ISPConfig3 devel
view | history | commit | commitdiff
Marius Burkard
2016-04-20 4569cae57f127afd093794310ccd290d2d9fdf36
commit | author | age
da1da4 1 <?php
T 2
3 /*
b79c5b 4 Copyright (c) 2008 - 2015, Till Brehm, ISPConfig UG
da1da4 5 All rights reserved.
T 6
7 Redistribution and use in source and binary forms, with or without modification,
8 are permitted provided that the following conditions are met:
9
0de30f 10     * Redistributions of source code must retain the above copyright notice,
L 11       this list of conditions and the following disclaimer.
12     * Redistributions in binary form must reproduce the above copyright notice,
13       this list of conditions and the following disclaimer in the documentation
14       and/or other materials provided with the distribution.
15     * Neither the name of ISPConfig nor the names of its contributors
16       may be used to endorse or promote products derived from this software without
17       specific prior written permission.
da1da4 18
T 19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0de30f 29  */
da1da4 30
7fe908 31 require_once '../../lib/config.inc.php';
MC 32 require_once '../../lib/app.inc.php';
da1da4 33
0baace 34 $app->load('getconf');
TB 35
36 $security_config = $app->getconf->get_security_config('permissions');
37 if($security_config['password_reset_allowed'] != 'yes') die('Password reset function has been disabled.');
38
da1da4 39 // Loading the template
T 40 $app->uses('tpl');
b79c5b 41 $app->tpl->newTemplate('main_login.tpl.htm');
7fe908 42 $app->tpl->setInclude('content_tpl', 'templates/password_reset.htm');
da1da4 43
T 44 $app->tpl_defaults();
45
7fe908 46 include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng';
da1da4 47 $app->tpl->setVar($wb);
b79c5b 48 $continue = true;
da1da4 49
T 50 if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
b79c5b 51     if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) {
TB 52         $app->tpl->setVar("error", $wb['user_regex_error']);
53         $continue = false;
54     }
9ab66a 55     if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
b79c5b 56         $app->tpl->setVar("error", $wb['email_error']);
TB 57         $continue = false;
58     }
7fe908 59
2af58c 60     $username = $_POST['username'];
MC 61     $email = $_POST['email'];
7fe908 62
9ab66a 63     $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NOT NULL AND DATE_SUB(NOW(), INTERVAL 15 MINUTE) < sys_user.lost_password_reqtime, 1, 0) as `lost_password_wait` FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email);
a59498 64
0de30f 65     if($client['lost_password_function'] == 0) {
L 66         $app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']);
9ab66a 67     } elseif($client['lost_password_wait'] == 1) {
MB 68         $app->tpl->setVar("error", $wb['lost_password_function_wait_txt']);
69     } elseif ($continue) {
70         if($client['client_id'] > 0) {
71             $username = $client['username'];
72             $password_hash = sha1(uniqid('ispc_pw'));
73             $app->db->query("UPDATE sys_user SET lost_password_reqtime = NOW(), lost_password_hash = ? WHERE username = ?", $password_hash, $username);
74             $app->tpl->setVar("message", $wb['pw_reset_act']);
75             
76             $server_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
77             if($server_domain == '_') {
78                 $tmp = explode(':',$_SERVER["HTTP_HOST"]);
79                 $server_domain = $tmp[0];
80                 unset($tmp);
81             }
82             if(!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') $server_domain = 'http://' . $server_domain;
83             else $server_domain = 'https://' . $server_domain;
84             
85             if(isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '443') $server_domain .= ':' . $_SERVER['SERVER_PORT'];
86             
87             $app->uses('getconf,ispcmail');
88             $mail_config = $server_config_array['mail'];
89             if($mail_config['smtp_enabled'] == 'y') {
90                 $mail_config['use_smtp'] = true;
91                 $app->ispcmail->setOptions($mail_config);
92             }
93             $app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']);
94             $app->ispcmail->setSubject($wb['pw_reset_act_mail_title']);
95             $app->ispcmail->setMailText($wb['pw_reset_act_mail_msg'].$server_domain . '/login/password_reset.php?username=' . urlencode($username) . '&hash=' . urlencode($password_hash));
96             $app->ispcmail->send(array($client['contact_name'] => $client['email']));
97             $app->ispcmail->finish();
98
99             $app->tpl->setVar("msg", $wb['pw_reset_act']);
100         } else {
101             $app->tpl->setVar("error", $wb['pw_error']);
102         }
103     }
104 } elseif(isset($_GET['username']) && $_GET['username'] != '' && $_GET['hash'] != '') {
105
106     if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_GET['username'])) {
107         $app->tpl->setVar("error", $wb['user_regex_error']);
108         $continue = false;
109     }
110     
111     $username = $_GET['username'];
112     $hash = $_GET['hash'];
113
114     $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NULL OR DATE_SUB(NOW(), INTERVAL 1 DAY) > sys_user.lost_password_reqtime, 1, 0) as `lost_password_expired` FROM client,sys_user WHERE client.username = ? AND client.client_id = sys_user.client_id", $username);
115
116     if($client['lost_password_function'] == 0) {
117         $app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']);
118     } elseif($client['lost_password_expired'] == 1) {
119         $app->tpl->setVar("error", $wb['lost_password_function_expired_txt']);
120     } elseif($client['lost_password_hash'] != $hash) {
121         $app->tpl->setVar("error", $wb['lost_password_function_denied_txt']);
b79c5b 122     } elseif ($continue) {
0de30f 123         if($client['client_id'] > 0) {
ffb04d 124             $server_config_array = $app->getconf->get_global_config();
MC 125             $min_password_length = 8;
126             if(isset($server_config_array['misc']['min_password_length'])) $min_password_length = $server_config_array['misc']['min_password_length'];
127             
128             $new_password = $app->auth->get_random_password($min_password_length, true);
0de30f 129             $new_password_encrypted = $app->auth->crypt_password($new_password);
7fe908 130
2af58c 131             $username = $client['username'];
9ab66a 132             $app->db->query("UPDATE sys_user SET passwort = ?, lost_password_hash = '', lost_password_reqtime = NULL WHERE username = ?", $new_password_encrypted, $username);
cc7a82 133             $app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username);
0de30f 134             $app->tpl->setVar("message", $wb['pw_reset']);
L 135
136             $app->uses('getconf,ispcmail');
ffb04d 137             $mail_config = $server_config_array['mail'];
0de30f 138             if($mail_config['smtp_enabled'] == 'y') {
L 139                 $mail_config['use_smtp'] = true;
140                 $app->ispcmail->setOptions($mail_config);
141             }
142             $app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']);
143             $app->ispcmail->setSubject($wb['pw_reset_mail_title']);
144             $app->ispcmail->setMailText($wb['pw_reset_mail_msg'].$new_password);
145             $app->ispcmail->send(array($client['contact_name'] => $client['email']));
146             $app->ispcmail->finish();
147
148             $app->plugin->raiseEvent('password_reset', true);
149             $app->tpl->setVar("msg", $wb['pw_reset']);
150         } else {
151             $app->tpl->setVar("error", $wb['pw_error']);
152         }
153     }
da1da4 154 } else {
b79c5b 155     if(isset($_POST) && count($_POST) > 0) $app->tpl->setVar("msg", $wb['pw_error_noinput']);
da1da4 156 }
T 157
b79c5b 158 $app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
TB 159
160 // Logo
161 $logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
162 if($logo['custom_logo'] != ''){
163     $base64_logo_txt = $logo['custom_logo'];
164 } else {
165     $base64_logo_txt = $logo['default_logo'];
166 }
167 $tmp_base64 = explode(',', $base64_logo_txt, 2);
168 $logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
169 $app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px');
170 $app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px');
171 $app->tpl->setVar('base64_logo_txt', $base64_logo_txt);
172
173 // Title
174 $app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');
da1da4 175
T 176 $app->tpl_defaults();
177 $app->tpl->pparse();
178
179
180
181
182
7fe908 183 ?>