| commit | author | age | ||
| da1da4 | 1 | <?php |
| T | 2 | |
| 3 | /* | |
| 4 | Copyright (c) 2008, Till Brehm, projektfarm Gmbh | |
| 5 | All rights reserved. | |
| 6 | ||
| 7 | Redistribution and use in source and binary forms, with or without modification, | |
| 8 | are permitted provided that the following conditions are met: | |
| 9 | ||
| 10 | * Redistributions of source code must retain the above copyright notice, | |
| 11 | this list of conditions and the following disclaimer. | |
| 12 | * Redistributions in binary form must reproduce the above copyright notice, | |
| 13 | this list of conditions and the following disclaimer in the documentation | |
| 14 | and/or other materials provided with the distribution. | |
| 15 | * Neither the name of ISPConfig nor the names of its contributors | |
| 16 | may be used to endorse or promote products derived from this software without | |
| 17 | specific prior written permission. | |
| 18 | ||
| 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 20 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 21 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
| 22 | IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 23 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | |
| 24 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 25 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
| 26 | OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | |
| 27 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, | |
| 28 | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 29 | */ | |
| 30 | ||
| 7fe908 | 31 | require_once '../../lib/config.inc.php'; |
| MC | 32 | require_once '../../lib/app.inc.php'; |
| da1da4 | 33 | |
| 0baace | 34 | $app->load('getconf'); |
| TB | 35 | |
| 36 | $security_config = $app->getconf->get_security_config('permissions'); | |
| 37 | if($security_config['password_reset_allowed'] != 'yes') die('Password reset function has been disabled.'); | |
| 38 | ||
| da1da4 | 39 | // Loading the template |
| T | 40 | $app->uses('tpl'); |
| 41 | $app->tpl->newTemplate("form.tpl.htm"); | |
| 7fe908 | 42 | $app->tpl->setInclude('content_tpl', 'templates/password_reset.htm'); |
| da1da4 | 43 | |
| T | 44 | $app->tpl_defaults(); |
| 45 | ||
| 7fe908 | 46 | include ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng'; |
| da1da4 | 47 | $app->tpl->setVar($wb); |
| T | 48 | |
| 49 | if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') { | |
| 7fe908 | 50 | |
| da1da4 | 51 | if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error')); |
| T | 52 | if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error')); |
| 7fe908 | 53 | |
| da1da4 | 54 | $username = $app->db->quote($_POST['username']); |
| T | 55 | $email = $app->db->quote($_POST['email']); |
| 7fe908 | 56 | |
| da1da4 | 57 | $client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'"); |
| a59498 | 58 | |
| da1da4 | 59 | if($client['client_id'] > 0) { |
| 9c7907 | 60 | $server_config_array = $app->getconf->get_global_config(); |
| MC | 61 | $min_password_length = 8; |
| 62 | if(isset($server_config_array['misc']['min_password_length'])) $min_password_length = $server_config_array['misc']['min_password_length']; | |
| 63 | ||
| 64 | $new_password = $app->auth->get_random_password($min_password_length, true); | |
| c614f1 | 65 | $new_password_encrypted = $app->auth->crypt_password($new_password); |
| da1da4 | 66 | $new_password_encrypted = $app->db->quote($new_password_encrypted); |
| 7fe908 | 67 | |
| da1da4 | 68 | $username = $app->db->quote($client['username']); |
| T | 69 | $app->db->query("UPDATE sys_user SET passwort = '$new_password_encrypted' WHERE username = '$username'"); |
| e8e3da | 70 | $app->db->query("UPDATE client SET password = '$new_password_encrypted' WHERE username = '$username'"); |
| 7fe908 | 71 | $app->tpl->setVar("message", $wb['pw_reset']); |
| MC | 72 | |
| a59498 | 73 | $app->uses('getconf,ispcmail'); |
| 9c7907 | 74 | $mail_config = $server_config_array['mail']; |
| a59498 | 75 | if($mail_config['smtp_enabled'] == 'y') { |
| M | 76 | $mail_config['use_smtp'] = true; |
| 77 | $app->ispcmail->setOptions($mail_config); | |
| 78 | } | |
| 79 | $app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']); | |
| 80 | $app->ispcmail->setSubject($wb['pw_reset_mail_title']); | |
| 81 | $app->ispcmail->setMailText($wb['pw_reset_mail_msg'].$new_password); | |
| 82 | $app->ispcmail->send(array($client['contact_name'] => $client['email'])); | |
| 83 | $app->ispcmail->finish(); | |
| 7fe908 | 84 | |
| MC | 85 | $app->plugin->raiseEvent('password_reset', true); |
| 86 | $app->tpl->setVar("msg", $wb['pw_reset']); | |
| da1da4 | 87 | } else { |
| 7fe908 | 88 | $app->tpl->setVar("error", $wb['pw_error']); |
| da1da4 | 89 | } |
| 7fe908 | 90 | |
| da1da4 | 91 | } else { |
| 7fe908 | 92 | $app->tpl->setVar("msg", $wb['pw_error_noinput']); |
| da1da4 | 93 | } |
| T | 94 | |
| 95 | ||
| 96 | $app->tpl_defaults(); | |
| 97 | $app->tpl->pparse(); | |
| 98 | ||
| 99 | ||
| 100 | ||
| 101 | ||
| 102 | ||
| 7fe908 | 103 | ?> |
