Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 189
0.00% covered (danger)
0.00%
0 / 5
CRAP
0.00% covered (danger)
0.00%
0 / 1
reset_password
0.00% covered (danger)
0.00%
0 / 189
0.00% covered (danger)
0.00%
0 / 5
1056
0.00% covered (danger)
0.00%
0 / 1
 __construct
0.00% covered (danger)
0.00%
0 / 14
0.00% covered (danger)
0.00%
0 / 1
2
 init_controller
0.00% covered (danger)
0.00%
0 / 6
0.00% covered (danger)
0.00%
0 / 1
6
 remove_reset_token
0.00% covered (danger)
0.00%
0 / 8
0.00% covered (danger)
0.00%
0 / 1
2
 request
0.00% covered (danger)
0.00%
0 / 72
0.00% covered (danger)
0.00%
0 / 1
156
 reset
0.00% covered (danger)
0.00%
0 / 89
0.00% covered (danger)
0.00%
0 / 1
272
1<?php
2/**
3*
4* This file is part of the phpBB Forum Software package.
5*
6* @copyright (c) phpBB Limited <https://www.phpbb.com>
7* @license GNU General Public License, version 2 (GPL-2.0)
8*
9* For full copyright and license information, please see
10* the docs/CREDITS.txt file.
11*
12*/
13
14namespace phpbb\ucp\controller;
15
16use phpbb\auth\auth;
17use phpbb\config\config;
18use phpbb\controller\helper;
19use phpbb\db\driver\driver_interface;
20use phpbb\event\dispatcher;
21use phpbb\exception\http_exception;
22use phpbb\language\language;
23use phpbb\log\log_interface;
24use phpbb\passwords\manager;
25use phpbb\request\request;
26use phpbb\template\template;
27use phpbb\user;
28use phpbb\messenger\method\email;
29use Symfony\Component\HttpFoundation\Response;
30
31/**
32* Handling forgotten passwords via reset password functionality
33*/
34class reset_password
35{
36    /** @var config */
37    protected $config;
38
39    /** @var driver_interface */
40    protected $db;
41
42    /** @var dispatcher */
43    protected $dispatcher;
44
45    /** @var helper */
46    protected $helper;
47
48    /** @var language */
49    protected $language;
50
51    /** @var log_interface */
52    protected $log;
53
54    /** @var email */
55    protected $email_method;
56
57    /** @var manager */
58    protected $passwords_manager;
59
60    /** @var request */
61    protected $request;
62
63    /** @var template */
64    protected $template;
65
66    /** @var user */
67    protected $user;
68
69    /** @var string Users table name */
70    protected $users_table;
71
72    /** @var string phpBB root path */
73    protected $root_path;
74
75    /** @var string PHP extension */
76    protected $php_ext;
77
78    /**
79     * Reset password controller constructor.
80     *
81     * @param config $config
82     * @param driver_interface $db
83     * @param dispatcher $dispatcher
84     * @param helper $helper
85     * @param language $language
86     * @param log_interface $log
87     * @param email $email_method
88     * @param manager $passwords_manager
89     * @param request $request
90     * @param template $template
91     * @param user $user
92     * @param string $users_table
93     * @param string $root_path
94     * @param string $php_ext
95     */
96    public function __construct(config $config, driver_interface $db, dispatcher $dispatcher, helper $helper,
97                                language $language, log_interface $log, email $email_method, manager $passwords_manager,
98                                request $request, template $template, user $user, string $users_table,
99                                string $root_path, string $php_ext)
100    {
101        $this->config = $config;
102        $this->db = $db;
103        $this->dispatcher = $dispatcher;
104        $this->helper = $helper;
105        $this->language = $language;
106        $this->log = $log;
107        $this->email_method = $email_method;
108        $this->passwords_manager = $passwords_manager;
109        $this->request = $request;
110        $this->template = $template;
111        $this->user = $user;
112        $this->users_table = $users_table;
113        $this->root_path = $root_path;
114        $this->php_ext = $php_ext;
115    }
116
117    /**
118     * Init controller
119     */
120    protected function init_controller()
121    {
122        $this->language->add_lang('ucp');
123
124        if (!$this->config['allow_password_reset'])
125        {
126            throw new http_exception(Response::HTTP_OK, 'UCP_PASSWORD_RESET_DISABLED', [
127                '<a href="mailto:' . htmlspecialchars($this->config['board_contact'], ENT_COMPAT) . '">',
128                '</a>'
129            ]);
130        }
131    }
132
133    /**
134     * Remove reset token for specified user
135     *
136     * @param int $user_id User ID
137     */
138    protected function remove_reset_token(int $user_id)
139    {
140        $sql_ary = [
141            'reset_token'                => '',
142            'reset_token_expiration'    => 0,
143        ];
144
145        $sql = 'UPDATE ' . $this->users_table . '
146                    SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
147                    WHERE user_id = ' . $user_id;
148        $this->db->sql_query($sql);
149    }
150
151    /**
152     * Handle password reset request
153     *
154     * @return Response
155     */
156    public function request()
157    {
158        $this->init_controller();
159
160        $submit        = $this->request->is_set_post('submit');
161        $username    = $this->request->variable('username', '', true);
162        $email        = strtolower($this->request->variable('email', ''));
163
164        add_form_key('ucp_reset_password');
165
166        if ($submit)
167        {
168            if (!check_form_key('ucp_reset_password'))
169            {
170                throw new http_exception(Response::HTTP_UNAUTHORIZED, 'FORM_INVALID');
171            }
172
173            if (empty($email))
174            {
175                return $this->helper->message('NO_EMAIL_USER');
176            }
177
178            $sql_array = [
179                'SELECT'    => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,'
180                                . ' user_lang, user_inactive_reason, reset_token, reset_token_expiration',
181                'FROM'        => [$this->users_table => 'u'],
182                'WHERE'        => "user_email = '" . $this->db->sql_escape($email) . "'" .
183                    (!empty($username) ? " AND username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'" : ''),
184            ];
185
186            /**
187             * Change SQL query for fetching user data
188             *
189             * @event core.ucp_remind_modify_select_sql
190             * @var    string    email        User's email from the form
191             * @var    string    username    User's username from the form
192             * @var    array    sql_array    Fully assembled SQL query with keys SELECT, FROM, WHERE
193             * @since 3.1.11-RC1
194             * @changed 3.3.0-b1 Moved to reset password controller
195             */
196            $vars = [
197                'email',
198                'username',
199                'sql_array',
200            ];
201            extract($this->dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
202
203            $sql = $this->db->sql_build_query('SELECT', $sql_array);
204            $result = $this->db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
205            $rowset = $this->db->sql_fetchrowset($result);
206            $this->db->sql_freeresult($result);
207
208            if (count($rowset) > 1)
209            {
210                $this->template->assign_vars([
211                    'USERNAME_REQUIRED'    => true,
212                    'EMAIL'                => $email,
213                ]);
214            }
215            else
216            {
217                $message = $this->language->lang('PASSWORD_RESET_LINK_SENT') . '<br /><br />' . $this->language->lang('RETURN_INDEX', '<a href="' . append_sid("{$this->root_path}index.{$this->php_ext}") . '">', '</a>');
218
219                if (empty($rowset))
220                {
221                    return $this->helper->message($message);
222                }
223
224                $user_row = $rowset[0];
225
226                if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
227                {
228                    return $this->helper->message($message);
229                }
230
231                // Do not create multiple valid reset tokens
232                if (!empty($user_row['reset_token']) && (int) $user_row['reset_token_expiration'] >= time())
233                {
234                    return $this->helper->message($message);
235                }
236
237                // Check users permissions
238                $auth = new auth();
239                $auth->acl($user_row);
240
241                if (!$auth->acl_get('u_chgpasswd'))
242                {
243                    return $this->helper->message($message);
244                }
245
246                // Generate reset token
247                $reset_token = strtolower(gen_rand_string(32));
248
249                $sql_ary = [
250                    'reset_token'                => $reset_token,
251                    'reset_token_expiration'    => $this->user::get_token_expiration(),
252                ];
253
254                $sql = 'UPDATE ' . $this->users_table . '
255                    SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
256                    WHERE user_id = ' . $user_row['user_id'];
257                $this->db->sql_query($sql);
258
259                $this->email_method->set_use_queue(false);
260                $this->email_method->template('user_forgot_password', $user_row['user_lang']);
261                $this->email_method->set_addresses($user_row);
262                $this->email_method->anti_abuse_headers($this->config, $this->user);
263                $this->email_method->assign_vars([
264                    'USERNAME'            => html_entity_decode($user_row['username'], ENT_COMPAT),
265                    'U_RESET_PASSWORD'    => generate_board_url(true) . $this->helper->route('phpbb_ucp_reset_password_controller', [
266                        'u'        => $user_row['user_id'],
267                        'token'    => $reset_token,
268                    ], false)
269                ]);
270                $this->email_method->send();
271
272                return $this->helper->message($message);
273            }
274        }
275
276        $this->template->assign_vars([
277            'USERNAME'                    => $username,
278            'EMAIL'                        => $email,
279            'U_RESET_PASSWORD_ACTION'    => $this->helper->route('phpbb_ucp_forgot_password_controller'),
280        ]);
281
282        return $this->helper->render('ucp_reset_password.html', $this->language->lang('RESET_PASSWORD'));
283    }
284
285    /**
286     * Handle controller requests
287     *
288     * @return Response
289     */
290    public function reset()
291    {
292        $this->init_controller();
293
294        $submit            = $this->request->is_set_post('submit');
295        $reset_token    = $this->request->variable('token', '');
296        $user_id        = $this->request->variable('u', 0);
297
298        if (empty($reset_token))
299        {
300            return $this->helper->message('NO_RESET_TOKEN');
301        }
302
303        if (!$user_id)
304        {
305            return $this->helper->message('NO_USER');
306        }
307
308        add_form_key('ucp_reset_password');
309
310        $sql_array = [
311            'SELECT'    => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,'
312                . ' user_lang, user_inactive_reason, reset_token, reset_token_expiration',
313            'FROM'        => [$this->users_table => 'u'],
314            'WHERE'        => 'user_id = ' . $user_id,
315        ];
316
317        /**
318         * Change SQL query for fetching user data
319         *
320         * @event core.ucp_reset_password_modify_select_sql
321         * @var    int    user_id        User ID from the form
322         * @var    string    reset_token Reset token
323         * @var    array    sql_array    Fully assembled SQL query with keys SELECT, FROM, WHERE
324         * @since 3.3.0-b1
325         */
326        $vars = [
327            'user_id',
328            'reset_token',
329            'sql_array',
330        ];
331        extract($this->dispatcher->trigger_event('core.ucp_reset_password_modify_select_sql', compact($vars)));
332
333        $sql = $this->db->sql_build_query('SELECT', $sql_array);
334        $result = $this->db->sql_query_limit($sql, 1);
335        $user_row = $this->db->sql_fetchrow($result);
336        $this->db->sql_freeresult($result);
337
338        $message = $this->language->lang('RESET_TOKEN_EXPIRED_OR_INVALID') . '<br /><br />' . $this->language->lang('RETURN_INDEX', '<a href="' . append_sid("{$this->root_path}index.{$this->php_ext}") . '">', '</a>');
339
340        if (empty($user_row))
341        {
342            return $this->helper->message($message);
343        }
344
345        if (!hash_equals($reset_token, $user_row['reset_token']))
346        {
347            return $this->helper->message($message);
348        }
349
350        if ($user_row['reset_token_expiration'] < time())
351        {
352            $this->remove_reset_token($user_id);
353
354            return $this->helper->message($message);
355        }
356
357        $errors = [];
358
359        if ($submit)
360        {
361            if (!check_form_key('ucp_reset_password'))
362            {
363                return $this->helper->message('FORM_INVALID');
364            }
365
366            if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
367            {
368                return $this->helper->message($message);
369            }
370
371            // Check users permissions
372            $auth = new auth();
373            $auth->acl($user_row);
374
375            if (!$auth->acl_get('u_chgpasswd'))
376            {
377                return $this->helper->message($message);
378            }
379
380            if (!function_exists('validate_data'))
381            {
382                include($this->root_path . 'includes/functions_user.' . $this->php_ext);
383            }
384
385            $data = [
386                'new_password'        => $this->request->untrimmed_variable('new_password', '', true),
387                'password_confirm'    => $this->request->untrimmed_variable('new_password_confirm', '', true),
388            ];
389            $check_data = [
390                'new_password'        => [
391                    ['string', false, $this->config['min_pass_chars'], 0],
392                    ['password'],
393                ],
394                'password_confirm'    => ['string', true, $this->config['min_pass_chars'], 0],
395            ];
396            $errors = array_merge($errors, validate_data($data, $check_data));
397            if (strcmp($data['new_password'], $data['password_confirm']) !== 0)
398            {
399                $errors[] = $data['password_confirm'] ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
400            }
401            if (empty($errors))
402            {
403                $sql_ary = [
404                    'user_password'                => $this->passwords_manager->hash($data['new_password']),
405                    'user_passchg'                => time(),
406                    'user_login_attempts'        => 0,
407                    'reset_token'                => '',
408                    'reset_token_expiration'    => 0,
409                ];
410                $sql = 'UPDATE ' . $this->users_table . '
411                            SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
412                            WHERE user_id = ' . (int) $user_row['user_id'];
413                $this->db->sql_query($sql);
414                $this->user->reset_login_keys($user_row['user_id']);
415                $this->log->add('user', $user_row['user_id'], $this->user->ip, 'LOG_USER_NEW_PASSWORD', false, [
416                    'reportee_id' => $user_row['user_id'],
417                    $user_row['username']
418                ]);
419                meta_refresh(3, append_sid("{$this->root_path}index.{$this->php_ext}"));
420                return $this->helper->message($this->language->lang('PASSWORD_RESET'));
421            }
422        }
423
424        $this->template->assign_vars([
425            'PASSWORD_RESET_ERRORS'        => !empty($errors) ? array_map([$this->language, 'lang'], $errors) : '',
426            'S_IS_PASSWORD_RESET'        => true,
427            'U_RESET_PASSWORD_ACTION'    => $this->helper->route('phpbb_ucp_reset_password_controller'),
428            'L_CHANGE_PASSWORD_EXPLAIN'    => $this->language->lang($this->config['pass_complex'] . '_EXPLAIN', $this->language->lang('CHARACTERS', (int) $this->config['min_pass_chars'])),
429            'S_HIDDEN_FIELDS'            => build_hidden_fields([
430                'u'        => $user_id,
431                'token'    => $reset_token,
432            ]),
433        ]);
434
435        return $this->helper->render('ucp_reset_password.html', $this->language->lang('RESET_PASSWORD'));
436    }
437}