| commit | author | age | ||
| da1da4 | 1 | <?php |
| T | 2 | |
| 3 | /* | |
| 4 | Copyright (c) 2008, Till Brehm, projektfarm Gmbh | |
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without modification, | |
| 8 | are permitted provided that the following conditions are met: | |
| 9 | ||
| 0de30f | 10 | * Redistributions of source code must retain the above copyright notice, |
| L | 11 | this list of conditions and the following disclaimer. |
| 12 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 13 | this list of conditions and the following disclaimer in the documentation | |
| 14 | and/or other materials provided with the distribution. | |
| 15 | * Neither the name of ISPConfig nor the names of its contributors | |
| 16 | may be used to endorse or promote products derived from this software without | |
| 17 | specific prior written permission. | |
| da1da4 | 18 | |
| T | 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
| 20 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 21 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 22 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 23 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 24 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 26 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 27 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 28 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 0de30f | 29 | */ |
| da1da4 | 30 | |
| 7fe908 | 31 | require_once '../../lib/config.inc.php'; |
| MC | 32 | require_once '../../lib/app.inc.php'; |
| da1da4 | 33 | |
| 0baace | 34 | $app->load('getconf'); |
| TB | 35 | |
| 36 | $security_config = $app->getconf->get_security_config('permissions'); | |
| 37 | if($security_config['password_reset_allowed'] != 'yes') die('Password reset function has been disabled.'); | |
| 38 | ||
| da1da4 | 39 | // Loading the template |
| T | 40 | $app->uses('tpl'); |
| 41 | $app->tpl->newTemplate("form.tpl.htm"); | |
| 7fe908 | 42 | $app->tpl->setInclude('content_tpl', 'templates/password_reset.htm'); |
| da1da4 | 43 | |
| T | 44 | $app->tpl_defaults(); |
| 45 | ||
| 7fe908 | 46 | include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng'; |
| da1da4 | 47 | $app->tpl->setVar($wb); |
| T | 48 | |
| 49 | if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') { | |
| 7fe908 | 50 | |
| da1da4 | 51 | if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error')); |
| T | 52 | if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error')); |
| 7fe908 | 53 | |
| 2af58c | 54 | $username = $_POST['username']; |
| MC | 55 | $email = $_POST['email']; |
| 7fe908 | 56 | |
| 081367 | 57 | $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email); |
| a59498 | 58 | |
| 0de30f | 59 | if($client['lost_password_function'] == 0) { |
| L | 60 | $app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']); |
| da1da4 | 61 | } else { |
| 0de30f | 62 | if($client['client_id'] > 0) { |
| ffb04d | 63 | $server_config_array = $app->getconf->get_global_config(); |
| MC | 64 | $min_password_length = 8; |
| 65 | if(isset($server_config_array['misc']['min_password_length'])) $min_password_length = $server_config_array['misc']['min_password_length']; | |
| 66 | ||
| 67 | $new_password = $app->auth->get_random_password($min_password_length, true); | |
| 0de30f | 68 | $new_password_encrypted = $app->auth->crypt_password($new_password); |
| 7fe908 | 69 | |
| 2af58c | 70 | $username = $client['username']; |
| cc7a82 | 71 | $app->db->query("UPDATE sys_user SET passwort = ? WHERE username = ?", $new_password_encrypted, $username); |
| MC | 72 | $app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username); |
| 0de30f | 73 | $app->tpl->setVar("message", $wb['pw_reset']); |
| L | 74 | |
| 75 | $app->uses('getconf,ispcmail'); | |
| ffb04d | 76 | $mail_config = $server_config_array['mail']; |
| 0de30f | 77 | if($mail_config['smtp_enabled'] == 'y') { |
| L | 78 | $mail_config['use_smtp'] = true; |
| 79 | $app->ispcmail->setOptions($mail_config); | |
| 80 | } | |
| 81 | $app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']); | |
| 82 | $app->ispcmail->setSubject($wb['pw_reset_mail_title']); | |
| 83 | $app->ispcmail->setMailText($wb['pw_reset_mail_msg'].$new_password); | |
| 84 | $app->ispcmail->send(array($client['contact_name'] => $client['email'])); | |
| 85 | $app->ispcmail->finish(); | |
| 86 | ||
| 87 | $app->plugin->raiseEvent('password_reset', true); | |
| 88 | $app->tpl->setVar("msg", $wb['pw_reset']); | |
| 89 | } else { | |
| 90 | $app->tpl->setVar("error", $wb['pw_error']); | |
| 91 | } | |
| 92 | } | |
| da1da4 | 93 | } else { |
| 7fe908 | 94 | $app->tpl->setVar("msg", $wb['pw_error_noinput']); |
| da1da4 | 95 | } |
| T | 96 | |
| 97 | ||
| 98 | $app->tpl_defaults(); | |
| 99 | $app->tpl->pparse(); | |
| 100 | ||
| 101 | ||
| 102 | ||
| 103 | ||
| 104 | ||
| 7fe908 | 105 | ?> |
