aboutsummaryrefslogtreecommitdiff
path: root/actions/admin/user/resetpassword.php
diff options
context:
space:
mode:
Diffstat (limited to 'actions/admin/user/resetpassword.php')
-rw-r--r--actions/admin/user/resetpassword.php42
1 files changed, 21 insertions, 21 deletions
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php
index aead052dd..d019a7f55 100644
--- a/actions/admin/user/resetpassword.php
+++ b/actions/admin/user/resetpassword.php
@@ -1,35 +1,36 @@
<?php
/**
- * Admin password reset.
+ * Reset a user's password.
*
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
+ * This is an admin action that generates a new salt and password
+ * for a user, then emails the password to the user's registered
+ * email address.
+ *
+ * NOTE: This is different to the "reset password" link users
+ * can use in that it does not first email the user asking if
+ * they want to have their password reset.
+ *
+ * @package Elgg.Core
+ * @subpackage Administration.User
*/
-global $CONFIG;
-
-// block non-admin users
-admin_gatekeeper();
-
-// Get the user
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
$password = generate_random_cleartext_password();
- $obj->salt = generate_random_cleartext_password(); // Reset the salt
- $obj->password = generate_user_password($obj, $password);
+ // Always reset the salt before generating the user password.
+ $user->salt = generate_random_cleartext_password();
+ $user->password = generate_user_password($user, $password);
- if ($obj->save()) {
+ if ($user->save()) {
system_message(elgg_echo('admin:user:resetpassword:yes'));
- notify_user($obj->guid,
- $CONFIG->site->guid,
+ notify_user($user->guid,
+ elgg_get_site_entity()->guid,
elgg_echo('email:resetpassword:subject'),
- sprintf(elgg_echo('email:resetpassword:body'), $obj->username, $password),
+ elgg_echo('email:resetpassword:body', array($user->username, $password)),
NULL,
'email');
} else {
@@ -39,5 +40,4 @@ if (($obj instanceof ElggUser) && ($obj->canEdit())) {
register_error(elgg_echo('admin:user:resetpassword:no'));
}
-forward($_SERVER['HTTP_REFERER']);
-exit;
+forward(REFERER); \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-15 18:27:42 +0000