commit | author | age
|
da1da4
|
1 |
<?php |
T |
2 |
|
|
3 |
/* |
|
4 |
Copyright (c) 2008, Till Brehm, projektfarm Gmbh |
|
5 |
All rights reserved. |
|
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
0de30f
|
10 |
* Redistributions of source code must retain the above copyright notice, |
L |
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
da1da4
|
18 |
|
T |
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
0de30f
|
29 |
*/ |
da1da4
|
30 |
|
7fe908
|
31 |
require_once '../../lib/config.inc.php'; |
MC |
32 |
require_once '../../lib/app.inc.php'; |
da1da4
|
33 |
|
0baace
|
34 |
$app->load('getconf'); |
TB |
35 |
|
|
36 |
$security_config = $app->getconf->get_security_config('permissions'); |
|
37 |
if($security_config['password_reset_allowed'] != 'yes') die('Password reset function has been disabled.'); |
|
38 |
|
da1da4
|
39 |
// Loading the template |
T |
40 |
$app->uses('tpl'); |
|
41 |
$app->tpl->newTemplate("form.tpl.htm"); |
7fe908
|
42 |
$app->tpl->setInclude('content_tpl', 'templates/password_reset.htm'); |
da1da4
|
43 |
|
T |
44 |
$app->tpl_defaults(); |
|
45 |
|
7fe908
|
46 |
include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng'; |
da1da4
|
47 |
$app->tpl->setVar($wb); |
T |
48 |
|
|
49 |
if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') { |
7fe908
|
50 |
|
da1da4
|
51 |
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error')); |
T |
52 |
if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error')); |
7fe908
|
53 |
|
2af58c
|
54 |
$username = $_POST['username']; |
MC |
55 |
$email = $_POST['email']; |
7fe908
|
56 |
|
081367
|
57 |
$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email); |
a59498
|
58 |
|
0de30f
|
59 |
if($client['lost_password_function'] == 0) { |
L |
60 |
$app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']); |
da1da4
|
61 |
} else { |
0de30f
|
62 |
if($client['client_id'] > 0) { |
ffb04d
|
63 |
$server_config_array = $app->getconf->get_global_config(); |
MC |
64 |
$min_password_length = 8; |
|
65 |
if(isset($server_config_array['misc']['min_password_length'])) $min_password_length = $server_config_array['misc']['min_password_length']; |
|
66 |
|
|
67 |
$new_password = $app->auth->get_random_password($min_password_length, true); |
0de30f
|
68 |
$new_password_encrypted = $app->auth->crypt_password($new_password); |
7fe908
|
69 |
|
2af58c
|
70 |
$username = $client['username']; |
cc7a82
|
71 |
$app->db->query("UPDATE sys_user SET passwort = ? WHERE username = ?", $new_password_encrypted, $username); |
MC |
72 |
$app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username); |
0de30f
|
73 |
$app->tpl->setVar("message", $wb['pw_reset']); |
L |
74 |
|
|
75 |
$app->uses('getconf,ispcmail'); |
ffb04d
|
76 |
$mail_config = $server_config_array['mail']; |
0de30f
|
77 |
if($mail_config['smtp_enabled'] == 'y') { |
L |
78 |
$mail_config['use_smtp'] = true; |
|
79 |
$app->ispcmail->setOptions($mail_config); |
|
80 |
} |
|
81 |
$app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']); |
|
82 |
$app->ispcmail->setSubject($wb['pw_reset_mail_title']); |
|
83 |
$app->ispcmail->setMailText($wb['pw_reset_mail_msg'].$new_password); |
|
84 |
$app->ispcmail->send(array($client['contact_name'] => $client['email'])); |
|
85 |
$app->ispcmail->finish(); |
|
86 |
|
|
87 |
$app->plugin->raiseEvent('password_reset', true); |
|
88 |
$app->tpl->setVar("msg", $wb['pw_reset']); |
|
89 |
} else { |
|
90 |
$app->tpl->setVar("error", $wb['pw_error']); |
|
91 |
} |
|
92 |
} |
da1da4
|
93 |
} else { |
7fe908
|
94 |
$app->tpl->setVar("msg", $wb['pw_error_noinput']); |
da1da4
|
95 |
} |
T |
96 |
|
|
97 |
|
|
98 |
$app->tpl_defaults(); |
|
99 |
$app->tpl->pparse(); |
|
100 |
|
|
101 |
|
|
102 |
|
|
103 |
|
|
104 |
|
7fe908
|
105 |
?> |