| install/sql/incremental/upd_dev_collection.sql | ●●●●● patch | view | raw | blame | history | |
| install/sql/ispconfig3.sql | ●●●●● patch | view | raw | blame | history | |
| interface/web/login/lib/lang/de.lng | ●●●●● patch | view | raw | blame | history | |
| interface/web/login/lib/lang/en.lng | ●●●●● patch | view | raw | blame | history | |
| interface/web/login/password_reset.php | ●●●●● patch | view | raw | blame | history |
install/sql/incremental/upd_dev_collection.sql
@@ -216,3 +216,7 @@ ALTER TABLE `client_template` ADD COLUMN `limit_ssl_letsencrypt` enum('n','y') NOT NULL DEFAULT 'n' AFTER `limit_ssl`; ALTER TABLE `client` ADD COLUMN `limit_directive_snippets` ENUM( 'n', 'y' ) NOT NULL DEFAULT 'n' AFTER `limit_backup`; ALTER TABLE `client_template` ADD COLUMN `limit_directive_snippets` ENUM( 'n', 'y' ) NOT NULL DEFAULT 'n' AFTER `limit_backup`; ALTER TABLE `sys_user` ADD COLUMN `lost_password_hash` VARCHAR(50) NOT NULL DEFAULT '', ADD COLUMN `lost_password_reqtime` DATETIME NULL default NULL; install/sql/ispconfig3.sql
@@ -1791,6 +1791,8 @@ `id_rsa` VARCHAR( 2000 ) NOT NULL default '', `ssh_rsa` VARCHAR( 600 ) NOT NULL default '', `lost_password_function` tinyint(1) NOT NULL default '1', `lost_password_hash` VARCHAR(50) NOT NULL default '', `lost_password_reqtime` DATETIME NULL default NULL, PRIMARY KEY (`userid`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
@@ -5,10 +5,13 @@ $wb['error_user_too_many_logins'] = 'Zu viele falsche Logins. Bitte warten Sie 15 Minuten.'; $wb['pass_reset_txt'] = 'Ein neues Passwort wird generiert und an die E-Mail Adresse, die in ihren Benutzereinstellungen hinterlegt ist, gesendet, wenn Ihre eingegeben E-Mail-Adresse mit der hinterlegten E-Mail-Adresse übereinstimmt.'; $wb['pw_reset'] = 'Das Passwort wurde zurückgesetzt und wird per E-Mail an Sie geschickt.'; $wb['pw_reset_act'] = 'Ein Aktivierungslink wurde per E-Mail an Sie geschickt. Bitte bestätigen Sie die Anforderung eines neuen Passwortes.'; $wb['pw_error'] = 'Benutzername oder E-Mail Adresse stimmen nicht überein.'; $wb['pw_error_noinput'] = 'Bitte geben Sie Ihre E-Mail Adresse und Ihren Benutzernamen ein.'; $wb['pw_reset_mail_msg'] = 'Das Passwort wurde zurückgesetzt. Das neue Passwort lautet: '; $wb['pw_reset_mail_title'] = 'Ihr Passwort wurde zurückgesetzt.'; $wb['pw_reset_mail_title'] = 'Ihr Passwort wurde zurückgesetzt'; $wb['pw_reset_act_mail_msg'] = 'Bitte bestätigen Sie die Anforderung eines neuen Passworts, indem Sie folgenden Link besuchen: '; $wb['pw_reset_act_mail_title'] = 'Anforderung zum Zurücksetzen des Passworts'; $wb['user_regex_error'] = 'Benutzername beinhaltet nicht erlaubte Zeichen oder ist länger als 64 Zeichen.'; $wb['pw_error_length'] = 'Die Passwortlänge ist < 1 oder > 64 Zeichen.'; $wb['login_txt'] = 'Anmelden'; @@ -25,4 +28,7 @@ $wb['stay_logged_in_txt'] = 'Dauerhaft eingeloggt bleiben'; $wb['email_error'] = 'Email contains unallowed characters or has a invalid format.'; $wb['lost_password_function_disabled_txt'] = 'Die Passwort vergessen Funktion steht für diesen Benutzer nicht zur Verfügung.'; $wb['lost_password_function_wait_txt'] = 'Sie können im Moment kein neues Passwort anfordern. Bitte warten Sie einige Minuten.'; $wb['lost_password_function_expired_txt'] = 'Der Passwortlink ist abgelaufen. Bitte fordern Sie einen neuen an.'; $wb['lost_password_function_denied_txt'] = 'Dieser Passwortlink ist ungültig.'; ?> interface/web/login/lib/lang/en.lng
@@ -5,10 +5,13 @@ $wb['error_user_too_many_logins'] = "To many wrong login's, Please retry it after 15 minutes"; $wb['pass_reset_txt'] = 'A new password will be generated and send to your email address if the email address entered below matches the email address in your client settings.'; $wb['pw_reset'] = 'The password has been reset and send to your email address.'; $wb['pw_reset_act'] = 'You have been sent an activation link. Please visit the link to confirm your password request.'; $wb['pw_error'] = 'Username or email address does not match.'; $wb['pw_error_noinput'] = 'Please enter email address and username.'; $wb['pw_reset_mail_msg'] = 'The password to your ISPConfig 3 control panel account has been reset. The new password is: '; $wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset.'; $wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset'; $wb['pw_reset_act_mail_title'] = 'Confirm ISPConfig 3 Control panel password reset'; $wb['pw_reset_act_mail_msg'] = 'Please confirm that your want to reset your ISPConfig 3 control panel account password by visiting the following activation link: '; $wb['user_regex_error'] = 'Username contains unallowed characters or is longer than 64 characters.'; $wb['pw_error_length'] = 'The password length is < 1 or > 64 characters.'; $wb['email_error'] = 'Email contains unallowed characters or has a invalid format.'; @@ -25,4 +28,7 @@ $wb['theme_not_compatible'] = 'The chosen theme is not compatible with the current ISPConfig version. Please check for a new version of the theme.<br />The default theme as been activated automatically.'; $wb['stay_logged_in_txt'] = 'Keep me logged in'; $wb['lost_password_function_disabled_txt'] = 'The lost password function is not available for this user.'; $wb['lost_password_function_wait_txt'] = 'You cannot request a new password, yet. Please wait a few minutes.'; $wb['lost_password_function_expired_txt'] = 'This activation link has expired. Please request a new one.'; $wb['lost_password_function_denied_txt'] = 'This activation link is not valid.'; ?> interface/web/login/password_reset.php
@@ -48,12 +48,11 @@ $continue = true; if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') { if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) { $app->tpl->setVar("error", $wb['user_regex_error']); $continue = false; } if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) { if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $app->tpl->setVar("error", $wb['email_error']); $continue = false; } @@ -61,10 +60,65 @@ $username = $_POST['username']; $email = $_POST['email']; $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email); $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NOT NULL AND DATE_SUB(NOW(), INTERVAL 15 MINUTE) < sys_user.lost_password_reqtime, 1, 0) as `lost_password_wait` FROM client,sys_user WHERE client.username = ? AND client.email = ? AND client.client_id = sys_user.client_id", $username, $email); if($client['lost_password_function'] == 0) { $app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']); } elseif($client['lost_password_wait'] == 1) { $app->tpl->setVar("error", $wb['lost_password_function_wait_txt']); } elseif ($continue) { if($client['client_id'] > 0) { $username = $client['username']; $password_hash = sha1(uniqid('ispc_pw')); $app->db->query("UPDATE sys_user SET lost_password_reqtime = NOW(), lost_password_hash = ? WHERE username = ?", $password_hash, $username); $app->tpl->setVar("message", $wb['pw_reset_act']); $server_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']); if($server_domain == '_') { $tmp = explode(':',$_SERVER["HTTP_HOST"]); $server_domain = $tmp[0]; unset($tmp); } if(!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') $server_domain = 'http://' . $server_domain; else $server_domain = 'https://' . $server_domain; if(isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '443') $server_domain .= ':' . $_SERVER['SERVER_PORT']; $app->uses('getconf,ispcmail'); $mail_config = $server_config_array['mail']; if($mail_config['smtp_enabled'] == 'y') { $mail_config['use_smtp'] = true; $app->ispcmail->setOptions($mail_config); } $app->ispcmail->setSender($mail_config['admin_mail'], $mail_config['admin_name']); $app->ispcmail->setSubject($wb['pw_reset_act_mail_title']); $app->ispcmail->setMailText($wb['pw_reset_act_mail_msg'].$server_domain . '/login/password_reset.php?username=' . urlencode($username) . '&hash=' . urlencode($password_hash)); $app->ispcmail->send(array($client['contact_name'] => $client['email'])); $app->ispcmail->finish(); $app->tpl->setVar("msg", $wb['pw_reset_act']); } else { $app->tpl->setVar("error", $wb['pw_error']); } } } elseif(isset($_GET['username']) && $_GET['username'] != '' && $_GET['hash'] != '') { if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_GET['username'])) { $app->tpl->setVar("error", $wb['user_regex_error']); $continue = false; } $username = $_GET['username']; $hash = $_GET['hash']; $client = $app->db->queryOneRecord("SELECT client.*, sys_user.lost_password_function, sys_user.lost_password_hash, IF(sys_user.lost_password_reqtime IS NULL OR DATE_SUB(NOW(), INTERVAL 1 DAY) > sys_user.lost_password_reqtime, 1, 0) as `lost_password_expired` FROM client,sys_user WHERE client.username = ? AND client.client_id = sys_user.client_id", $username); if($client['lost_password_function'] == 0) { $app->tpl->setVar("error", $wb['lost_password_function_disabled_txt']); } elseif($client['lost_password_expired'] == 1) { $app->tpl->setVar("error", $wb['lost_password_function_expired_txt']); } elseif($client['lost_password_hash'] != $hash) { $app->tpl->setVar("error", $wb['lost_password_function_denied_txt']); } elseif ($continue) { if($client['client_id'] > 0) { $server_config_array = $app->getconf->get_global_config(); @@ -75,7 +129,7 @@ $new_password_encrypted = $app->auth->crypt_password($new_password); $username = $client['username']; $app->db->query("UPDATE sys_user SET passwort = ? WHERE username = ?", $new_password_encrypted, $username); $app->db->query("UPDATE sys_user SET passwort = ?, lost_password_hash = '', lost_password_reqtime = NULL WHERE username = ?", $new_password_encrypted, $username); $app->db->query("UPDATE client SET password = ? WHERE username = ?", $new_password_encrypted, $username); $app->tpl->setVar("message", $wb['pw_reset']);
