Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
  • Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 39 and 401] [Versions 39 and 402] [Versions 39 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Reset locked-out accounts.
  19   *
  20   * @package    core_auth
  21   * @copyright  2012 Petr Skoda {@link http://skodak.org}
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  require('../config.php');
  26  require_once($CFG->libdir.'/authlib.php');
  27  
  28  $userid = optional_param('u', 0, PARAM_INT);
  29  $secret = optional_param('s', '', PARAM_RAW);
  30  
  31  $PAGE->set_url('/login/unlock_account.php');
  32  $PAGE->set_context(context_system::instance());
  33  
  34  // Override wanted URL, we do not want to end up here again after login!
  35  $SESSION->wantsurl = "$CFG->wwwroot/";
  36  
  37  // Do not disclose details about existence or status of user accounts here.
  38  
  39  if (!$user = $DB->get_record('user', array('id'=>$userid, 'deleted'=>0, 'suspended'=>0))) {
  40      print_error('lockouterrorunlock', 'admin', get_login_url());
  41  }
  42  
  43  $usersecret = get_user_preferences('login_lockout_secret', false, $user);
  44  
  45  if ($secret === $usersecret) {
  46      login_unlock_account($user);
  47      if ($USER->id == $user->id) {
  48          redirect("$CFG->wwwroot/");
  49      } else {
  50          redirect(get_login_url());
  51      }
  52  }
  53  
  54  print_error('lockouterrorunlock', 'admin', get_login_url());