crt
/
fusionpbx-ldap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Fork of FusionPBX but with LDAP kinda working
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 Commits
1 Branch
0 Tags
28 MiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
fusionpbx-ldap/resources/login.php

434 lines
50 KiB
Raw Permalink Normal View History

initial clone
2 years ago
  1. <?php
  2. /*
  3. FusionPBX
  4. Version: MPL 1.1
  6. The contents of this file are subject to the Mozilla Public License Version
  7. 1.1 (the "License"); you may not use this file except in compliance with
  8. the License. You may obtain a copy of the License at
  9. http://www.mozilla.org/MPL/
  11. Software distributed under the License is distributed on an "AS IS" basis,
  12. WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  13. for the specific language governing rights and limitations under the
  14. License.
  16. The Original Code is FusionPBX
  18. The Initial Developer of the Original Code is
  19. Mark J Crane <markjcrane@fusionpbx.com>
  20. Portions created by the Initial Developer are Copyright (C) 2008-2020
  21. the Initial Developer. All Rights Reserved.
  23. Contributor(s):
  24. Mark J Crane <markjcrane@fusionpbx.com>
  25. */
  27. //add multi-lingual support
  28. $language = new text;
  29. $text = $language->get(null,'core/user_settings');
  31. //get action, if any
  32. if (isset($_REQUEST['action'])) {
  33. $action = $_REQUEST['action'];
  34. }
  36. //retrieve parse reset key
  37. if ($action == 'define') {
  38. $key = $_GET['key'];
  39. $key_part = explode('|', decrypt($_SESSION['login']['password_reset_key']['text'], $key));
  40. $username = $key_part[0];
  41. $domain_uuid = $key_part[1];
  42. $password_submitted = $key_part[2];
  44. //get current salt, see if same as submitted salt
  45. $sql = "select password from v_users ";
  46. $sql .= "where domain_uuid = :domain_uuid ";
  47. $sql .= "and username = :username ";
  48. $parameters['domain_uuid'] = $domain_uuid;
  49. $parameters['username'] = $username;
  50. $database = new database;
  51. $password_current = $database->select($sql, $parameters, 'column');
  52. unset($sql, $parameters);
  54. //set flag
  55. if ($username != '' && $password_submitted == $password_current) {
  56. $password_reset = true;
  57. $_SESSION['valid_username'] = $username;
  58. $_SESSION['valid_domain'] = $domain_uuid;
  59. }
  60. else {
  61. header("Location: /login.php");
  62. exit;
  63. }
  64. }
  66. //send password reset link
  67. if ($action == 'request') {
  68. if (valid_email($_REQUEST['email'])) {
  69. $email = $_REQUEST['email'];
  71. //see if email exists
  72. $sql = "select ";
  73. $sql .= "user_uuid, ";
  74. $sql .= "username, ";
  75. $sql .= "password, ";
  76. $sql .= "domain_uuid ";
  77. $sql .= "from ";
  78. $sql .= "v_users ";
  79. $sql .= "where user_email = :email ";
  80. $parameters['email'] = $email;
  81. $database = new database;
  82. $results = $database->select($sql, $parameters, 'all');
  83. unset($sql, $parameters);
  85. //check for duplicates
  86. if (is_array($results) && @sizeof($results) != 0) {
  88. if (@sizeof($results) == 1) {
  89. $result = $results[0];
  91. if ($result['username'] != '') {
  93. //generate reset link email and body variables
  94. $domain_uuid = $result['domain_uuid'];
  95. if ($_SESSION['login']['password_reset_domain']['text'] != '') {
  96. $domain_name = $_SESSION['login']['password_reset_domain']['text'];
  97. }
  98. else {
  99. foreach ($_SESSION['domains'] as $uuid => $domain) {
  100. if (strtolower($domain['domain_name']) == strtolower($_SERVER['HTTP_HOST'])) {
  101. $domain_name = $_SERVER['HTTP_HOST'];
  102. break;
  103. }
  104. }
  105. $domain_name = $domain_name ? $domain_name : $_SESSION['domains'][$domain_uuid]['domain_name'];
  106. }
  107. $key = encrypt($_SESSION['login']['password_reset_key']['text'], $result['username'].'|'.$result['domain_uuid'].'|'.$result['password']);
  108. $reset_link = "https://".$domain_name.PROJECT_PATH."/login.php?action=define&key=".urlencode($key);
  109. $reset_button = email_button(strtoupper($text['label-reset_password']), $reset_link, ($_SESSION['theme']['button_background_color_email']['text'] ? $_SESSION['theme']['button_background_color_email']['text'] : '#2e82d0'), ($_SESSION['theme']['button_text_color_email']['text'] ? $_SESSION['theme']['button_text_color_email']['text'] : '#ffffff'));
  110. $logo_full = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPoAAABGCAYAAADl5IkzAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoV2luZG93cykiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6NjAzQjkyMEYxMzA5MTFFNEJCMEVBNTk1RkYzM0FEMjciIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6NjAzQjkyMTAxMzA5MTFFNEJCMEVBNTk1RkYzM0FEMjciPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo2MDNCOTIwRDEzMDkxMUU0QkIwRUE1OTVGRjMzQUQyNyIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo2MDNCOTIwRTEzMDkxMUU0QkIwRUE1OTVGRjMzQUQyNyIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PufA528AAFJVSURBVHja7H0HnBRV8n/15Lg5B9hdwpKDkiQJBlA5Eczp7sR05sN0Zw5n+OmZw5m9UzFgVowICh4gIhmJy7I5787O7OTY8//Wm55lWBZEz/Pu703zaWZ2Zvr169fvW/WtelXVUjQapd62t99+mw5lO+200w72tZTwPkr/3k36hc6T3JLbz7YdKs5+Avb22TQ/N9i2b98upaSkdAO8qKhI/ingwwBIh3Ch0YMIkgMdnxQEye1/bvs5gC41NDSo+I1er5eys7PFh+3t7fK2bduiB5I8PYAsxfe8vDy1RqNRDR06VKt8p+pxqKxSqSRZlqPr168Pd3R0hJ1OZ1yYRBOB3EMQ9BQCScAntyTQD0GbCu0NkEsMcP4sEAhEV69eLR8E1ALM0Pjq4cOHGw0GgxF/G9RqtRG7GQC24tUiSRLvJuxqBehxsMswNbj9CPYwwO4vLi524TN3OBzm3YPPPOiHz263e3HekAJouQf4o0nQJ7ck0A8R5EzRGeSJ2rsXzamCltfk5OSYzGZzqlarzQSYs7FnAdi5eM3Bawb2NACbwZ6GPQXvDfH+4b0AuuJPiMaBjr/9kUikC69dALgLeyf2duxtmZmZraWlpfzeHgqFHB6Px4k+egB+uQfwk2BPbkmg9wS4YocTgxyUOQrwyL2BG9TbZLFY0gFsBnUewFsASt5X2UvxWTE+s2A3RtxuQ3tVFfna2sjNu8NBQZeLIoEARYJBikYiFOfmKq2WNHo9aUwm0mK3pKeTMTeXzAUFlFtaGlVJkg/gdjPYoeFbsNdAGNRDyNRnZWU14+9WAL/NZrN17dmzxw8GEgUrkdFf1ZAhQxJt+CTwk9v/rkaHRjwQENT9+vUzpKenp0HL5wHg/QDogdj5tT/+7o/XnIjPJ9WuXk0Na9dS265dZKupIV97O/kB7JDPR2HsQYBbDodJBsDjqwKJ/DuqUpGkVpNFo6FMAF8NwJPZTJA+kgTmkF5WZiodOTKncMSIYVkjR5LZag2jvSYAfDeAXgXg7zEajbtzc3NrmAGkpqba29ra/BBakR+w7ZNbcvv/cpN+4vJaos2tHjRoUArAkqfT6foB5MMB6CEA9iD8PTDo81laNm+m6q++op3LllHLzp0kA8zRUEiAGLSc1AAs7wTwavGqYiDjc7xh3i4ALiV42gBO8ZkRgiAd73UQCjgXaVnb43gWErDTyYv2261WShs4kAaMH08FkyZR+ogRlJmW1smgx74dv1vn9/vXgZ1UAegOxSxIgj25/SLbf+vyWhzgqoKCAn1+fn4WNGMf1tgA+BiAbTxrcr/Nlr7j00+pdsUKqli+nJorKoQGNhoMpAcg1UYjaSwWAs3uBrUAdswg3/c10ROnAJ3b4m9lAJu9bTpuB5+puX1odj00vDE1lYwpKaTDubx1dWT76CP6JwaVz23p1y8je9as8cOmTRufnpMzA/b7xwD9wpEjR1ZDiDjRlzAofQCUPpQEfXL7n6LubMOC3qoyMjKAn5RMALs/gD0K+2F4Px6vJdsXL1ZtXbSIqr75hppgxxO0tgmAs2Rmkh6alsEswB2jEmInaGWo6ARRIsWkSQ+tToowiFN4SVG9QewmtCO0PLfD79FmCPRf4/eTFsBOB30vzMigSRACrq4uam9ooJoFC+jDW2+lnNNPLzzujjtOhw3vBqWvhNDy4TxOXGN9Tk5OHa7ZoXjvk4BPbr96oEtdXV2avn37prMjzWQyTQSwgRvzUZFAIG3tK6/QmpdeogaAm21trV5PKWlppGI6DnBqAbwwQCcD+BJ2BrdaFdPCWrVG2NwsAKIMaABVmBORMIUje8HLbanRrhZg1YAVRBLoPL+P8HEMdrQdYecdzhMBhQ+BwqthKnjtdmEaWPr3p9yJE2kYKH3zhg305V13U+SWW1JwTTO1Ot1p6E9xKBxaD0q/Vq1Wr8L1bkhPT2+y2+1u9tgnwZ7cftVAh9Y247UUmu63APgcZ2trwZLnnqOVTz1FHaDGTJF1AKIlK4v0AGwYGjUA0EcBMq1OS6k5uZTety9Zc3PIkp9PhuwcMkMYpIDCq40GUuF4/BCIDZHsD1DI6aIut5v8Djt5mprJ29ZKflsndeJcDH6m6bJC6+NAjyhaXXjpWbgw2Nmxx3/jcwZ90OEgNSi/IT2dDKD2Um4ue/HDUjhcIDlaMmoeO59Sj/r9mJSJp7IpMg6mxaug9Z87HI5qhUAkt+T2qwS6WC6DlrVCuw21WCxnrnr++Yz37rqLOpqaKAtgMYMWMw1ngIWdTuEIS8vOpmHHHEO5hx9OOUMGU/aAAZRZXBzVZGT2bD+2OJ7gFJT22uf7hLGGQburli+Xvrj5ZiFEVBAs4QSgh6HBGdwaAJm1OTvl+DUCYSNYAFgFe/Y1Hg8ZsLOW7+JIvhiL0ETCPnKu+5LsK74ky6gnqOCCvx5uGjDO53Q6K3HdbW63O3665JbcfpUaXQ0QcaRaXwbEtx98QA0AeT7sbwao3+UUFNwKwI+aO4fKTziBSiZPJlN2TjTaw63fC6ClHuDeTxDEj1FDqJTPmUMrH3hA8nZ0CKDzNwHsWvbOQ2sHAWDZ6yUT+qKF1mdmIcCOVzWEQJjX5tmMAFtwVVezYy7eB7Xsw3WYBX0h16a15Nm+itIHHdEHfeM1f2Y0To7yS9L35Parpe6grxqAXQfQSUUFBbQOH/qhYTNBw/uPP4oOP+VkGnX66RAD2m5wM/Ck2NYNaIfTT502p2Tr9FJbm5u6uvzkcgcoLEdJUkkJwkCitFQDlQ/IkcaMLhZtckPehgbJb7PF7Hlli4e6RQHmDmhuc3k5dVZUUCEYhrawUGh5LXah4Rnk/AqB0Pn991R44myK+f5UqmBnI3EMntqkF+fXpOU
  111. $logo_shield = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAeCAYAAADU8sWcAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAACVVJREFUeNqcVgtwlNUV/v59b3Y3u2Gzm2XJg7wJIUASSBShToECArUwjhAqVVt8tEVn+lBbRtFAtQ4gPlBaFftQUSi+WpmkKPJQCkyCgBBDSMhrEzab3Wyy2ezj3/0f+/f8a9JBC07wzny789+593z3nHPPdy4jSRJGh2L0P4Grj1TCRIKDMIGgJjCj63nCEMFD6CNEMI6hGjVwNVI7oVqGGI9XBFyuyUPd3bZQf39aNBBQCrEYEqJIFlTQ6PVItVgEg9MZMGRleUxOZ4fBaGwiw6dofwNh4GrkzBWey0NHWEpY6b1wYf6lI0ecPY2N8LW0INjTg3gwCFEmHV0sjbosn36SUgmrxQJDZiashYVIKSqCQf4vKPA4ysoOm8zmF0cP8n/kZsK9bCBwT+OePcVf7NuHS8eOYSSRSMbWQDARtFotGPJU9piPxyHSXp3ZDE1GBkw8nzxAqtUKY3o6DDTPmExgJk5EkNYWrFnTbCsre53MeAnvyamRw54X9Pk+OLB16/Rju3ahd2QENposLilBzuzZyJ5WknAU5klmm1XSGVLAKBSQBA4DHj/jbutmXP85ruhqbICgViPKMNCEw9AQqYFgzc+HY9EiXDp0CMFhNts22LbJ9daz+kl3P3WXKtVaI5OXHtq1a/qz27fjlqJi3P7oBqFq1Y8E/eQSZjSiTJh+BsNgvFH6kGeUQMZMSNnLwGdWVmraV6xQ8OQpy7KQ6HAMRSGFUhQeGABHKePIc2vpTI67fEDqfuYVvT6vfL59+f3lMrm7ZNYs32t7XreX1dzpo29Nj1/QtR7pVPV2eZRefwSDw1EEQnGEWBHBGI8LFzyYXmRH3d6fKQJNZxmRiBgiDwwP47Z335WCZ8+if+dOJoXCH/J4wNOhTGkaBft5q84wmcokLSM+FvYLJYsX7wvEpHvrPm6xeDrcGo4VoFCr5CQjNc0AlVEPTYSHIhCFGGQRoqr8Yc1NyfI89+bbyfxyRGwtLUVedTWOf/ghI5C3Asch0N4OLitbMjBQ+nrOqNRUsBqrU857r1zb8dZWd+nOLXu1iIU1FZV5uGFeMRw59mQZhaMcfME4LntD6BliUd/kR9W8Kfj5imJcfPE5eBsaYbLbESfyslWrkpe4t74eaoMBVKLwdXXBWDBVkMuacx1TaDMMUFud/fTtkz2XRD4h5mQ7MGNGPlouuDE4EkcwyqO1axBt3ghYiS6ZgoFfUKC6Ohd7ty0Be+YkDj36BIx0m/lQKHnLq9avR9cnn8Df1ARzRQUEurwhyv/kqnkJhM+reLcbuuwqIs/sJN6YTI7iKc6GTw+3LDx1qgNcQgE/edrtCcI+KU1auqwMMwrTGbvV8DWB2P3LXyEok8qyRv9LNm6EitJ08vnnIdKlE6gcA53EMbMczmyLFDvytEoMUtlmTaeKQdOYwkGpUjaYU1PQ/GUfnPkT0dkXBK9U4f61syVeSDDnXcNobvRgICIgyCXw0KqpuH1rLXb/eB0s06ox86ZlmLvxHnR8VIfmAweQmZUFiTz2eb2YumGzHHJEm95VMnpAXyCLJk7/j1z+yMlN7/qsoTtX70yHQqXECF2sNY/sV7QEePRGpa+W6rRkRcTBtiBOPr4E67q7ITEqMMqhpJGIP5QUII5qfogUUU0qV7L6VhFdb6m47k4obUbo8m5so6VnrmwmfeWzcj9ValXo6PJjiHI+wkkIiAwYgx6qCaRvDgtpaBpQkYVWVwxr/txO59GAcS8BjpIsBTZg2h01cM6YCV9fH1xUflPW/0YkvZZCh7ao+BDd8pxq6LJKj45p/Rg5UgzautKpk/BFcz9CVMuDMRF9IQE9PSMQ+ARMFh3M6UYwlFfodMgvzKNdLUDrwa8E/uJfksZueqgWnZEIrPPno/KuGhHNO9WxjiYIJE76aStkqv1XdrWx8fGiBVPOv/HPpukezwg6KdRKixHbH6hKLKjKkpyOFLrvYIaokZ2jc8+RG+vFfwFy0VhJ8lw0mfEkytc+Jt3R9HumbO19lOtBJlD/sJKLkZcTMmGcvfoErT54NfKRgnzbm3Mqsra9tO8ckG7BFKcFD9xaHNcgwuD0Szrww0g3aFDkzKfltxHpAkikVUxQ/MrCZxvBGBcwy7c8zSUN7v6eJu5jERumxrS4Bmqzba+sK9dqqbaWi97j1St3FQomI1i1Fnt23MnVVIqJtp86dBqGhT6dTkxbUuYshX5lHYSTT0A4shlKh5bUL45EigP6nzQm2IZXmeD+JxkOGnB8GnIe/7xFY8ucO/ro+NrrZWwMlEzJeGX92tlgXX7QLrz6j2MaesQk7MsfTkSpw/A6J3ijBSPH6xE7/TJUN24i+fw+gpfiiCmtYP1DGNiSpxg++Awj6BwI9XBIvflBEPGLVxJfzXN5GMKh2NHypS/PavdTslINeP9Pa+MrK9MSFx8s0SeGW0kosqDg/VCIUdh+3QBNVpU0sKOC4S+fpZA4kHzlJPSIXO6HylGOom2nDjNKxcLR9weu5XmyXI0m3Ybtjy0CQvQUC4Txhx0HtfLGwvte4NhBCRFvDDEhA9GwGr1/nAth2I0Jd9dLbMyM6KCAWNSMsE9APKLFxLufE4i49pvESXGrra292vOqs7jApo2GY/NOfHIR/f0kHnqdYsGymzkmwaj9R+sYhS6N9D6NnlYRBE+8w7C97Qzr6QcfU0KIK8H2kFreuRnpC9duIntvjucN982o7F+2+rWl9e+fhyLXjo/fWsctmD1RcD13b0rgxIfQ55RSeEUkosMQ2SBUqRnUiqk5dn8J8w3LkfvIG++QjVXXIvg2cnlkRSLxwzcveqHg9IlWZJYX4vhHv41n29Riz45fpLCuZugnT6PWGaXWKL8BdIh7u6AyWZH78N/PKLQpcp4D35VcHjN83lD9ksXPO8+eO4+yWZU4eviR6ASTQnT/9XcmbsgHQ0E5JIpA3NOBRCyCSeu2dKot9ltob9u3WpbJx4HyAe9I79yKWjrpQml60aNSX180QvMD/rqdQu/fHpM8+7ZJva8+JMX97naanzoeu+MllzE1znKtq5dsp13VUobpLunzU+4QzbuGT3wQd+/eLPFD/efou2C8Nq+HXIaNsP+pje/RzjmEQmnTE+/QlHRcksQH6d9+Pfaul3wMmw78u1GqqnhA2v3GoSh9z/8udsZz4a41fkCgZo63x14m1zv+K8AAzpBEP7qfQcsAAAAASUVORK5CYII=';
  113. //get user language code, if exists
  114. $sql = "select user_setting_value from v_user_settings ";
  115. $sql .= "where user_uuid = :user_uuid ";
  116. $sql .= "and domain_uuid = :domain_uuid ";
  117. $sql .= "and user_setting_category = 'domain' ";
  118. $sql .= "and user_setting_subcategory = 'language' ";
  119. $sql .= "and user_setting_name = 'code' ";
  120. $parameters['user_uuid'] = $result['user_uuid'];
  121. $parameters['domain_uuid'] = $domain_uuid;
  122. $database = new database;
  123. $row = $database->select($sql, $parameters, 'row');
  124. if (is_array($row) && @sizeof($row) != 0) {
  125. $user_language_code = $row['user_setting_value'];
  126. }
  127. unset($sql, $parameters, $row);
  129. //get email template from db
  130. $sql = "select template_subject, template_body from v_email_templates ";
  131. $sql .= "where template_language = :template_language ";
  132. $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
  133. $sql .= "and template_category = 'password_reset' ";
  134. $sql .= "and template_subcategory = 'default' ";
  135. $sql .= "and template_type = 'html' ";
  136. $sql .= "and template_enabled = 'true' ";
  137. $parameters['template_language'] = $user_language_code ? $user_language_code : $_SESSION['domain']['language']['code'];
  138. $parameters['domain_uuid'] = $domain_uuid;
  139. $database = new database;
  140. $row = $database->select($sql, $parameters, 'row');
  141. if (is_array($row)) {
  142. $email_subject = $row['template_subject'];
  143. $email_body = $row['template_body'];
  144. }
  145. unset($sql, $parameters, $row);
  147. //replace variables in email body
  148. $email_body = str_replace('${reset_link}', $reset_link, $email_body);
  149. $email_body = str_replace('${reset_button}', $reset_button, $email_body);
  150. $email_body = str_replace('${logo_full}', $logo_full, $email_body);
  151. $email_body = str_replace('${logo_shield}', $logo_shield, $email_body);
  152. $email_body = str_replace('${domain}', $domain_name, $email_body);
  154. //send reset link
  155. if (send_email($email, $email_subject, $email_body, $eml_error)) {
  156. //email sent
  157. message::add($text['message-reset_link_sent'], 'positive', 2500);
  158. }
  159. else {
  160. //email failed
  161. message::add($eml_error, 'negative', 5000);
  162. }
  163. }
  164. else {
  165. //not found
  166. message::add($text['message-invalid_email'], 'negative', 5000);
  167. }
  169. }
  170. else {
  171. //matched multiple users
  172. message::add($text['message-email_assigned_mutliple_users'], 'negative', 5000);
  173. }
  175. }
  176. else {
  177. //not found
  178. message::add($text['message-invalid_email'], 'negative', 5000);
  179. }
  181. }
  182. else {
  183. //invalid email
  184. message::add($text['message-invalid_email'], 'negative', 5000);
  185. }
  186. }
  188. //reset password
  189. if ($action == 'reset') {
  190. $username = trim($_REQUEST['username']);
  191. $password_new = trim($_REQUEST['password_new']);
  192. $password_repeat = trim($_REQUEST['password_repeat']);
  194. //if not requiring usernames to be of email format, strip off @domain as the valid domain for the reset is already being provided in the where clause below
  195. if ($_SESSION['users']['username_format']['text'] != 'email') {
  196. $username = substr_count($username, '@') != 0 ? explode('@', $username)[0] : $username;
  197. }
  199. if ($username !== '' &&
  200. $username === $_SESSION['valid_username'] &&
  201. $password_new !== '' &&
  202. $password_repeat !== '' &&
  203. $password_new === $password_repeat
  204. ) {
  206. if (!check_password_strength($password_new, $text, 'user')) {
  207. $password_reset = true;
  208. }
  209. else {
  210. $salt = uuid();
  211. $sql = "update v_users set ";
  212. $sql .= "password = :password, ";
  213. $sql .= "salt = :salt ";
  214. $sql .= "where domain_uuid = :domain_uuid ";
  215. $sql .= "and username = :username ";
  216. $parameters['domain_uuid'] = $_SESSION['valid_domain'];
  217. $parameters['password'] = md5($salt.$password_new);
  218. $parameters['salt'] = $salt;
  219. $parameters['username'] = $username;
  220. $database = new database;
  221. $database->execute($sql, $parameters);
  222. unset($sql, $parameters);
  224. message::add($text['message-password_reset'], 'positive', 2500);
  225. unset($_SESSION['valid_username'], $_SESSION['valid_domain']);
  227. header('Location: //'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
  228. exit;
  230. }
  231. }
  232. else {
  233. //not found
  234. message::add($text['message-invalid_username_mismatch_passwords'], 'negative', 5000);
  235. $password_reset = true;
  236. }
  237. }
  239. //get the http values and set as variables
  240. $msg = isset($_GET["msg"]) ? $_GET["msg"] : null;
  242. //set variable if not set
  243. if (!isset($_SESSION['login']['domain_name_visible']['boolean'])) { $_SESSION['login']['domain_name_visible']['boolean'] = null; }
  245. //santize the login destination url and set a default value
  246. if (isset($_SESSION['login']['destination']['url'])) {
  247. $destination_path = parse_url($_SESSION['login']['destination']['url'])['path'];
  248. $destination_query = parse_url($_SESSION['login']['destination']['url'])['query'];
  249. $destination_path = preg_replace('#[^a-zA-Z0-9_\-\./]#', '', $destination_path);
  250. $destination_query = preg_replace('#[^a-zA-Z0-9_\-\./&=]#', '', $destination_query);
  251. $_SESSION['login']['destination']['url'] = (strlen($destination_query) > 0) ? $destination_path.'?'.$destination_query : $destination_path;
  252. }
  253. else {
  254. $_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/dashboard/";
  255. }
  257. if (strlen($_REQUEST['path']) > 0) {
  258. $_SESSION['redirect_path'] = $_REQUEST['path'];
  259. }
  261. //add the header
  262. $document['title'] = $text['title-login'];
  263. include "resources/header.php";
  265. //show the content
  266. echo "<script>";
  267. echo " var speed = 350;";
  268. echo " function toggle_password_reset(hide_id, show_id, focus_id) {";
  269. echo " if (focus_id == undefined) { focus_id = ''; }";
  270. echo " $('#'+hide_id).slideToggle(speed, function() {";
  271. echo " $('#'+show_id).slideToggle(speed, function() {";
  272. echo " if (focus_id != '') {";
  273. echo " $('#'+focus_id).trigger('focus');";
  274. echo " }";
  275. echo " });";
  276. echo " });";
  277. echo " }";
  278. echo "</script>";
  280. echo "<br />\n";
  282. if (!$password_reset) {
  284. //create token
  285. $object = new token;
  286. $token = $object->create('login');
  288. echo "<div id='login_form'>\n";
  289. echo "<form name='login' method='post' action='".$_SESSION['login']['destination']['url']."'>\n";
  290. echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder=\"".$text['label-username']."\"><br />\n";
  291. echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder=\"".$text['label-password']."\"><br />\n";
  292. if ($_SESSION['login']['domain_name_visible']['boolean'] == "true") {
  293. if (count($_SESSION['login']['domain_name']) > 0) {
  294. $click_change_color = ($_SESSION['theme']['login_input_text_color']['text'] != '') ? $_SESSION['theme']['login_input_text_color']['text'] : (($_SESSION['theme']['input_text_color']['text'] != '') ? $_SESSION['theme']['input_text_color']['text'] : '#000000');
  295. $placeholder_color = ($_SESSION['theme']['login_input_text_placeholder_color']['text'] != '') ? 'color: '.$_SESSION['theme']['login_input_text_placeholder_color']['text'].';' : 'color: #999999;';
  296. echo "<select name='domain_name' class='txt login' style='".$placeholder_color." width: 200px; text-align: center; text-align-last: center; margin-bottom: 8px;' onclick=\"this.style.color='".$click_change_color."';\" onchange=\"this.style.color='".$click_change_color."';\">\n";
  297. echo " <option value='' disabled selected hidden>".$text['label-domain']."</option>\n";
  298. sort($_SESSION['login']['domain_name']);
  299. foreach ($_SESSION['login']['domain_name'] as &$row) {
  300. echo " <option value='".escape($row)."'>".escape($row)."</option>\n";
  301. }
  302. echo "</select><br />\n";
  303. }
  304. else {
  305. echo "<input type='text' name='domain_name' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' placeholder=\"".$text['label-domain']."\"><br />\n";
  306. }
  307. }
  308. echo "<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-login']."'>\n";
  309. if (
  310. function_exists('openssl_encrypt') &&
  311. $_SESSION['login']['password_reset_key']['text'] != '' &&
  312. $_SESSION['email']['smtp_host']['text'] != ''
  313. ) {
  314. echo "<br><br><a class='login_link' onclick=\"toggle_password_reset('login_form','request_form','email');\">".$text['label-reset_password']."</a>";
  315. }
  316. echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
  317. echo "</form>";
  318. echo "<script>$('#username').trigger('focus');</script>";
  319. echo "</div>";
  321. echo "<div id='request_form' style='display: none;'>\n";
  322. echo "<form name='request' method='post'>\n";
  323. echo "<input type='hidden' name='action' value='request'>\n";
  324. echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='email' id='email' placeholder=\"".$text['label-email_address']."\"><br />\n";
  325. echo "<input type='submit' id='btn_reset' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-reset']."'>\n";
  326. echo "<br><br><a class='login_link' onclick=\"toggle_password_reset('request_form','login_form','username');\">".$text['label-cancel']."</a>";
  327. echo "</form>";
  328. echo "</div>";
  330. }
  331. else {
  333. echo "<script>\n";
  334. echo " function compare_passwords() {\n";
  335. echo " if (document.getElementById('password') === document.activeElement || document.getElementById('password_confirm') === document.activeElement) {\n";
  336. echo " if ($('#password').val() != '' || $('#password_confirm').val() != '') {\n";
  337. echo " if ($('#password').val() != $('#password_confirm').val()) {\n";
  338. echo " $('#password').removeClass('formfld_highlight_good');\n";
  339. echo " $('#password_confirm').removeClass('formfld_highlight_good');\n";
  340. echo " $('#password').addClass('formfld_highlight_bad');\n";
  341. echo " $('#password_confirm').addClass('formfld_highlight_bad');\n";
  342. echo " }\n";
  343. echo " else {\n";
  344. echo " $('#password').removeClass('formfld_highlight_bad');\n";
  345. echo " $('#password_confirm').removeClass('formfld_highlight_bad');\n";
  346. echo " $('#password').addClass('formfld_highlight_good');\n";
  347. echo " $('#password_confirm').addClass('formfld_highlight_good');\n";
  348. echo " }\n";
  349. echo " }\n";
  350. echo " }\n";
  351. echo " else {\n";
  352. echo " $('#password').removeClass('formfld_highlight_bad');\n";
  353. echo " $('#password_confirm').removeClass('formfld_highlight_bad');\n";
  354. echo " $('#password').removeClass('formfld_highlight_good');\n";
  355. echo " $('#password_confirm').removeClass('formfld_highlight_good');\n";
  356. echo " }\n";
  357. echo " }\n";
  359. $setting['length'] = $_SESSION['users']['password_length']['numeric'];
  360. $setting['number'] = ($_SESSION['users']['password_number']['boolean'] == 'true') ? true : false;
  361. $setting['lowercase'] = ($_SESSION['users']['password_lowercase']['boolean'] == 'true') ? true : false;
  362. $setting['uppercase'] = ($_SESSION['users']['password_uppercase']['boolean'] == 'true') ? true : false;
  363. $setting['special'] = ($_SESSION['users']['password_special']['boolean'] == 'true') ? true : false;
  365. echo " function check_password_strength(pwd) {\n";
  366. echo " if ($('#password').val() != '' || $('#password_confirm').val() != '') {\n";
  367. echo " var msg_errors = [];\n";
  368. if (is_numeric($setting['length']) && $setting['length'] != 0) {
  369. echo " var re = /.{".$setting['length'].",}/;\n"; //length
  370. echo " if (!re.test(pwd)) { msg_errors.push('".$setting['length']."+ ".$text['label-characters']."'); }\n";
  371. }
  372. if ($setting['number']) {
  373. echo " var re = /(?=.*[\d])/;\n"; //number
  374. echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-numbers']."'); }\n";
  375. }
  376. if ($setting['lowercase']) {
  377. echo " var re = /(?=.*[a-z])/;\n"; //lowercase
  378. echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-lowercase_letters']."'); }\n";
  379. }
  380. if ($setting['uppercase']) {
  381. echo " var re = /(?=.*[A-Z])/;\n"; //uppercase
  382. echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-uppercase_letters']."'); }\n";
  383. }
  384. if ($setting['special']) {
  385. echo " var re = /(?=.*[\W])/;\n"; //special
  386. echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-special_characters']."'); }\n";
  387. }
  388. echo " if (msg_errors.length > 0) {\n";
  389. echo " var msg = '".$text['message-password_requirements'].": ' + msg_errors.join(', ');\n";
  390. echo " display_message(msg, 'negative', '6000');\n";
  391. echo " return false;\n";
  392. echo " }\n";
  393. echo " else {\n";
  394. echo " return true;\n";
  395. echo " }\n";
  396. echo " }\n";
  397. echo " else {\n";
  398. echo " return true;\n";
  399. echo " }\n";
  400. echo " }\n";
  402. echo " function show_strenth_meter() {\n";
  403. echo " $('#pwstrength_progress').slideDown();\n";
  404. echo " }\n";
  405. echo "</script>\n";
  407. echo "<span id='reset_form'>\n";
  408. echo "<form name='reset' id='frm' method='post'>\n";
  409. echo "<input type='hidden' name='action' value='reset'>\n";
  410. echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder=\"".$text['label-username']."\"><br />\n";
  411. echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 4px;' name='password_new' id='password' autocomplete='off' placeholder=\"".$text['label-new_password']."\" onkeypress='show_strenth_meter();' onfocus='compare_passwords();' onkeyup='compare_passwords();' onblur='compare_passwords();'><br />\n";
  412. echo "<div id='pwstrength_progress' class='pwstrength_progress pwstrength_progress_password_reset'></div>";
  413. echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-top: 4px; margin-bottom: 8px;' name='password_repeat' id='password_confirm' autocomplete='off' placeholder=\"".$text['label-repeat_password']."\" onfocus='compare_passwords();' onkeyup='compare_passwords();' onblur='compare_passwords();'><br />\n";
  414. echo "<input type='button' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-save']."' onclick=\"if (check_password_strength(document.getElementById('password').value)) { submit_form(); }\">\n";
  415. echo "<br><br><a class='login_link' onclick=\"document.location.href='login.php';\">".$text['label-cancel']."</a>";
  416. echo "</form>";
  418. echo "<script>\n";
  419. echo " $('#username').trigger('focus');\n";
  420. // convert password fields to text
  421. echo " function submit_form() {\n";
  422. echo " hide_password_fields();\n";
  423. echo " $('form#frm').submit();\n";
  424. echo " }\n";
  425. echo "</script>\n";
  426. echo "</span>";
  428. }
  430. //add the footer
  431. $login_page = true;
  432. include "resources/footer.php";
  434. ?>