From 3f852a3233b2ee51c3fab7dc6d077778fd35e0fd Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Thu, 8 Aug 2019 22:01:51 +0200
Subject: [ticket/11327] Move UCP remind functionality to a controller for
 password reset

PHPBB3-11327
---
 phpBB/config/default/container/services.yml     |   1 +
 phpBB/config/default/container/services_ucp.yml |  15 ++
 phpBB/config/default/routing/routing.yml        |   4 +
 phpBB/config/default/routing/ucp.yml            |   3 +
 phpBB/includes/functions.php                    |   5 +-
 phpBB/includes/ucp/ucp_remind.php               | 174 ------------------------
 phpBB/phpbb/ucp/controller/reset_password.php   | 174 ++++++++++++++++++++++++
 phpBB/ucp.php                                   |   6 +-
 8 files changed, 205 insertions(+), 177 deletions(-)
 create mode 100644 phpBB/config/default/container/services_ucp.yml
 create mode 100644 phpBB/config/default/routing/ucp.yml
 delete mode 100644 phpBB/includes/ucp/ucp_remind.php
 create mode 100644 phpBB/phpbb/ucp/controller/reset_password.php

diff --git a/phpBB/config/default/container/services.yml b/phpBB/config/default/container/services.yml
index 3ead1e6181..2d4720029d 100644
--- a/phpBB/config/default/container/services.yml
+++ b/phpBB/config/default/container/services.yml
@@ -27,6 +27,7 @@ imports:
     - { resource: services_text_formatter.yml }
     - { resource: services_text_reparser.yml }
     - { resource: services_twig.yml }
+    - { resource: services_ucp.yml }
     - { resource: services_user.yml }
 
     - { resource: tables.yml }
diff --git a/phpBB/config/default/container/services_ucp.yml b/phpBB/config/default/container/services_ucp.yml
new file mode 100644
index 0000000000..615a5698c4
--- /dev/null
+++ b/phpBB/config/default/container/services_ucp.yml
@@ -0,0 +1,15 @@
+services:
+    phpbb.ucp.controller.reset_password:
+        class: phpbb\ucp\controller\reset_password
+        arguments:
+            - '@config'
+            - '@dbal.conn'
+            - '@dispatcher'
+            - '@controller.helper'
+            - '@language'
+            - '@passwords.manager'
+            - '@request'
+            - '@template'
+            - '@user'
+            - '%core.root_path%'
+            - '%core.php_ext%'
diff --git a/phpBB/config/default/routing/routing.yml b/phpBB/config/default/routing/routing.yml
index 199c5229b0..a5e9265dc3 100644
--- a/phpBB/config/default/routing/routing.yml
+++ b/phpBB/config/default/routing/routing.yml
@@ -26,3 +26,7 @@ phpbb_help_routing:
 
 phpbb_report_routing:
     resource: report.yml
+
+phpbb_ucp_routing:
+    resource: ucp.yml
+    prefix: /user
diff --git a/phpBB/config/default/routing/ucp.yml b/phpBB/config/default/routing/ucp.yml
new file mode 100644
index 0000000000..be97f597a0
--- /dev/null
+++ b/phpBB/config/default/routing/ucp.yml
@@ -0,0 +1,3 @@
+phpbb_ucp_reset_password_controller:
+    path: /reset_password
+    defaults: { _controller: phpbb.ucp.controller.reset_password:handle }
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 2aa98b384e..5ac26b450e 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2519,11 +2519,14 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 
 	$s_hidden_fields = build_hidden_fields($s_hidden_fields);
 
+	/** @var \phpbb\controller\helper $controller_helper */
+	$controller_helper = $phpbb_container->get('controller.helper');
+
 	$login_box_template_data = array(
 		'LOGIN_ERROR'		=> $err,
 		'LOGIN_EXPLAIN'		=> $l_explain,
 
-		'U_SEND_PASSWORD' 		=> ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '',
+		'U_SEND_PASSWORD' 		=> ($config['email_enable']) ? $controller_helper->route('phpbb_ucp_reset_password_controller') : '',
 		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
 		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
 		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php
deleted file mode 100644
index e50428bfea..0000000000
--- a/phpBB/includes/ucp/ucp_remind.php
+++ /dev/null
@@ -1,174 +0,0 @@
-<?php
-/**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
-
-/**
-* @ignore
-*/
-if (!defined('IN_PHPBB'))
-{
-	exit;
-}
-
-/**
-* ucp_remind
-* Sending password reminders
-*/
-class ucp_remind
-{
-	var $u_action;
-
-	function main($id, $mode)
-	{
-		global $config, $phpbb_root_path, $phpEx, $request;
-		global $db, $user, $template, $phpbb_container, $phpbb_dispatcher;
-
-		if (!$config['allow_password_reset'])
-		{
-			trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'));
-		}
-
-		$username	= $request->variable('username', '', true);
-		$email		= strtolower($request->variable('email', ''));
-		$submit		= (isset($_POST['submit'])) ? true : false;
-
-		add_form_key('ucp_remind');
-
-		if ($submit)
-		{
-			if (!check_form_key('ucp_remind'))
-			{
-				trigger_error('FORM_INVALID');
-			}
-
-			if (empty($email))
-			{
-				trigger_error('NO_EMAIL_USER');
-			}
-
-			$sql_array = array(
-				'SELECT'	=> 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
-				'FROM'		=> array(USERS_TABLE => 'u'),
-				'WHERE'		=> "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" .
-					(!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''),
-			);
-
-			/**
-			* Change SQL query for fetching user data
-			*
-			* @event core.ucp_remind_modify_select_sql
-			* @var	string	email		User's email from the form
-			* @var	string	username	User's username from the form
-			* @var	array	sql_array	Fully assembled SQL query with keys SELECT, FROM, WHERE
-			* @since 3.1.11-RC1
-			*/
-			$vars = array(
-				'email',
-				'username',
-				'sql_array',
-			);
-			extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
-
-			$sql = $db->sql_build_query('SELECT', $sql_array);
-			$result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
-			$rowset = $db->sql_fetchrowset($result);
-
-			if (count($rowset) > 1)
-			{
-				$db->sql_freeresult($result);
-
-				$template->assign_vars(array(
-					'USERNAME_REQUIRED'	=> true,
-					'EMAIL'				=> $email,
-				));
-			}
-			else
-			{
-				$message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
-
-				if (empty($rowset))
-				{
-					trigger_error($message);
-				}
-
-				$user_row = $rowset[0];
-				$db->sql_freeresult($result);
-
-				if (!$user_row)
-				{
-					trigger_error($message);
-				}
-
-				if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
-				{
-					trigger_error($message);
-				}
-
-				// Check users permissions
-				$auth2 = new \phpbb\auth\auth();
-				$auth2->acl($user_row);
-
-				if (!$auth2->acl_get('u_chgpasswd'))
-				{
-					trigger_error($message);
-				}
-
-				$server_url = generate_board_url();
-
-				// Make password at least 8 characters long, make it longer if admin wants to.
-				// gen_rand_string() however has a limit of 12 or 13.
-				$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
-
-				// For the activation key a random length between 6 and 10 will do.
-				$user_actkey = gen_rand_string(mt_rand(6, 10));
-
-				// Instantiate passwords manager
-				/* @var $manager \phpbb\passwords\manager */
-				$passwords_manager = $phpbb_container->get('passwords.manager');
-
-				$sql = 'UPDATE ' . USERS_TABLE . "
-					SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
-					WHERE user_id = " . $user_row['user_id'];
-				$db->sql_query($sql);
-
-				include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
-
-				$messenger = new messenger(false);
-
-				$messenger->template('user_activate_passwd', $user_row['user_lang']);
-
-				$messenger->set_addresses($user_row);
-
-				$messenger->anti_abuse_headers($config, $user);
-
-				$messenger->assign_vars(array(
-					'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
-					'PASSWORD'		=> htmlspecialchars_decode($user_password),
-					'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
-				);
-
-				$messenger->send($user_row['user_notify_type']);
-
-				trigger_error($message);
-			}
-		}
-
-		$template->assign_vars(array(
-			'USERNAME'			=> $username,
-			'EMAIL'				=> $email,
-			'S_PROFILE_ACTION'	=> append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))
-		);
-
-		$this->tpl_name = 'ucp_remind';
-		$this->page_title = 'UCP_REMIND';
-	}
-}
diff --git a/phpBB/phpbb/ucp/controller/reset_password.php b/phpBB/phpbb/ucp/controller/reset_password.php
new file mode 100644
index 0000000000..e50428bfea
--- /dev/null
+++ b/phpBB/phpbb/ucp/controller/reset_password.php
@@ -0,0 +1,174 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_remind
+* Sending password reminders
+*/
+class ucp_remind
+{
+	var $u_action;
+
+	function main($id, $mode)
+	{
+		global $config, $phpbb_root_path, $phpEx, $request;
+		global $db, $user, $template, $phpbb_container, $phpbb_dispatcher;
+
+		if (!$config['allow_password_reset'])
+		{
+			trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'));
+		}
+
+		$username	= $request->variable('username', '', true);
+		$email		= strtolower($request->variable('email', ''));
+		$submit		= (isset($_POST['submit'])) ? true : false;
+
+		add_form_key('ucp_remind');
+
+		if ($submit)
+		{
+			if (!check_form_key('ucp_remind'))
+			{
+				trigger_error('FORM_INVALID');
+			}
+
+			if (empty($email))
+			{
+				trigger_error('NO_EMAIL_USER');
+			}
+
+			$sql_array = array(
+				'SELECT'	=> 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
+				'FROM'		=> array(USERS_TABLE => 'u'),
+				'WHERE'		=> "user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'" .
+					(!empty($username) ? " AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'" : ''),
+			);
+
+			/**
+			* Change SQL query for fetching user data
+			*
+			* @event core.ucp_remind_modify_select_sql
+			* @var	string	email		User's email from the form
+			* @var	string	username	User's username from the form
+			* @var	array	sql_array	Fully assembled SQL query with keys SELECT, FROM, WHERE
+			* @since 3.1.11-RC1
+			*/
+			$vars = array(
+				'email',
+				'username',
+				'sql_array',
+			);
+			extract($phpbb_dispatcher->trigger_event('core.ucp_remind_modify_select_sql', compact($vars)));
+
+			$sql = $db->sql_build_query('SELECT', $sql_array);
+			$result = $db->sql_query_limit($sql, 2); // don't waste resources on more rows than we need
+			$rowset = $db->sql_fetchrowset($result);
+
+			if (count($rowset) > 1)
+			{
+				$db->sql_freeresult($result);
+
+				$template->assign_vars(array(
+					'USERNAME_REQUIRED'	=> true,
+					'EMAIL'				=> $email,
+				));
+			}
+			else
+			{
+				$message = $user->lang['PASSWORD_UPDATED_IF_EXISTED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
+
+				if (empty($rowset))
+				{
+					trigger_error($message);
+				}
+
+				$user_row = $rowset[0];
+				$db->sql_freeresult($result);
+
+				if (!$user_row)
+				{
+					trigger_error($message);
+				}
+
+				if ($user_row['user_type'] == USER_IGNORE || $user_row['user_type'] == USER_INACTIVE)
+				{
+					trigger_error($message);
+				}
+
+				// Check users permissions
+				$auth2 = new \phpbb\auth\auth();
+				$auth2->acl($user_row);
+
+				if (!$auth2->acl_get('u_chgpasswd'))
+				{
+					trigger_error($message);
+				}
+
+				$server_url = generate_board_url();
+
+				// Make password at least 8 characters long, make it longer if admin wants to.
+				// gen_rand_string() however has a limit of 12 or 13.
+				$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
+
+				// For the activation key a random length between 6 and 10 will do.
+				$user_actkey = gen_rand_string(mt_rand(6, 10));
+
+				// Instantiate passwords manager
+				/* @var $manager \phpbb\passwords\manager */
+				$passwords_manager = $phpbb_container->get('passwords.manager');
+
+				$sql = 'UPDATE ' . USERS_TABLE . "
+					SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
+					WHERE user_id = " . $user_row['user_id'];
+				$db->sql_query($sql);
+
+				include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+
+				$messenger = new messenger(false);
+
+				$messenger->template('user_activate_passwd', $user_row['user_lang']);
+
+				$messenger->set_addresses($user_row);
+
+				$messenger->anti_abuse_headers($config, $user);
+
+				$messenger->assign_vars(array(
+					'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+					'PASSWORD'		=> htmlspecialchars_decode($user_password),
+					'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
+				);
+
+				$messenger->send($user_row['user_notify_type']);
+
+				trigger_error($message);
+			}
+		}
+
+		$template->assign_vars(array(
+			'USERNAME'			=> $username,
+			'EMAIL'				=> $email,
+			'S_PROFILE_ACTION'	=> append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))
+		);
+
+		$this->tpl_name = 'ucp_remind';
+		$this->page_title = 'UCP_REMIND';
+	}
+}
diff --git a/phpBB/ucp.php b/phpBB/ucp.php
index c60d9930fc..34a6c6bb99 100644
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@@ -63,8 +63,10 @@ switch ($mode)
 	break;
 
 	case 'sendpassword':
-		$module->load('ucp', 'remind');
-		$module->display($user->lang['UCP_REMIND']);
+		/** @var \phpbb\controller\helper $controller_helper */
+		$controller_helper = $phpbb_container->get('controller.helper');
+
+		redirect($controller_helper->route('phpbb_ucp_reset_password_controller'));
 	break;
 
 	case 'register':
-- 
cgit v1.2.1