diff --git a/components/com_users/controllers/remind.php b/components/com_users/controllers/remind.php index 8aead5313f858..f128e63243491 100644 --- a/components/com_users/controllers/remind.php +++ b/components/com_users/controllers/remind.php @@ -37,7 +37,7 @@ public function remind() $return = $model->processRemindRequest($data); // Check for a hard error. - if ($return == false) + if ($return == false && JDEBUG) { // The request failed. // Go back to the request form. @@ -46,14 +46,11 @@ public function remind() return false; } - else - { - // The request succeeded. - // Proceed to step two. - $message = JText::_('COM_USERS_REMIND_REQUEST_SUCCESS'); - $this->setRedirect(JRoute::_('index.php?option=com_users&view=login', false), $message); - return true; - } + // To not expose if the user exists or not we send a generic message. + $message = JText::_('COM_USERS_REMIND_REQUEST'); + $this->setRedirect(JRoute::_('index.php?option=com_users&view=login', false), $message, 'notice'); + + return true; } } diff --git a/components/com_users/controllers/reset.php b/components/com_users/controllers/reset.php index c06224091173e..2fd42477a83ce 100644 --- a/components/com_users/controllers/reset.php +++ b/components/com_users/controllers/reset.php @@ -38,7 +38,7 @@ public function request() $return = $model->processResetRequest($data); // Check for a hard error. - if ($return instanceof Exception) + if ($return instanceof Exception && JDEBUG) { // Get the error message to display. if ($app->get('error_reporting')) @@ -55,7 +55,7 @@ public function request() return false; } - elseif ($return === false) + elseif ($return === false && JDEBUG) { // The request failed. // Go back to the request form. @@ -64,14 +64,12 @@ public function request() return false; } - else - { - // The request succeeded. - // Proceed to step two. - $this->setRedirect(JRoute::_('index.php?option=com_users&view=reset&layout=confirm', false)); - return true; - } + // To not expose if the user exists or not we send a generic message. + $message = JText::_('COM_USERS_RESET_REQUEST'); + $this->setRedirect(JRoute::_('index.php?option=com_users&view=reset&layout=confirm', false), $message, 'notice'); + + return true; } /** diff --git a/components/com_users/models/reset.php b/components/com_users/models/reset.php index 713164ced44c5..6ec2260b43aaf 100644 --- a/components/com_users/models/reset.php +++ b/components/com_users/models/reset.php @@ -429,6 +429,32 @@ public function processResetRequest($data) { $this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR')); + // Put together the email template data. + $data = $user->getProperties(); + $data['fromname'] = $config->get('fromname'); + $data['mailfrom'] = $config->get('mailfrom'); + $data['sitename'] = $config->get('sitename'); + + $subject = JText::sprintf( + 'COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', + $data['sitename'] + ); + + $body = JText::sprintf( + 'COM_USERS_REMIND_SUPERADMIN_BODY', + $data['sitename'], + 'https://docs.joomla.org/Special:MyLanguage/How_do_you_recover_or_reset_your_admin_password%3F' + ); + + // Send the password reset request email. + $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body); + + // Check for an error. + if ($return !== true) + { + $this->setError(JText::_('COM_USERS_MAIL_FAILED')); + } + return false; } diff --git a/language/en-GB/en-GB.com_users.ini b/language/en-GB/en-GB.com_users.ini index cd9409ff42163..51164e857b70d 100644 --- a/language/en-GB/en-GB.com_users.ini +++ b/language/en-GB/en-GB.com_users.ini @@ -138,10 +138,12 @@ COM_USERS_REMIND_DEFAULT_LABEL="Please enter the email address associated with y COM_USERS_REMIND_EMAIL_LABEL="Your Email" COM_USERS_REMIND_LIMIT_ERROR_N_HOURS="You have exceeded the maximum number of password resets allowed. Please try again in %s hours." COM_USERS_REMIND_LIMIT_ERROR_N_HOURS_1="You have exceeded the maximum number of password resets allowed. Please try again in one hour." +COM_USERS_REMIND_REQUEST="If the email address you entered is registered on this site you will shortly receive an email with a reminder." COM_USERS_REMIND_REQUEST_ERROR="Error requesting password reminder." COM_USERS_REMIND_REQUEST_FAILED="Reminder failed: %s" COM_USERS_REMIND_REQUEST_SUCCESS="Reminder sent. Please check your mail." -COM_USERS_REMIND_SUPERADMIN_ERROR="A Super User can't request a password reminder. Please contact another Super User or use an alternative method." +COM_USERS_REMIND_SUPERADMIN_BODY="Hello,\n\nA request has been made to reset your %s account password. But, for security reasons, a Super User can't request a password reminder. Please contact another Super User or use an alternative method as described in the documentation: %s" +COM_USERS_REMIND_SUPERADMIN_ERROR="A Super User can't request a password reminder. Please contact another Super User or use an alternative method as described in the documentation." COM_USERS_RESET="Password Reset" COM_USERS_RESET_COMPLETE_ERROR="Error completing password reset." COM_USERS_RESET_COMPLETE_FAILED="Completing reset password failed: %s" @@ -151,6 +153,7 @@ COM_USERS_RESET_CONFIRM_ERROR="Error while confirming the password." COM_USERS_RESET_CONFIRM_FAILED="Your password reset confirmation failed because the verification code was invalid. %s" COM_USERS_RESET_CONFIRM_LABEL="An email has been sent to your email address. The email has a verification code, please paste the verification code in the field below to prove that you are the owner of this account." COM_USERS_RESET_COMPLETE_TOKENS_MISSING="Your password reset confirmation failed because the verification code was missing." +COM_USERS_RESET_REQUEST="If the email address you entered is registered on this site you will shortly receive an email with a link to reset the password for your account." COM_USERS_RESET_REQUEST_ERROR="Error requesting password reset." COM_USERS_RESET_REQUEST_FAILED="Reset password failed: %s" COM_USERS_RESET_REQUEST_LABEL="Please enter the email address for your account. A verification code will be sent to you. Once you have received the verification code, you will be able to choose a new password for your account."