $this->tpl->setPermanentLink('usr', null, $context);
742 }
743}
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$_GET["client_id"]
$_POST["username"]
An exception for terminatinating execution or to throw for unit testing.
const AUTH_SAML
const AUTH_LOCAL
This class represents a email property in a property form.
This class represents a hidden form property in a property form.
language handling
static getLogger($a_component_id)
Get component logger.
Class ilMimeMail.
static getUserIdByLogin($a_login)
getEmail()
get email address @access public
getLogin()
get login / username @access public
setLastPasswordChangeToNow()
static getUserLoginsByEmail($a_email)
get all user login names of an email address
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
update()
update object in db
getId()
get object id @access public
Password assistance facility for users who have forgotten their password or for users for whom no pas...
showAssistanceForm(ilPropertyFormGUI $form=null)
submitUsernameAssistanceForm()
Reads the submitted data from the password assistance form.
showUsernameAssistanceForm(ilPropertyFormGUI $form=null)
Shows the password assistance form.
submitAssistanceForm()
Reads the submitted data from the password assistance form.
buildUrl(string $script, array $queryParameters)
getBaseUrl()
Returns the ILIAS http path without a trailing /.
showAssignPasswordForm(ilPropertyFormGUI $form=null, $pwassist_id='')
Assign password form.
showMessageForm($text, string $permanent_link_context)
This form is used to show a message to the user.
submitAssignPasswordForm()
Reads the submitted data from the password assistance form.
This class represents a password property in a property form.
This class represents a property form user interface.
static printToGlobalTemplate($tpl)
This class represents a text property in a property form.
static appendUrlParameterString($a_url, $a_par, $xml_style=false)
append URL parameter string ("par1=value1&par2=value2...") to given URL string
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static getPasswordRequirementsInfo()
infotext for ilPasswordInputGUI setInfo()
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static isPasswordValidForUserContext($clear_text_password, $user, &$error_language_variable=null)
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static prepareFormOutput($a_str, $a_strip=false)
prepares string output for html forms @access public
const SYSTEM_ROLE_ID
Definition: constants.php:27
const ANONYMOUS_ROLE_ID
Definition: constants.php:26
$password
Definition: cron.php:14
global $DIC
Definition: goto.php:24
help()
Definition: help.php:2
db_pwassist_session_destroy($pwassist_id)
destroy session
db_pwassist_session_find($user_id)
db_pwassist_session_write($pwassist_id, $maxlifetime, $user_id)
Writes serialized session data to the database.
db_pwassist_session_read($pwassist_id)
if( $orgName !==null) if($spconfig->hasValue('contacts')) $email
Definition: metadata.php:285
redirection script todo: (a better solution should control the processing via a xml file)
$url
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
settings()
Definition: settings.php:2
$context
Definition: webdav.php:26
$lang
Definition: xapiexit.php:8
$message
Definition: xapiexit.php:14