You are here

function _securesite_password_reset in Secure Site 6

Same name and namespace in other branches
  1. 5 securesite.inc \_securesite_password_reset()

Process password reset requests

Parameters

$edit: Username or e-mail address of user requesting password reset

1 call to _securesite_password_reset()
_securesite_user_auth in ./securesite.module
Display authentication dialog and send password reset mails

File

./securesite.inc, line 86
Support functions for the Secure Site contrib module

Code

function _securesite_password_reset($edit = array()) {
  global $base_url;

  // Only look-up information if input was given
  if ($edit['name'] || $edit['mail']) {

    // User must have an active account
    $load['status'] = 1;

    // Only create array keys/values if something was entered, otherwise
    // user_load() will fail
    if (!empty($edit['name'])) {
      $load['name'] = $edit['name'];
    }
    if (!empty($edit['mail'])) {
      $load['mail'] = $edit['mail'];
    }

    // Check account information
    $account = user_load($load);
    if ($account && $account->uid) {

      // Valid account, e-mail the user a new password
      // Generate a new password for this user
      $account = user_save($account, array(
        'pass' => user_password(),
      ));

      // Mail new password
      $language = user_preferred_language($account);
      $variables = array(
        '!username' => $account->name,
        '!site' => variable_get('site_name', 'Drupal'),
        '!login_url' => user_pass_reset_url($account),
        '!uri' => $base_url,
        '!uri_brief' => preg_replace('`^https?://`i', '', $base_url),
        '!mailto' => $account->mail,
        '!date' => format_date(time()),
        '!login_uri' => url('user', array(
          'absolute' => TRUE,
          'language' => $language,
        )),
        '!edit_uri' => url('user/' . $account->uid . '/edit', array(
          'absolute' => TRUE,
          'language' => $language,
        )),
      );
      $params['subject'] = _user_mail_text('password_reset_subject', $language, $variables);
      $params['body'] = _user_mail_text('password_reset_body', $language, $variables);
      $message = drupal_mail('securesite', 'password', $account->mail, $language, $params);
      if ($message['result']) {
        watchdog('user', 'Password mailed to %name at %email.', array(
          '%name' => $account->name,
          '%email' => $account->mail,
        ));

        // Exit here because presumably the user can't do anything more before
        // visiting the password reset URL
        _securesite_dialog_page('<p id="mail">' . t('Further instructions have been e-mailed to you.') . "</p>\n");
        session_write_close();
        module_invoke_all('exit', request_uri());
        exit;
      }
      else {

        // Note: At this point, the user's password has already been reset
        watchdog('mail', 'Error mailing password to %name at %email.', array(
          '%name' => $account->name,
          '%email' => $account->mail,
        ), WATCHDOG_ERROR);
        drupal_set_message(t('Unable to send e-mail. Please contact the site admin.'), 'error');
      }
    }
    else {

      // Name or mail not valid or account disabled
      drupal_set_message(t('Unrecognized username or e-mail address.'), 'error');
    }
  }
  else {

    // Nothing entered
    drupal_set_message(t('Unrecognized username or e-mail address.'), 'error');
  }
}