3.15.3. password

Prev		Next

3.15.3. password_reset

(Phorum 5 >= 5.2.13)

This hook is called after handling a password reset request. Based on whether a user account can be found for the provided email address and what the account status for that user is, different actions are performed by Phorum before calling this hook:

If no user account can be found for the provided email address, then nothing is done.
If the account is not yet approved by a moderator, then no new password is generated for the user.
If the account is active, then a new password is mailed to the user's email address.
If the account is new and not yet confirmed by email, then a new account confirmation code is generated and sent to the user's email address.

The main purpose of this hook is to log password reset requests.

Call time:

In login.php, after handling a password reset request.

Hook input:

An array containing four elements:

status: the password reset status, which can be: "new_password" (a new password was generated and sent for an active account), "new_verification" (a new account verification code was generated and sent for a new account that was not yet confirmed by email), "unapproved" (in case the account was not yet approved by a moderator, no new password or verification code was generated for the user) or "user_unknown" (when the provided email address cannot be found in the database).
email: the email address that the user entered in the lost password form.
user: a user data array. This is the user data for the email address that the user entered in the lost password form. If no matching user could be found (status = "user_unknown"), then this element will be NULL.
secret: The new password or verification code for respectively the statuses "new_password" and "new_verification". For other statuses, this element will be NULL.

Hook output:

Same as input.

Example code:

function phorum_mod_foo_password_reset($data)
{
    $log = NULL;
    switch ($data['status'])
    {
        case 'new_password':
            $log = 'New password generated for ' .
                   $data['user']['username'] . ': ' .
                   $data['secret']; 
            break;
        case 'new_verification':
            $log = 'New verification code generated for ' .
                   $data['user']['username'] . ': ' .
                   $data['secret']; 
            break;
        case 'user_unknown':
            $log = 'Could not find a user for email ' .
                   $data['email'];
            break;
        case 'unapproved':
            $log = 'No new password generated for ' .
                   'unapproved user ' . $user['username'];
            break;
    }

    if ($log !== NULL) {
        log_the_password_reset($log);
    }

    return $user;
}