antriver/Moodle email password reset example.php

## Moodle email password reset example.php
<?php

/**
 * When user clicks the "yes, that's my email" link...
 */

//Make a unique key
$key = uniqid();

//Store in the database
$row = new stdClass();
$row->userid = $userID; // (Need the userID from somewhere. Could use email instead probably)
$row->key = $key;
$row->time = time();

$DB->insert_record('password_reset_keys', $row);

$url = "http://dragonnet.ssis-suzhou.net/dragonnet_reset_passwords/reset_password.php?userID={$userID}&key={$key}";

$message = "Hi, click here to reset your password: {$url}";
mail($email, 'Password Reset Link', $message);

?>


<?php

/**
 *  reset_password.php
 */

$key = required_param('key', PARAM_RAW);
$userID = required_param('userID', PARAM_RAW);

// Check key is valid
$row = $DB->get_record('password_reset_keys', array(
	'userID' => $userID,
	'key' => $key,
	'used' => 0
));

if (!$row) {
	die("That key is invalid");
}

// How long should the link be valid for (in seconds)?
if (time() - $row->time > 86400) {
	die("Sorry, that link has expired");
}

// Get user
$user = $DB->get_record('user', array('id' => $userID));

if ($new_password = $_POST['new_password']) {

	//Password resetting time
	update_internal_user_password($user, $new_password);

	//Set the key as used
	$DB->update_field('password_reset_keys', 'used', 1, array('key' => $key);

	echo "Done!";

} else {

	// Show form to enter a new password here
	?>
	<form action="reset_password.php" method="post">
		<input type="hidden" name="key" value="<?=$key?>" />
		<input type="hidden" name="userID" value="<?=$userID?>" />

		<input type="password" name="new_password" value="" />
		<? //TODO: add another box to confirm password ?>

		<input type="submit" value="Change Password" />
	</form>
	<?php
}
	<?php

	/**
	* When user clicks the "yes, that's my email" link...
	*/

	//Make a unique key
	$key = uniqid();

	//Store in the database
	$row = new stdClass();
	$row->userid = $userID; // (Need the userID from somewhere. Could use email instead probably)
	$row->key = $key;
	$row->time = time();

	$DB->insert_record('password_reset_keys', $row);

	$url = "http://dragonnet.ssis-suzhou.net/dragonnet_reset_passwords/reset_password.php?userID={$userID}&key={$key}";

	$message = "Hi, click here to reset your password: {$url}";
	mail($email, 'Password Reset Link', $message);

	?>




	<?php

	/**
	* reset_password.php
	*/

	$key = required_param('key', PARAM_RAW);
	$userID = required_param('userID', PARAM_RAW);

	// Check key is valid
	$row = $DB->get_record('password_reset_keys', array(
	'userID' => $userID,
	'key' => $key,
	'used' => 0
	));

	if (!$row) {
	die("That key is invalid");
	}

	// How long should the link be valid for (in seconds)?
	if (time() - $row->time > 86400) {
	die("Sorry, that link has expired");
	}

	// Get user
	$user = $DB->get_record('user', array('id' => $userID));

	if ($new_password = $_POST['new_password']) {

	//Password resetting time
	update_internal_user_password($user, $new_password);

	//Set the key as used
	$DB->update_field('password_reset_keys', 'used', 1, array('key' => $key);

	echo "Done!";

	} else {

	// Show form to enter a new password here
	?>
	<form action="reset_password.php" method="post">
	<input type="hidden" name="key" value="<?=$key?>" />
	<input type="hidden" name="userID" value="<?=$userID?>" />

	<input type="password" name="new_password" value="" />
	<? //TODO: add another box to confirm password ?>

	<input type="submit" value="Change Password" />
	</form>
	<?php
	}