vendor/contao/core-bundle/src/Resources/contao/modules/ModulePassword.php line 53

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of Contao.
  5.  *
  6.  * (c) Leo Feyer
  7.  *
  8.  * @license LGPL-3.0-or-later
  9.  */
  11. namespace Contao;
  13. /**
  14.  * Front end module "lost password".
  15.  *
  16.  * @todo Rename to ModuleLostPassword in Contao 5.0
  17.  */
  18. class ModulePassword extends Module
  19. {
  20.     /**
  21.      * Template
  22.      * @var string
  23.      */
  24.     protected $strTemplate 'mod_lostPassword';
  26.     /**
  27.      * Display a wildcard in the back end
  28.      *
  29.      * @return string
  30.      */
  31.     public function generate()
  32.     {
  33.         $request System::getContainer()->get('request_stack')->getCurrentRequest();
  35.         if ($request && System::getContainer()->get('contao.routing.scope_matcher')->isBackendRequest($request))
  36.         {
  37.             $objTemplate = new BackendTemplate('be_wildcard');
  38.             $objTemplate->wildcard '### ' $GLOBALS['TL_LANG']['FMD']['lostPassword'][0] . ' ###';
  39.             $objTemplate->title $this->headline;
  40.             $objTemplate->id $this->id;
  41.             $objTemplate->link $this->name;
  42.             $objTemplate->href StringUtil::specialcharsUrl(System::getContainer()->get('router')->generate('contao_backend', array('do'=>'themes''table'=>'tl_module''act'=>'edit''id'=>$this->id)));
  44.             return $objTemplate->parse();
  45.         }
  47.         return parent::generate();
  48.     }
  50.     /**
  51.      * Generate the module
  52.      */
  53.     protected function compile()
  54.     {
  55.         System::loadLanguageFile('tl_member');
  56.         $this->loadDataContainer('tl_member');
  58.         // Call onload_callback (e.g. to check permissions)
  59.         if (\is_array($GLOBALS['TL_DCA']['tl_member']['config']['onload_callback'] ?? null))
  60.         {
  61.             foreach ($GLOBALS['TL_DCA']['tl_member']['config']['onload_callback'] as $callback)
  62.             {
  63.                 if (\is_array($callback))
  64.                 {
  65.                     $this->import($callback[0]);
  66.                     $this->{$callback[0]}->{$callback[1]}();
  67.                 }
  68.                 elseif (\is_callable($callback))
  69.                 {
  70.                     $callback();
  71.                 }
  72.             }
  73.         }
  75.         $this->Template->requestToken System::getContainer()->get('contao.csrf.token_manager')->getDefaultTokenValue();
  77.         // Set new password
  78.         if (strncmp(Input::get('token'), 'pw-'3) === 0)
  79.         {
  80.             $this->setNewPassword();
  82.             return;
  83.         }
  85.         // Username widget
  86.         if (!$this->reg_skipName)
  87.         {
  88.             $arrFields['username'] = $GLOBALS['TL_DCA']['tl_member']['fields']['username'];
  89.             $arrFields['username']['name'] = 'username';
  90.         }
  92.         // E-mail widget
  93.         $arrFields['email'] = $GLOBALS['TL_DCA']['tl_member']['fields']['email'];
  94.         $arrFields['email']['name'] = 'email';
  96.         // Captcha widget
  97.         if (!$this->disableCaptcha)
  98.         {
  99.             $arrFields['captcha'] = array
  100.             (
  101.                 'name' => 'lost_password',
  102.                 'label' => $GLOBALS['TL_LANG']['MSC']['securityQuestion'],
  103.                 'inputType' => 'captcha',
  104.                 'eval' => array('mandatory'=>true)
  105.             );
  106.         }
  108.         $row 0;
  109.         $strFields '';
  110.         $doNotSubmit false;
  111.         $strFormId 'tl_lost_password_' $this->id;
  113.         // Initialize the widgets
  114.         foreach ($arrFields as $arrField)
  115.         {
  116.             $strClass $GLOBALS['TL_FFL'][$arrField['inputType']] ?? null;
  118.             // Continue if the class is not defined
  119.             if (!class_exists($strClass))
  120.             {
  121.                 continue;
  122.             }
  124.             $arrField['eval']['required'] = $arrField['eval']['mandatory'] ?? null;
  126.             /** @var Widget $objWidget */
  127.             $objWidget = new $strClass($strClass::getAttributesFromDca($arrField$arrField['name']));
  128.             $objWidget->storeValues true;
  129.             $objWidget->rowClass 'row_' $row . (($row == 0) ? ' row_first' '') . ((($row 2) == 0) ? ' even' ' odd');
  131.             ++$row;
  133.             // Validate the widget
  134.             if (Input::post('FORM_SUBMIT') == $strFormId)
  135.             {
  136.                 $objWidget->validate();
  138.                 if ($objWidget->hasErrors())
  139.                 {
  140.                     $doNotSubmit true;
  141.                 }
  142.             }
  144.             $strFields .= $objWidget->parse();
  145.         }
  147.         $this->Template->fields $strFields;
  148.         $this->Template->hasError $doNotSubmit;
  150.         // Look for an account and send the password link
  151.         if (!$doNotSubmit && Input::post('FORM_SUBMIT') == $strFormId)
  152.         {
  153.             if ($this->reg_skipName)
  154.             {
  155.                 $objMember MemberModel::findActiveByEmailAndUsername(Input::post('email'true));
  156.             }
  157.             else
  158.             {
  159.                 $objMember MemberModel::findActiveByEmailAndUsername(Input::post('email'true), Input::post('username'));
  160.             }
  162.             if ($objMember === null)
  163.             {
  164.                 $this->Template->error $GLOBALS['TL_LANG']['MSC']['accountNotFound'];
  165.             }
  166.             else
  167.             {
  168.                 $this->sendPasswordLink($objMember);
  169.             }
  170.         }
  172.         $this->Template->formId $strFormId;
  173.         $this->Template->username StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['username']);
  174.         $this->Template->email StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['emailAddress']);
  175.         $this->Template->slabel StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['requestPassword']);
  176.         $this->Template->rowLast 'row_' $row ' row_last' . ((($row 2) == 0) ? ' even' ' odd');
  177.     }
  179.     /**
  180.      * Set the new password
  181.      */
  182.     protected function setNewPassword()
  183.     {
  184.         $optIn System::getContainer()->get('contao.opt_in');
  186.         // Find an unconfirmed token with only one related record
  187.         if ((!$optInToken $optIn->find(Input::get('token'))) || !$optInToken->isValid() || \count($arrRelated $optInToken->getRelatedRecords()) != || key($arrRelated) != 'tl_member' || \count($arrIds current($arrRelated)) != || (!$objMember MemberModel::findByPk($arrIds[0])))
  188.         {
  189.             $this->strTemplate 'mod_message';
  191.             $this->Template = new FrontendTemplate($this->strTemplate);
  192.             $this->Template->type 'error';
  193.             $this->Template->message $GLOBALS['TL_LANG']['MSC']['invalidToken'];
  195.             return;
  196.         }
  198.         if ($optInToken->isConfirmed())
  199.         {
  200.             $this->strTemplate 'mod_message';
  202.             $this->Template = new FrontendTemplate($this->strTemplate);
  203.             $this->Template->type 'error';
  204.             $this->Template->message $GLOBALS['TL_LANG']['MSC']['tokenConfirmed'];
  206.             return;
  207.         }
  209.         if ($optInToken->getEmail() != $objMember->email)
  210.         {
  211.             $this->strTemplate 'mod_message';
  213.             $this->Template = new FrontendTemplate($this->strTemplate);
  214.             $this->Template->type 'error';
  215.             $this->Template->message $GLOBALS['TL_LANG']['MSC']['tokenEmailMismatch'];
  217.             return;
  218.         }
  220.         // Initialize the versioning (see #8301)
  221.         $objVersions = new Versions('tl_member'$objMember->id);
  222.         $objVersions->setUsername($objMember->username);
  223.         $objVersions->setUserId(0);
  224.         $objVersions->setEditUrl(System::getContainer()->get('router')->generate('contao_backend', array('do'=>'member''act'=>'edit''id'=>$objMember->id'rt'=>'1')));
  225.         $objVersions->initialize();
  227.         // Define the form field
  228.         $arrField $GLOBALS['TL_DCA']['tl_member']['fields']['password'];
  229.         $strClass $GLOBALS['TL_FFL']['password'] ?? null;
  231.         // Fallback to default if the class is not defined
  232.         if (!class_exists($strClass))
  233.         {
  234.             $strClass 'FormPassword';
  235.         }
  237.         /** @var Widget $objWidget */
  238.         $objWidget = new $strClass($strClass::getAttributesFromDca($arrField'password'));
  239.         $objWidget->currentRecord $objMember->id;
  241.         // Set row classes
  242.         $objWidget->rowClass 'row_0 row_first even';
  243.         $objWidget->rowClassConfirm 'row_1 odd';
  244.         $this->Template->rowLast 'row_2 row_last even';
  246.         $objSession System::getContainer()->get('session');
  248.         // Validate the field
  249.         if (Input::post('FORM_SUBMIT') && Input::post('FORM_SUBMIT') == $objSession->get('setPasswordToken'))
  250.         {
  251.             $objWidget->validate();
  253.             // Set the new password and redirect
  254.             if (!$objWidget->hasErrors())
  255.             {
  256.                 $objSession->set('setPasswordToken''');
  258.                 $objMember->tstamp time();
  259.                 $objMember->locked 0// see #8545
  260.                 $objMember->password $objWidget->value;
  261.                 $objMember->save();
  263.                 $optInToken->confirm();
  265.                 // Create a new version
  266.                 if ($GLOBALS['TL_DCA']['tl_member']['config']['enableVersioning'] ?? null)
  267.                 {
  268.                     $objVersions->create();
  269.                 }
  271.                 // HOOK: set new password callback
  272.                 if (isset($GLOBALS['TL_HOOKS']['setNewPassword']) && \is_array($GLOBALS['TL_HOOKS']['setNewPassword']))
  273.                 {
  274.                     foreach ($GLOBALS['TL_HOOKS']['setNewPassword'] as $callback)
  275.                     {
  276.                         $this->import($callback[0]);
  277.                         $this->{$callback[0]}->{$callback[1]}($objMember$objWidget->value$this);
  278.                     }
  279.                 }
  281.                 // Redirect to the jumpTo page
  282.                 if (($objTarget $this->objModel->getRelated('reg_jumpTo')) instanceof PageModel)
  283.                 {
  284.                     /** @var PageModel $objTarget */
  285.                     $this->redirect($objTarget->getFrontendUrl());
  286.                 }
  288.                 // Confirm
  289.                 $this->strTemplate 'mod_message';
  291.                 $this->Template = new FrontendTemplate($this->strTemplate);
  292.                 $this->Template->type 'confirm';
  293.                 $this->Template->message $GLOBALS['TL_LANG']['MSC']['newPasswordSet'];
  295.                 return;
  296.             }
  297.         }
  299.         $strToken md5(uniqid(mt_rand(), true));
  300.         $objSession->set('setPasswordToken'$strToken);
  302.         $this->Template->formId $strToken;
  303.         $this->Template->fields $objWidget->parse();
  304.         $this->Template->slabel StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['setNewPassword']);
  305.     }
  307.     /**
  308.      * Create a new user and redirect
  309.      *
  310.      * @param MemberModel $objMember
  311.      */
  312.     protected function sendPasswordLink($objMember)
  313.     {
  314.         $optIn System::getContainer()->get('contao.opt_in');
  315.         $optInToken $optIn->create('pw'$objMember->email, array('tl_member'=>array($objMember->id)));
  317.         // Prepare the simple token data
  318.         $arrData $objMember->row();
  319.         $arrData['activation'] = $optInToken->getIdentifier();
  320.         $arrData['domain'] = Idna::decode(Environment::get('host'));
  321.         $arrData['link'] = Idna::decode(Environment::get('base')) . Environment::get('request') . ((strpos(Environment::get('request'), '?') !== false) ? '&' '?') . 'token=' $optInToken->getIdentifier();
  323.         // Send the token
  324.         $optInToken->send(
  325.             sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], Idna::decode(Environment::get('host'))),
  326.             System::getContainer()->get('contao.string.simple_token_parser')->parse($this->reg_password$arrData)
  327.         );
  329.         System::getContainer()->get('monolog.logger.contao.access')->info('A new password has been requested for user ID ' $objMember->id ' (' Idna::decodeEmail($objMember->email) . ')');
  331.         // Check whether there is a jumpTo page
  332.         if (($objJumpTo $this->objModel->getRelated('jumpTo')) instanceof PageModel)
  333.         {
  334.             $this->jumpToOrReload($objJumpTo->row());
  335.         }
  337.         $this->reload();
  338.     }
  339. }
  341. class_alias(ModulePassword::class, 'ModulePassword');