commit | author | age
|
da1da4
|
1 |
<?php |
T |
2 |
|
|
3 |
/* |
b79c5b
|
4 |
Copyright (c) 2008 - 2015, Till Brehm, ISPConfig UG |
da1da4
|
5 |
All rights reserved. |
T |
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
0de30f
|
10 |
* Redistributions of source code must retain the above copyright notice, |
L |
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
da1da4
|
18 |
|
T |
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
0de30f
|
29 |
*/ |
da1da4
|
30 |
|
7fe908
|
31 |
require_once '../../lib/config.inc.php'; |
MC |
32 |
require_once '../../lib/app.inc.php'; |
da1da4
|
33 |
|
0baace
|
34 |
$app->load('getconf'); |
TB |
35 |
|
|
36 |
$security_config = $app->getconf->get_security_config('permissions'); |
|
37 |
if($security_config['password_reset_allowed'] != 'yes') die('Password reset function has been disabled.'); |
|
38 |
|
da1da4
|
39 |
// Loading the template |
T |
40 |
$app->uses('tpl'); |
b79c5b
|
41 |
$app->tpl->newTemplate('main_login.tpl.htm'); |
7fe908
|
42 |
$app->tpl->setInclude('content_tpl', 'templates/password_reset.htm'); |
da1da4
|
43 |
|
T |
44 |
$app->tpl_defaults(); |
|
45 |
|
7fe908
|
46 |
include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng'; |
da1da4
|
47 |
$app->tpl->setVar($wb); |
b79c5b
|
48 |
$continue = true; |
da1da4
|
49 |
|
T |
50 |
if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') { |
b79c5b
|
51 |
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) { |
TB |
52 |
$app->tpl->setVar("error", $wb['user_regex_error']); |
|
53 |
$continue = false; |
|
54 |
} |
9ab66a
|
55 |
if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { |
b79c5b
|
56 |
$app->tpl->setVar("error", $wb['email_error']); |
TB |
57 |
$continue = false; |
|
58 |
} |
7fe908
|
59 |
|
2af58c
|
60 |
$username = $_POST['username']; |
MC |
61 |
$email = $_POST['email']; |
7fe908
|
62 |
|
9ab66a
|
63 |
$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NOT NULL AND DATE_SUB(NOW(), INTERVAL 15 MINUTE) < sys_user.lost_password_reqtime, 1, 0) as `lost_password_wait` FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email); |
a59498
|
64 |
|
0de30f
|
65 |
if($client['lost_password_function'] == 0) { |
L |
66 |
$app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']); |
9ab66a
|
67 |
} elseif($client['lost_password_wait'] == 1) { |
MB |
68 |
$app->tpl->setVar("error", $wb['lost_password_function_wait_txt']); |
|
69 |
} elseif ($continue) { |
|
70 |
if($client['client_id'] > 0) { |
|
71 |
$username = $client['username']; |
|
72 |
$password_hash = sha1(uniqid('ispc_pw')); |
|
73 |
$app->db->query("UPDATE sys_user SET lost_password_reqtime = NOW(), lost_password_hash = ? WHERE username = ?", $password_hash, $username); |
|
74 |
$app->tpl->setVar("message", $wb['pw_reset_act']); |
|
75 |
|
|
76 |
$server_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']); |
|
77 |
if($server_domain == '_') { |
|
78 |
$tmp = explode(':',$_SERVER["HTTP_HOST"]); |
|
79 |
$server_domain = $tmp[0]; |
|
80 |
unset($tmp); |
|
81 |
} |
|
82 |
if(!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') $server_domain = 'http://' . $server_domain; |
|
83 |
else $server_domain = 'https://' . $server_domain; |
|
84 |
|
|
85 |
if(isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '443') $server_domain .= ':' . $_SERVER['SERVER_PORT']; |
|
86 |
|
|
87 |
$app->uses('getconf,ispcmail'); |
|
88 |
$mail_config = $server_config_array['mail']; |
|
89 |
if($mail_config['smtp_enabled'] == 'y') { |
|
90 |
$mail_config['use_smtp'] = true; |
|
91 |
$app->ispcmail->setOptions($mail_config); |
|
92 |
} |
|
93 |
$app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']); |
|
94 |
$app->ispcmail->setSubject($wb['pw_reset_act_mail_title']); |
|
95 |
$app->ispcmail->setMailText($wb['pw_reset_act_mail_msg'].$server_domain . '/login/password_reset.php?username=' . urlencode($username) . '&hash=' . urlencode($password_hash)); |
|
96 |
$app->ispcmail->send(array($client['contact_name'] => $client['email'])); |
|
97 |
$app->ispcmail->finish(); |
|
98 |
|
|
99 |
$app->tpl->setVar("msg", $wb['pw_reset_act']); |
|
100 |
} else { |
|
101 |
$app->tpl->setVar("error", $wb['pw_error']); |
|
102 |
} |
|
103 |
} |
|
104 |
} elseif(isset($_GET['username']) && $_GET['username'] != '' && $_GET['hash'] != '') { |
|
105 |
|
|
106 |
if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_GET['username'])) { |
|
107 |
$app->tpl->setVar("error", $wb['user_regex_error']); |
|
108 |
$continue = false; |
|
109 |
} |
|
110 |
|
|
111 |
$username = $_GET['username']; |
|
112 |
$hash = $_GET['hash']; |
|
113 |
|
|
114 |
$client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NULL OR DATE_SUB(NOW(), INTERVAL 1 DAY) > sys_user.lost_password_reqtime, 1, 0) as `lost_password_expired` FROM client,sys_user WHERE client.username = ? AND client.client_id = sys_user.client_id", $username); |
|
115 |
|
|
116 |
if($client['lost_password_function'] == 0) { |
|
117 |
$app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']); |
|
118 |
} elseif($client['lost_password_expired'] == 1) { |
|
119 |
$app->tpl->setVar("error", $wb['lost_password_function_expired_txt']); |
|
120 |
} elseif($client['lost_password_hash'] != $hash) { |
|
121 |
$app->tpl->setVar("error", $wb['lost_password_function_denied_txt']); |
b79c5b
|
122 |
} elseif ($continue) { |
0de30f
|
123 |
if($client['client_id'] > 0) { |
ffb04d
|
124 |
$server_config_array = $app->getconf->get_global_config(); |
MC |
125 |
$min_password_length = 8; |
|
126 |
if(isset($server_config_array['misc']['min_password_length'])) $min_password_length = $server_config_array['misc']['min_password_length']; |
|
127 |
|
|
128 |
$new_password = $app->auth->get_random_password($min_password_length, true); |
0de30f
|
129 |
$new_password_encrypted = $app->auth->crypt_password($new_password); |
7fe908
|
130 |
|
2af58c
|
131 |
$username = $client['username']; |
9ab66a
|
132 |
$app->db->query("UPDATE sys_user SET passwort = ?, lost_password_hash = '', lost_password_reqtime = NULL WHERE username = ?", $new_password_encrypted, $username); |
cc7a82
|
133 |
$app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username); |
0de30f
|
134 |
$app->tpl->setVar("message", $wb['pw_reset']); |
L |
135 |
|
|
136 |
$app->uses('getconf,ispcmail'); |
ffb04d
|
137 |
$mail_config = $server_config_array['mail']; |
0de30f
|
138 |
if($mail_config['smtp_enabled'] == 'y') { |
L |
139 |
$mail_config['use_smtp'] = true; |
|
140 |
$app->ispcmail->setOptions($mail_config); |
|
141 |
} |
|
142 |
$app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']); |
|
143 |
$app->ispcmail->setSubject($wb['pw_reset_mail_title']); |
|
144 |
$app->ispcmail->setMailText($wb['pw_reset_mail_msg'].$new_password); |
|
145 |
$app->ispcmail->send(array($client['contact_name'] => $client['email'])); |
|
146 |
$app->ispcmail->finish(); |
|
147 |
|
|
148 |
$app->plugin->raiseEvent('password_reset', true); |
|
149 |
$app->tpl->setVar("msg", $wb['pw_reset']); |
|
150 |
} else { |
|
151 |
$app->tpl->setVar("error", $wb['pw_error']); |
|
152 |
} |
|
153 |
} |
da1da4
|
154 |
} else { |
b79c5b
|
155 |
if(isset($_POST) && count($_POST) > 0) $app->tpl->setVar("msg", $wb['pw_error_noinput']); |
da1da4
|
156 |
} |
T |
157 |
|
b79c5b
|
158 |
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); |
TB |
159 |
|
|
160 |
// Logo |
|
161 |
$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1"); |
|
162 |
if($logo['custom_logo'] != ''){ |
|
163 |
$base64_logo_txt = $logo['custom_logo']; |
|
164 |
} else { |
|
165 |
$base64_logo_txt = $logo['default_logo']; |
|
166 |
} |
|
167 |
$tmp_base64 = explode(',', $base64_logo_txt, 2); |
|
168 |
$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1])); |
|
169 |
$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px'); |
|
170 |
$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px'); |
|
171 |
$app->tpl->setVar('base64_logo_txt', $base64_logo_txt); |
|
172 |
|
|
173 |
// Title |
|
174 |
$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: '); |
da1da4
|
175 |
|
T |
176 |
$app->tpl_defaults(); |
|
177 |
$app->tpl->pparse(); |
|
178 |
|
|
179 |
|
|
180 |
|
|
181 |
|
|
182 |
|
7fe908
|
183 |
?> |