Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

MDL-20846 creating users on restore - part2 - hack login to inform and

allow 'restored' users to reset their password. Backported from 19_STABLE
  • Loading branch information...
commit b3bf5dce4fc7639a51fd50b60d560b57e28dbba0 1 parent a66d540
@stronk7 stronk7 authored
View
40 lib/moodlelib.php
@@ -2525,6 +2525,22 @@ function is_internal_auth($auth) {
}
/**
+ * Returns true if the user is a 'restored' one
+ *
+ * Used in the login process to inform the user
+ * and allow him/her to reset the password
+ *
+ * @uses $CFG
+ * @param string $username username to be checked
+ * @return bool
+ */
+function is_restored_user($username) {
+ global $CFG;
+
+ return record_exists('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id, 'password', 'restored');
+}
+
+/**
* Returns an array of user fields
*
* @uses $CFG
@@ -5889,6 +5905,30 @@ function random_string ($length=15) {
return $string;
}
+/**
+ * Generate a complex random string (usefull for md5 salts)
+ *
+ * This function is based on the above {@link random_string()} however it uses a
+ * larger pool of characters and generates a string between 24 and 32 characters
+ *
+ * @param int $length Optional if set generates a string to exactly this length
+ * @return string
+ */
+function complex_random_string($length=null) {
+ $pool = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+ $pool .= '`~!@#%^&*()_+-=[];,./<>?:{} ';
+ $poollen = strlen($pool);
+ mt_srand ((double) microtime() * 1000000);
+ if ($length===null) {
+ $length = floor(rand(24,32));
+ }
+ $string = '';
+ for ($i = 0; $i < $length; $i++) {
+ $string .= $pool[(mt_rand()%$poollen)];
+ }
+ return $string;
+}
+
/*
* Given some text (which may contain HTML) and an ideal length,
* this function truncates the text neatly on a word boundary if possible
View
14 login/index.php
@@ -125,6 +125,20 @@
$user = authenticate_user_login($frm->username, $frm->password);
}
}
+
+ // Intercept 'restored' users to provide them with info & reset password
+ if (!$user and $frm and is_restored_user($frm->username)) {
+ print_header("$site->fullname: $loginsite", $site->fullname, $navigation, '',
+ '', true, '<div class="langmenu">'.$langmenu.'</div>');
+ print_heading(get_string('restoredaccount'));
+ print_simple_box(get_string('restoredaccountinfo'), 'center', '70%');
+ require_once('restored_password_form.php'); // Use our "supplanter" login_forgot_password_form. MDL-20846
+ $form = new login_forgot_password_form('forgot_password.php', array('username' => $frm->username));
+ $form->display();
+ print_footer();
+ die;
+ }
+
update_login_count();
if ($user) {
View
31 login/restored_password_form.php
@@ -0,0 +1,31 @@
+<?php
+
+// This is one "supplanter" form that generates
+// one correct forgot_password.php request in
+// order to get the mailout for 'restored' users
+// working automatically without having to
+// fill the form manually (the user already has
+// filled the username and it has been detected
+// as a 'restored' one. Surely, some day this will
+// be out, with the forgot_password utility being
+// part of each plugin, but now now. See MDL-20846
+// for the rationale for this implementation.
+
+require_once $CFG->libdir.'/formslib.php';
+
+class login_forgot_password_form extends moodleform {
+
+ function definition() {
+ $mform =& $this->_form;
+
+ $username = $this->_customdata['username'];
+
+ $mform->addElement('hidden', 'username', $username);
+ $mform->setType('username', PARAM_RAW);
+
+ $this->add_action_buttons(false, get_string('continue'));
+ }
+
+}
+
+?>
Please sign in to comment.
Something went wrong with that request. Please try again.