* @license GNU General Public License, version 2 (GPL-2.0) * * For full copyright and license information, please see * the docs/CREDITS.txt file. * */ namespace phpbb\ucp\controller; use phpbb\auth\auth; use phpbb\config\config; use phpbb\controller\helper; use phpbb\db\driver\driver_interface; use phpbb\event\dispatcher; use phpbb\exception\http_exception; use phpbb\language\language; use phpbb\log\log_interface; use phpbb\passwords\manager; use phpbb\request\request_interface; use phpbb\template\template; use phpbb\user; use Symfony\Component\HttpFoundation\Response; /** * Handling forgotten passwords via reset password functionality */ class reset_password { /** @var config */ protected $config; /** @var driver_interface */ protected $db; /** @var dispatcher */ protected $dispatcher; /** @var helper */ protected $helper; /** @var language */ protected $language; /** @var log_interface */ protected $log; /** @var manager */ protected $passwords_manager; /** @var request_interface */ protected $request; /** @var template */ protected $template; /** @var user */ protected $user; /** @var array phpBB DB table names */ protected $users_table; /** @var string phpBB root path */ protected $root_path; /** @var string PHP extension */ protected $php_ext; /** * Reset password controller constructor. * * @param config $config * @param driver_interface $db * @param dispatcher $dispatcher * @param helper $helper * @param language $language * @param log_interface $log * @param manager $passwords_manager * @param request_interface $request * @param template $template * @param user $user * @param string $users_table * @param string $root_path * @param string $php_ext */ public function __construct(config $config, driver_interface $db, dispatcher $dispatcher, helper $helper, language $language, log_interface $log, manager $passwords_manager, request_interface $request, template $template, user $user, string $users_table, string $root_path, string $php_ext) { $this->config = $config; $this->db = $db; $this->dispatcher = $dispatcher; $this->helper = $helper; $this->language = $language; $this->log = $log; $this->passwords_manager = $passwords_manager; $this->request = $request; $this->template = $template; $this->user = $user; $this->users_table = $users_table; $this->root_path = $root_path; $this->php_ext = $php_ext; } /** * Init controller */ protected function init_controller() { $this->language->add_lang('ucp'); if (!$this->config['allow_password_reset']) { throw new http_exception(Response::HTTP_OK, 'UCP_PASSWORD_RESET_DISABLED', [ '', '' ]); } } /** * Remove reset token for specified user * * @param int $user_id User ID */ protected function remove_reset_token(int $user_id) { $sql_ary = [ 'reset_token' => '', 'reset_token_expiration' => 0, ]; $sql = 'UPDATE ' . $this->users_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $this->db->sql_query($sql); } /** * Handle password reset request * * @return Response */ public function request() { $this->init_controller(); $submit = $this->request->is_set_post('submit'); $username = $this->request->variable('username', '', true); $email = strtolower($this->request->variable('email', '')); add_form_key('ucp_reset_password'); if ($submit) { if (!check_form_key('ucp_reset_password')) { throw new http_exception(Response::HTTP_UNAUTHORIZED, 'FORM_INVALID'); } if (empty($email)) { return $this->helper->message('NO_EMAIL_USER'); } $sql_array = [ 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,' . ' user_lang, user_inactive_reason, reset_token, reset_token_expiration', 'FROM' => [$this->users_table => 'u'], 'WHERE' => "user_email = '" . $this->db->sql_escape($email) . "'" . (!empty($username) ? " AND username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'" : ''), ]; /** * Change SQL query for fetching user data * * @event core.ucp_remind_modify_select_sql * @var string email User's email from the form * @var string username User's username from the form * @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE * @since 3.1.11-RC1 * @changed 3.3.0-b1 Moved to reset password controller */ $vars = [ 'email', 'username', 'sql_array', ]; extract($this->dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars))); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need $rowset = $this->db->sql_fetchrowset($result); $this->db->sql_freeresult($result); if (count($rowset) > 1) { $this->template->assign_vars([ 'USERNAME_REQUIRED' => true, 'EMAIL' => $email, ]); } else { $message = $this->language->lang('PASSWORD_RESET_LINK_SENT') . '

' . $this->language->lang('RETURN_INDEX', 'root_path}index.{$this->php_ext}") . '">', ''); if (empty($rowset)) { return $this->helper->message($message); } $user_row = $rowset[0]; if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE) { return $this->helper->message($message); } // Do not create multiple valid reset tokens if (!empty($user_row['reset_token']) && (int) $user_row['reset_token_expiration'] >= time()) { return $this->helper->message($message); } // Check users permissions $auth = new auth(); $auth->acl($user_row); if (!$auth->acl_get('u_chgpasswd')) { return $this->helper->message($message); } // Generate reset token $reset_token = strtolower(gen_rand_string(32)); $sql_ary = [ 'reset_token' => $reset_token, 'reset_token_expiration' => strtotime('+1 day'), ]; $sql = 'UPDATE ' . $this->users_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_row['user_id']; $this->db->sql_query($sql); if (!class_exists('messenger')) { include($this->root_path . 'includes/functions_messenger.' . $this->php_ext); } /** @var \messenger $messenger */ $messenger = new \messenger(false); $messenger->template('user_forgot_password', $user_row['user_lang']); $messenger->set_addresses($user_row); $messenger->anti_abuse_headers($this->config, $this->user); $messenger->assign_vars([ 'USERNAME' => html_entity_decode($user_row['username'], ENT_COMPAT), 'U_RESET_PASSWORD' => generate_board_url(true) . $this->helper->route('phpbb_ucp_reset_password_controller', [ 'u' => $user_row['user_id'], 'token' => $reset_token, ], false) ]); $messenger->send($user_row['user_notify_type']); return $this->helper->message($message); } } $this->template->assign_vars([ 'USERNAME' => $username, 'EMAIL' => $email, 'U_RESET_PASSWORD_ACTION' => $this->helper->route('phpbb_ucp_forgot_password_controller'), ]); return $this->helper->render('ucp_reset_password.html', $this->language->lang('RESET_PASSWORD')); } /** * Handle controller requests * * @return Response */ public function reset() { $this->init_controller(); $submit = $this->request->is_set_post('submit'); $reset_token = $this->request->variable('token', ''); $user_id = $this->request->variable('u', 0); if (empty($reset_token)) { return $this->helper->message('NO_RESET_TOKEN'); } if (!$user_id) { return $this->helper->message('NO_USER'); } add_form_key('ucp_reset_password'); $sql_array = [ 'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,' . ' user_lang, user_inactive_reason, reset_token, reset_token_expiration', 'FROM' => [$this->users_table => 'u'], 'WHERE' => 'user_id = ' . $user_id, ]; /** * Change SQL query for fetching user data * * @event core.ucp_reset_password_modify_select_sql * @var int user_id User ID from the form * @var string reset_token Reset token * @var array sql_array Fully assembled SQL query with keys SELECT, FROM, WHERE * @since 3.3.0-b1 */ $vars = [ 'user_id', 'reset_token', 'sql_array', ]; extract($this->dispatcher->trigger_event('core.ucp_reset_password_modify_select_sql', compact($vars))); $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query_limit($sql, 1); $user_row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); $message = $this->language->lang('RESET_TOKEN_EXPIRED_OR_INVALID') . '

' . $this->language->lang('RETURN_INDEX', 'root_path}index.{$this->php_ext}") . '">', ''); if (empty($user_row)) { return $this->helper->message($message); } if (!hash_equals($reset_token, $user_row['reset_token'])) { return $this->helper->message($message); } if ($user_row['reset_token_expiration'] < time()) { $this->remove_reset_token($user_id); return $this->helper->message($message); } $errors = []; if ($submit) { if (!check_form_key('ucp_reset_password')) { return $this->helper->message('FORM_INVALID'); } if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE) { return $this->helper->message($message); } // Check users permissions $auth = new auth(); $auth->acl($user_row); if (!$auth->acl_get('u_chgpasswd')) { return $this->helper->message($message); } if (!function_exists('validate_data')) { include($this->root_path . 'includes/functions_user.' . $this->php_ext); } $data = [ 'new_password' => $this->request->untrimmed_variable('new_password', '', true), 'password_confirm' => $this->request->untrimmed_variable('new_password_confirm', '', true), ]; $check_data = [ 'new_password' => [ ['string', false, $this->config['min_pass_chars'], 0], ['password'], ], 'password_confirm' => ['string', true, $this->config['min_pass_chars'], 0], ]; $errors = array_merge($errors, validate_data($data, $check_data)); if (strcmp($data['new_password'], $data['password_confirm']) !== 0) { $errors[] = $data['password_confirm'] ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY'; } if (empty($errors)) { $sql_ary = [ 'user_password' => $this->passwords_manager->hash($data['new_password']), 'user_passchg' => time(), 'user_login_attempts' => 0, 'reset_token' => '', 'reset_token_expiration' => 0, ]; $sql = 'UPDATE ' . $this->users_table . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . (int) $user_row['user_id']; $this->db->sql_query($sql); $this->user->reset_login_keys($user_row['user_id']); $this->log->add('user', $user_row['user_id'], $this->user->ip, 'LOG_USER_NEW_PASSWORD', false, [ 'reportee_id' => $user_row['user_id'], $user_row['username'] ]); meta_refresh(3, append_sid("{$this->root_path}index.{$this->php_ext}")); return $this->helper->message($this->language->lang('PASSWORD_RESET')); } } $this->template->assign_vars([ 'PASSWORD_RESET_ERRORS' => !empty($errors) ? array_map([$this->language, 'lang'], $errors) : '', 'S_IS_PASSWORD_RESET' => true, 'U_RESET_PASSWORD_ACTION' => $this->helper->route('phpbb_ucp_reset_password_controller'), 'L_CHANGE_PASSWORD_EXPLAIN' => $this->language->lang($this->config['pass_complex'] . '_EXPLAIN', $this->language->lang('CHARACTERS', (int) $this->config['min_pass_chars'])), 'S_HIDDEN_FIELDS' => build_hidden_fields([ 'u' => $user_id, 'token' => $reset_token, ]), ]); return $this->helper->render('ucp_reset_password.html', $this->language->lang('RESET_PASSWORD')); } }