You are here

securesite.inc in Secure Site 6

Same filename and directory in other branches
  1. 5 securesite.inc
  2. 6.2 securesite.inc
  3. 7.2 securesite.inc

Support functions for the Secure Site contrib module

File

securesite.inc
View source
<?php

/**
 * @file
 * Support functions for the Secure Site contrib module
 */

/**
 * Returns complete form for login when using the HTML form
 *
 * @return
 *   HTML used in the Secure Site dialog when the HTML login form is in use
 */
function _securesite_login_form() {
  return "\n  <h1>" . t('Login') . '</h1>
  <div id="login">' . variable_get('securesite_login_form', t('<p>Enter your username and password.</p>')) . (!isset($_POST['securesite_request_form']) ? theme('status_messages') : '') . '</div>
  <form action="' . request_uri() . '" method="post">
    <p><label>' . t('Username') . ': <input type="text" maxlength="55" class="form-text" name="edit[name]" id="edit-name" value=""></label></p>
    <p><label>' . t('Password') . ': <input type="password" class="form-password" maxlength="24" name="edit[pass]" id="edit-pass" value=""></label></p>
    <p><input type="hidden" name="securesite_login_form" value="1"><input type="submit" class="form-submit" name="op" value="' . t('Login') . '"></p>
  </form>

';
}

/**
 * Returns complete form for password reset request (if enabled)
 *
 * @return
 *   HTML used in the Secure Site dialog when the HTTP Auth dialog is cancelled
 */
function _securesite_request_form() {
  $securesite_enabled = variable_get('securesite_enabled', SECURESITE_DISABLED);
  $output = '';
  if ($form_msg = variable_get('securesite_request_form', t('<p>Enter your username or e-mail address.</p>'))) {
    if ($securesite_enabled == SECURESITE_FORM) {

      // Only output the HR if also outputting the login form
      $output = "  <hr>\n\n  ";
    }
    $output .= "\n  <h1>" . t('Password Reset') . '</h1>
  <div id="reset">' . $form_msg . '</div>
  ' . theme('status_messages') . '
  <form action="' . request_uri() . '" method="post">
    <p><label>' . t('Username') . ': <input type="text" maxlength="55" class="form-text" name="edit[name]" id="edit-name" value=""></label></p>
    <p><label>' . t('E-mail address') . ': <input type="text" maxlength="64" class="form-text" name="edit[mail]" id="edit-mail" value=""></label></p>
    <p><input type="hidden" name="securesite_request_form" value="1"><input type="submit" class="form-submit" name="op" value="' . t('Reset password') . '"></p>
  </form>

';
  }
  else {
    if ($securesite_enabled == SECURESITE_AUTH) {

      // If password reset is disabled and the login form isn't being used,
      // output a message to the user informing them how to login
      $output = theme('status_messages') . '<p id="password">' . t('Reload the page to try logging in again.') . "</p>\n";
    }
  }
  return $output;
}

/**
 * Print HTML dialog page for Secure Site
 *
 * @param $content
 *   HTML to output for the login and/or password reset form
 */
function _securesite_dialog_page($content) {
  $theme_path = drupal_get_path('theme', variable_get('theme_default', 'garland'));
  $dialog_file = '/securesite-dialog.tpl.php';
  if (file_exists($theme_path . $dialog_file)) {
    include_once $theme_path . $dialog_file;
  }
  else {
    include_once drupal_get_path('module', 'securesite') . $dialog_file;
  }
}

/**
 * Process password reset requests
 *
 * @param $edit
 *   Username or e-mail address of user requesting password reset
 */
function _securesite_password_reset($edit = array()) {
  global $base_url;

  // Only look-up information if input was given
  if ($edit['name'] || $edit['mail']) {

    // User must have an active account
    $load['status'] = 1;

    // Only create array keys/values if something was entered, otherwise
    // user_load() will fail
    if (!empty($edit['name'])) {
      $load['name'] = $edit['name'];
    }
    if (!empty($edit['mail'])) {
      $load['mail'] = $edit['mail'];
    }

    // Check account information
    $account = user_load($load);
    if ($account && $account->uid) {

      // Valid account, e-mail the user a new password
      // Generate a new password for this user
      $account = user_save($account, array(
        'pass' => user_password(),
      ));

      // Mail new password
      $language = user_preferred_language($account);
      $variables = array(
        '!username' => $account->name,
        '!site' => variable_get('site_name', 'Drupal'),
        '!login_url' => user_pass_reset_url($account),
        '!uri' => $base_url,
        '!uri_brief' => preg_replace('`^https?://`i', '', $base_url),
        '!mailto' => $account->mail,
        '!date' => format_date(time()),
        '!login_uri' => url('user', array(
          'absolute' => TRUE,
          'language' => $language,
        )),
        '!edit_uri' => url('user/' . $account->uid . '/edit', array(
          'absolute' => TRUE,
          'language' => $language,
        )),
      );
      $params['subject'] = _user_mail_text('password_reset_subject', $language, $variables);
      $params['body'] = _user_mail_text('password_reset_body', $language, $variables);
      $message = drupal_mail('securesite', 'password', $account->mail, $language, $params);
      if ($message['result']) {
        watchdog('user', 'Password mailed to %name at %email.', array(
          '%name' => $account->name,
          '%email' => $account->mail,
        ));

        // Exit here because presumably the user can't do anything more before
        // visiting the password reset URL
        _securesite_dialog_page('<p id="mail">' . t('Further instructions have been e-mailed to you.') . "</p>\n");
        session_write_close();
        module_invoke_all('exit', request_uri());
        exit;
      }
      else {

        // Note: At this point, the user's password has already been reset
        watchdog('mail', 'Error mailing password to %name at %email.', array(
          '%name' => $account->name,
          '%email' => $account->mail,
        ), WATCHDOG_ERROR);
        drupal_set_message(t('Unable to send e-mail. Please contact the site admin.'), 'error');
      }
    }
    else {

      // Name or mail not valid or account disabled
      drupal_set_message(t('Unrecognized username or e-mail address.'), 'error');
    }
  }
  else {

    // Nothing entered
    drupal_set_message(t('Unrecognized username or e-mail address.'), 'error');
  }
}

Functions

Namesort descending Description
_securesite_dialog_page Print HTML dialog page for Secure Site
_securesite_login_form Returns complete form for login when using the HTML form
_securesite_password_reset Process password reset requests
_securesite_request_form Returns complete form for password reset request (if enabled)