Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 190
0.00% covered (danger)
0.00%
0 / 5
CRAP
0.00% covered (danger)
0.00%
0 / 1
reset_password
0.00% covered (danger)
0.00%
0 / 190
0.00% covered (danger)
0.00%
0 / 5
1122
0.00% covered (danger)
0.00%
0 / 1
 __construct
0.00% covered (danger)
0.00%
0 / 13
0.00% covered (danger)
0.00%
0 / 1
2
 init_controller
0.00% covered (danger)
0.00%
0 / 6
0.00% covered (danger)
0.00%
0 / 1
6
 remove_reset_token
0.00% covered (danger)
0.00%
0 / 8
0.00% covered (danger)
0.00%
0 / 1
2
 request
0.00% covered (danger)
0.00%
0 / 74
0.00% covered (danger)
0.00%
0 / 1
182
 reset
0.00% covered (danger)
0.00%
0 / 89
0.00% covered (danger)
0.00%
0 / 1
272
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14namespace phpbb\ucp\controller;
15
16use phpbb\auth\auth;
17use phpbb\config\config;
18use phpbb\controller\helper;
19use phpbb\db\driver\driver_interface;
20use phpbb\event\dispatcher;
21use phpbb\exception\http_exception;
22use phpbb\language\language;
23use phpbb\log\log_interface;
24use phpbb\passwords\manager;
25use phpbb\request\request;
26use phpbb\template\template;
27use phpbb\user;
28use Symfony\Component\HttpFoundation\Response;
29
30/**
31* Handling forgotten passwords via reset password functionality
32*/
33class reset_password
34{
35    /** @var config */
36    protected $config;
37
38    /** @var driver_interface */
39    protected $db;
40
41    /** @var dispatcher */
42    protected $dispatcher;
43
44    /** @var helper */
45    protected $helper;
46
47    /** @var language */
48    protected $language;
49
50    /** @var log_interface */
51    protected $log;
52
53    /** @var manager */
54    protected $passwords_manager;
55
56    /** @var request */
57    protected $request;
58
59    /** @var template */
60    protected $template;
61
62    /** @var user */
63    protected $user;
64
65    /** @var string Users table name */
66    protected $users_table;
67
68    /** @var string phpBB root path */
69    protected $root_path;
70
71    /** @var string PHP extension */
72    protected $php_ext;
73
74    /**
75     * Reset password controller constructor.
76     *
77     * @param config $config
78     * @param driver_interface $db
79     * @param dispatcher $dispatcher
80     * @param helper $helper
81     * @param language $language
82     * @param log_interface $log
83     * @param manager $passwords_manager
84     * @param request $request
85     * @param template $template
86     * @param user $user
87     * @param string $users_table
88     * @param string $root_path
89     * @param string $php_ext
90     */
91    public function __construct(config $config, driver_interface $db, dispatcher $dispatcher, helper $helper,
92                                language $language, log_interface $log, manager $passwords_manager,
93                                request $request, template $template, user $user, string $users_table,
94                                string $root_path, string $php_ext)
95    {
96        $this->config = $config;
97        $this->db = $db;
98        $this->dispatcher = $dispatcher;
99        $this->helper = $helper;
100        $this->language = $language;
101        $this->log = $log;
102        $this->passwords_manager = $passwords_manager;
103        $this->request = $request;
104        $this->template = $template;
105        $this->user = $user;
106        $this->users_table = $users_table;
107        $this->root_path = $root_path;
108        $this->php_ext = $php_ext;
109    }
110
111    /**
112     * Init controller
113     */
114    protected function init_controller()
115    {
116        $this->language->add_lang('ucp');
117
118        if (!$this->config['allow_password_reset'])
119        {
120            throw new http_exception(Response::HTTP_OK, 'UCP_PASSWORD_RESET_DISABLED', [
121                '<a href="mailto:' . htmlspecialchars($this->config['board_contact'], ENT_COMPAT) . '">',
122                '</a>'
123            ]);
124        }
125    }
126
127    /**
128     * Remove reset token for specified user
129     *
130     * @param int $user_id User ID
131     */
132    protected function remove_reset_token(int $user_id)
133    {
134        $sql_ary = [
135            'reset_token'                => '',
136            'reset_token_expiration'    => 0,
137        ];
138
139        $sql = 'UPDATE ' . $this->users_table . '
140                    SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
141                    WHERE user_id = ' . $user_id;
142        $this->db->sql_query($sql);
143    }
144
145    /**
146     * Handle password reset request
147     *
148     * @return Response
149     */
150    public function request()
151    {
152        $this->init_controller();
153
154        $submit        = $this->request->is_set_post('submit');
155        $username    = $this->request->variable('username', '', true);
156        $email        = strtolower($this->request->variable('email', ''));
157
158        add_form_key('ucp_reset_password');
159
160        if ($submit)
161        {
162            if (!check_form_key('ucp_reset_password'))
163            {
164                throw new http_exception(Response::HTTP_UNAUTHORIZED, 'FORM_INVALID');
165            }
166
167            if (empty($email))
168            {
169                return $this->helper->message('NO_EMAIL_USER');
170            }
171
172            $sql_array = [
173                'SELECT'    => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,'
174                                . ' user_lang, user_inactive_reason, reset_token, reset_token_expiration',
175                'FROM'        => [$this->users_table => 'u'],
176                'WHERE'        => "user_email = '" . $this->db->sql_escape($email) . "'" .
177                    (!empty($username) ? " AND username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'" : ''),
178            ];
179
180            /**
181             * Change SQL query for fetching user data
182             *
183             * @event core.ucp_remind_modify_select_sql
184             * @var    string    email        User's email from the form
185             * @var    string    username    User's username from the form
186             * @var    array    sql_array    Fully assembled SQL query with keys SELECT, FROM, WHERE
187             * @since 3.1.11-RC1
188             * @changed 3.3.0-b1 Moved to reset password controller
189             */
190            $vars = [
191                'email',
192                'username',
193                'sql_array',
194            ];
195            extract($this->dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
196
197            $sql = $this->db->sql_build_query('SELECT', $sql_array);
198            $result = $this->db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
199            $rowset = $this->db->sql_fetchrowset($result);
200            $this->db->sql_freeresult($result);
201
202            if (count($rowset) > 1)
203            {
204                $this->template->assign_vars([
205                    'USERNAME_REQUIRED'    => true,
206                    'EMAIL'                => $email,
207                ]);
208            }
209            else
210            {
211                $message = $this->language->lang('PASSWORD_RESET_LINK_SENT') . '<br /><br />' . $this->language->lang('RETURN_INDEX', '<a href="' . append_sid("{$this->root_path}index.{$this->php_ext}") . '">', '</a>');
212
213                if (empty($rowset))
214                {
215                    return $this->helper->message($message);
216                }
217
218                $user_row = $rowset[0];
219
220                if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
221                {
222                    return $this->helper->message($message);
223                }
224
225                // Do not create multiple valid reset tokens
226                if (!empty($user_row['reset_token']) && (int) $user_row['reset_token_expiration'] >= time())
227                {
228                    return $this->helper->message($message);
229                }
230
231                // Check users permissions
232                $auth = new auth();
233                $auth->acl($user_row);
234
235                if (!$auth->acl_get('u_chgpasswd'))
236                {
237                    return $this->helper->message($message);
238                }
239
240                // Generate reset token
241                $reset_token = strtolower(gen_rand_string(32));
242
243                $sql_ary = [
244                    'reset_token'                => $reset_token,
245                    'reset_token_expiration'    => $this->user::get_token_expiration(),
246                ];
247
248                $sql = 'UPDATE ' . $this->users_table . '
249                    SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
250                    WHERE user_id = ' . $user_row['user_id'];
251                $this->db->sql_query($sql);
252
253                if (!class_exists('messenger'))
254                {
255                    include($this->root_path . 'includes/functions_messenger.' . $this->php_ext);
256                }
257
258                /** @var \messenger $messenger */
259                $messenger = new \messenger(false);
260
261                $messenger->template('user_forgot_password', $user_row['user_lang']);
262
263                $messenger->set_addresses($user_row);
264
265                $messenger->anti_abuse_headers($this->config, $this->user);
266
267                $messenger->assign_vars([
268                        'USERNAME'            => html_entity_decode($user_row['username'], ENT_COMPAT),
269                        'U_RESET_PASSWORD'    => generate_board_url(true) . $this->helper->route('phpbb_ucp_reset_password_controller', [
270                            'u'        => $user_row['user_id'],
271                            'token'    => $reset_token,
272                        ], false)
273                ]);
274
275                $messenger->send($user_row['user_notify_type']);
276
277                return $this->helper->message($message);
278            }
279        }
280
281        $this->template->assign_vars([
282            'USERNAME'                    => $username,
283            'EMAIL'                        => $email,
284            'U_RESET_PASSWORD_ACTION'    => $this->helper->route('phpbb_ucp_forgot_password_controller'),
285        ]);
286
287        return $this->helper->render('ucp_reset_password.html', $this->language->lang('RESET_PASSWORD'));
288    }
289
290    /**
291     * Handle controller requests
292     *
293     * @return Response
294     */
295    public function reset()
296    {
297        $this->init_controller();
298
299        $submit            = $this->request->is_set_post('submit');
300        $reset_token    = $this->request->variable('token', '');
301        $user_id        = $this->request->variable('u', 0);
302
303        if (empty($reset_token))
304        {
305            return $this->helper->message('NO_RESET_TOKEN');
306        }
307
308        if (!$user_id)
309        {
310            return $this->helper->message('NO_USER');
311        }
312
313        add_form_key('ucp_reset_password');
314
315        $sql_array = [
316            'SELECT'    => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,'
317                . ' user_lang, user_inactive_reason, reset_token, reset_token_expiration',
318            'FROM'        => [$this->users_table => 'u'],
319            'WHERE'        => 'user_id = ' . $user_id,
320        ];
321
322        /**
323         * Change SQL query for fetching user data
324         *
325         * @event core.ucp_reset_password_modify_select_sql
326         * @var    int    user_id        User ID from the form
327         * @var    string    reset_token Reset token
328         * @var    array    sql_array    Fully assembled SQL query with keys SELECT, FROM, WHERE
329         * @since 3.3.0-b1
330         */
331        $vars = [
332            'user_id',
333            'reset_token',
334            'sql_array',
335        ];
336        extract($this->dispatcher->trigger_event('core.ucp_reset_password_modify_select_sql', compact($vars)));
337
338        $sql = $this->db->sql_build_query('SELECT', $sql_array);
339        $result = $this->db->sql_query_limit($sql, 1);
340        $user_row = $this->db->sql_fetchrow($result);
341        $this->db->sql_freeresult($result);
342
343        $message = $this->language->lang('RESET_TOKEN_EXPIRED_OR_INVALID') . '<br /><br />' . $this->language->lang('RETURN_INDEX', '<a href="' . append_sid("{$this->root_path}index.{$this->php_ext}") . '">', '</a>');
344
345        if (empty($user_row))
346        {
347            return $this->helper->message($message);
348        }
349
350        if (!hash_equals($reset_token, $user_row['reset_token']))
351        {
352            return $this->helper->message($message);
353        }
354
355        if ($user_row['reset_token_expiration'] < time())
356        {
357            $this->remove_reset_token($user_id);
358
359            return $this->helper->message($message);
360        }
361
362        $errors = [];
363
364        if ($submit)
365        {
366            if (!check_form_key('ucp_reset_password'))
367            {
368                return $this->helper->message('FORM_INVALID');
369            }
370
371            if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
372            {
373                return $this->helper->message($message);
374            }
375
376            // Check users permissions
377            $auth = new auth();
378            $auth->acl($user_row);
379
380            if (!$auth->acl_get('u_chgpasswd'))
381            {
382                return $this->helper->message($message);
383            }
384
385            if (!function_exists('validate_data'))
386            {
387                include($this->root_path . 'includes/functions_user.' . $this->php_ext);
388            }
389
390            $data = [
391                'new_password'        => $this->request->untrimmed_variable('new_password', '', true),
392                'password_confirm'    => $this->request->untrimmed_variable('new_password_confirm', '', true),
393            ];
394            $check_data = [
395                'new_password'        => [
396                    ['string', false, $this->config['min_pass_chars'], 0],
397                    ['password'],
398                ],
399                'password_confirm'    => ['string', true, $this->config['min_pass_chars'], 0],
400            ];
401            $errors = array_merge($errors, validate_data($data, $check_data));
402            if (strcmp($data['new_password'], $data['password_confirm']) !== 0)
403            {
404                $errors[] = $data['password_confirm'] ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
405            }
406            if (empty($errors))
407            {
408                $sql_ary = [
409                    'user_password'                => $this->passwords_manager->hash($data['new_password']),
410                    'user_passchg'                => time(),
411                    'user_login_attempts'        => 0,
412                    'reset_token'                => '',
413                    'reset_token_expiration'    => 0,
414                ];
415                $sql = 'UPDATE ' . $this->users_table . '
416                            SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
417                            WHERE user_id = ' . (int) $user_row['user_id'];
418                $this->db->sql_query($sql);
419                $this->user->reset_login_keys($user_row['user_id']);
420                $this->log->add('user', $user_row['user_id'], $this->user->ip, 'LOG_USER_NEW_PASSWORD', false, [
421                    'reportee_id' => $user_row['user_id'],
422                    $user_row['username']
423                ]);
424                meta_refresh(3, append_sid("{$this->root_path}index.{$this->php_ext}"));
425                return $this->helper->message($this->language->lang('PASSWORD_RESET'));
426            }
427        }
428
429        $this->template->assign_vars([
430            'PASSWORD_RESET_ERRORS'        => !empty($errors) ? array_map([$this->language, 'lang'], $errors) : '',
431            'S_IS_PASSWORD_RESET'        => true,
432            'U_RESET_PASSWORD_ACTION'    => $this->helper->route('phpbb_ucp_reset_password_controller'),
433            'L_CHANGE_PASSWORD_EXPLAIN'    => $this->language->lang($this->config['pass_complex'] . '_EXPLAIN', $this->language->lang('CHARACTERS', (int) $this->config['min_pass_chars'])),
434            'S_HIDDEN_FIELDS'            => build_hidden_fields([
435                'u'        => $user_id,
436                'token'    => $reset_token,
437            ]),
438        ]);
439
440        return $this->helper->render('ucp_reset_password.html', $this->language->lang('RESET_PASSWORD'));
441    }
442}