435 lines
50 KiB
PHP
435 lines
50 KiB
PHP
|
<?php
|
||
|
/*
|
||
|
FusionPBX
|
||
|
Version: MPL 1.1
|
||
|
|
||
|
The contents of this file are subject to the Mozilla Public License Version
|
||
|
1.1 (the "License"); you may not use this file except in compliance with
|
||
|
the License. You may obtain a copy of the License at
|
||
|
http://www.mozilla.org/MPL/
|
||
|
|
||
|
Software distributed under the License is distributed on an "AS IS" basis,
|
||
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||
|
for the specific language governing rights and limitations under the
|
||
|
License.
|
||
|
|
||
|
The Original Code is FusionPBX
|
||
|
|
||
|
The Initial Developer of the Original Code is
|
||
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||
|
Portions created by the Initial Developer are Copyright (C) 2008-2020
|
||
|
the Initial Developer. All Rights Reserved.
|
||
|
|
||
|
Contributor(s):
|
||
|
Mark J Crane <markjcrane@fusionpbx.com>
|
||
|
*/
|
||
|
|
||
|
//add multi-lingual support
|
||
|
$language = new text;
|
||
|
$text = $language->get(null,'core/user_settings');
|
||
|
|
||
|
//get action, if any
|
||
|
if (isset($_REQUEST['action'])) {
|
||
|
$action = $_REQUEST['action'];
|
||
|
}
|
||
|
|
||
|
//retrieve parse reset key
|
||
|
if ($action == 'define') {
|
||
|
$key = $_GET['key'];
|
||
|
$key_part = explode('|', decrypt($_SESSION['login']['password_reset_key']['text'], $key));
|
||
|
$username = $key_part[0];
|
||
|
$domain_uuid = $key_part[1];
|
||
|
$password_submitted = $key_part[2];
|
||
|
|
||
|
//get current salt, see if same as submitted salt
|
||
|
$sql = "select password from v_users ";
|
||
|
$sql .= "where domain_uuid = :domain_uuid ";
|
||
|
$sql .= "and username = :username ";
|
||
|
$parameters['domain_uuid'] = $domain_uuid;
|
||
|
$parameters['username'] = $username;
|
||
|
$database = new database;
|
||
|
$password_current = $database->select($sql, $parameters, 'column');
|
||
|
unset($sql, $parameters);
|
||
|
|
||
|
//set flag
|
||
|
if ($username != '' && $password_submitted == $password_current) {
|
||
|
$password_reset = true;
|
||
|
$_SESSION['valid_username'] = $username;
|
||
|
$_SESSION['valid_domain'] = $domain_uuid;
|
||
|
}
|
||
|
else {
|
||
|
header("Location: /login.php");
|
||
|
exit;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//send password reset link
|
||
|
if ($action == 'request') {
|
||
|
if (valid_email($_REQUEST['email'])) {
|
||
|
$email = $_REQUEST['email'];
|
||
|
|
||
|
//see if email exists
|
||
|
$sql = "select ";
|
||
|
$sql .= "user_uuid, ";
|
||
|
$sql .= "username, ";
|
||
|
$sql .= "password, ";
|
||
|
$sql .= "domain_uuid ";
|
||
|
$sql .= "from ";
|
||
|
$sql .= "v_users ";
|
||
|
$sql .= "where user_email = :email ";
|
||
|
$parameters['email'] = $email;
|
||
|
$database = new database;
|
||
|
$results = $database->select($sql, $parameters, 'all');
|
||
|
unset($sql, $parameters);
|
||
|
|
||
|
//check for duplicates
|
||
|
if (is_array($results) && @sizeof($results) != 0) {
|
||
|
|
||
|
if (@sizeof($results) == 1) {
|
||
|
$result = $results[0];
|
||
|
|
||
|
if ($result['username'] != '') {
|
||
|
|
||
|
//generate reset link email and body variables
|
||
|
$domain_uuid = $result['domain_uuid'];
|
||
|
if ($_SESSION['login']['password_reset_domain']['text'] != '') {
|
||
|
$domain_name = $_SESSION['login']['password_reset_domain']['text'];
|
||
|
}
|
||
|
else {
|
||
|
foreach ($_SESSION['domains'] as $uuid => $domain) {
|
||
|
if (strtolower($domain['domain_name']) == strtolower($_SERVER['HTTP_HOST'])) {
|
||
|
$domain_name = $_SERVER['HTTP_HOST'];
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
$domain_name = $domain_name ? $domain_name : $_SESSION['domains'][$domain_uuid]['domain_name'];
|
||
|
}
|
||
|
$key = encrypt($_SESSION['login']['password_reset_key']['text'], $result['username'].'|'.$result['domain_uuid'].'|'.$result['password']);
|
||
|
$reset_link = "https://".$domain_name.PROJECT_PATH."/login.php?action=define&key=".urlencode($key);
|
||
|
$reset_button = email_button(strtoupper($text['label-reset_password']), $reset_link, ($_SESSION['theme']['button_background_color_email']['text'] ? $_SESSION['theme']['button_background_color_email']['text'] : '#2e82d0'), ($_SESSION['theme']['button_text_color_email']['text'] ? $_SESSION['theme']['button_text_color_email']['text'] : '#ffffff'));
|
||
|
$logo_full = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPoAAABGCAYAAADl5IkzAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoV2luZG93cykiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6NjAzQjkyMEYxMzA5MTFFNEJCMEVBNTk1RkYzM0FEMjciIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6NjAzQjkyMTAxMzA5MTFFNEJCMEVBNTk1RkYzM0FEMjciPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo2MDNCOTIwRDEzMDkxMUU0QkIwRUE1OTVGRjMzQUQyNyIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo2MDNCOTIwRTEzMDkxMUU0QkIwRUE1OTVGRjMzQUQyNyIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PufA528AAFJVSURBVHja7H0HnBRV8n/15Lg5B9hdwpKDkiQJBlA5Eczp7sR05sN0Zw5n+OmZw5m9UzFgVowICh4gIhmJy7I5787O7OTY8//Wm55lWBZEz/Pu703zaWZ2Zvr169fvW/WtelXVUjQapd62t99+mw5lO+200w72tZTwPkr/3k36hc6T3JLbz7YdKs5+Avb22TQ/N9i2b98upaSkdAO8qKhI/ingwwBIh3Ch0YMIkgMdnxQEye1/bvs5gC41NDSo+I1er5eys7PFh+3t7fK2bduiB5I8PYAsxfe8vDy1RqNRDR06VKt8p+pxqKxSqSRZlqPr168Pd3R0hJ1OZ1yYRBOB3EMQ9BQCScAntyTQD0GbCu0NkEsMcP4sEAhEV69eLR8E1ALM0Pjq4cOHGw0GgxF/G9RqtRG7GQC24tUiSRLvJuxqBehxsMswNbj9CPYwwO4vLi524TN3OBzm3YPPPOiHz263e3HekAJouQf4o0nQJ7ck0A8R5EzRGeSJ2rsXzamCltfk5OSYzGZzqlarzQSYs7FnAdi5eM3Bawb2NACbwZ6GPQXvDfH+4b0AuuJPiMaBjr/9kUikC69dALgLeyf2duxtmZmZraWlpfzeHgqFHB6Px4k+egB+uQfwk2BPbkmg9wS4YocTgxyUOQrwyL2BG9TbZLFY0gFsBnUewFsASt5X2UvxWTE+s2A3RtxuQ3tVFfna2sjNu8NBQZeLIoEARYJBikYiFOfmKq2WNHo9aUwm0mK3pKeTMTeXzAUFlFtaGlVJkg/gdjPYoeFbsNdAGNRDyNRnZWU14+9WAL/NZrN17dmzxw8GEgUrkdFf1ZAhQxJt+CTwk9v/rkaHRjwQENT9+vUzpKenp0HL5wHg/QDogdj5tT/+7o/XnIjPJ9WuXk0Na9dS265dZKupIV97O/kB7JDPR2HsQYBbDodJBsDjqwKJ/DuqUpGkVpNFo6FMAF8NwJPZTJA+kgTmkF5WZiodOTKncMSIYVkjR5LZag2jvSYAfDeAXgXg7zEajbtzc3NrmAGkpqba29ra/BBakR+w7ZNbcvv/cpN+4vJaos2tHjRoUArAkqfT6foB5MMB6CEA9iD8PTDo81laNm+m6q++op3LllHLzp0kA8zRUEiAGLSc1AAs7wTwavGqYiDjc7xh3i4ALiV42gBO8ZkRgiAd73UQCjgXaVnb43gWErDTyYv2261WShs4kAaMH08FkyZR+ogRlJmW1smgx74dv1vn9/vXgZ1UAegOxSxIgj25/SLbf+vyWhzgqoKCAn1+fn4WNGMf1tgA+BiAbTxrcr/Nlr7j00+pdsUKqli+nJorKoQGNhoMpAcg1UYjaSwWAs3uBrUAdswg3/c10ROnAJ3b4m9lAJu9bTpuB5+puX1odj00vDE1lYwpKaTDubx1dWT76CP6JwaVz23p1y8je9as8cOmTRufnpMzA/b7xwD9wpEjR1ZDiDjRlzAofQCUPpQEfXL7n6LubMOC3qoyMjKAn5RMALs/gD0K+2F4Px6vJdsXL1ZtXbSIqr75hppgxxO0tgmAs2Rmkh6alsEswB2jEmInaGWo6ARRIsWkSQ+tToowiFN4SVG9QewmtCO0PLfD79FmCPRf4/eTFsBOB30vzMigSRACrq4uam9ooJoFC+jDW2+lnNNPLzzujjtOhw3vBqWvhNDy4TxOXGN9Tk5OHa7ZoXjvk4BPbr96oEtdXV2avn37prMjzWQyTQSwgRvzUZFAIG3tK6/QmpdeogaAm21trV5PKWlppGI6DnBqAbwwQCcD+BJ2BrdaFdPCWrVG2NwsAKIMaABVmBORMIUje8HLbanRrhZg1YAVRBLoPL+P8HEMdrQdYecdzhMBhQ+BwqthKnjtdmEaWPr3p9yJE2kYKH3zhg305V13U+SWW1JwTTO1Ot1p6E9xKBxaD0q/Vq1Wr8L1bkhPT2+y2+1u9tgnwZ7cftVAh9Y247UUmu63APgcZ2trwZLnnqOVTz1FHaDGTJF1AKIlK4v0AGwYGjUA0EcBMq1OS6k5uZTety9Zc3PIkp9PhuwcMkMYpIDCq40GUuF4/BCIDZHsD1DI6aIut5v8Djt5mprJ29ZKflsndeJcDH6m6bJC6+NAjyhaXXjpWbgw2Nmxx3/jcwZ90OEgNSi/IT2dDKD2Um4ue/HDUjhcIDlaMmoeO59Sj/r9mJSJp7IpMg6mxaug9Z87HI5qhUAkt+T2qwS6WC6DlrVCuw21WCxnrnr++Yz37rqLOpqaKAtgMYMWMw1ngIWdTuEIS8vOpmHHHEO5hx9OOUMGU/aAAZRZXBzVZGT2bD+2OJ7gFJT22uf7hLGGQburli+Xvrj5ZiFEVBAs4QSgh6HBGdwaAJm1OTvl+DUCYSNYAFgFe/Y1Hg8ZsLOW7+JIvhiL0ETCPnKu+5LsK74ky6gnqOCCvx5uGjDO53Q6K3HdbW63O3665JbcfpUaXQ0QcaRaXwbEtx98QA0AeT7sbwao3+UUFNwKwI+aO4fKTziBSiZPJlN2TjTaw63fC6ClHuDeTxDEj1FDqJTPmUMrH3hA8nZ0CKDzNwHsWvbOQ2sHAWDZ6yUT+qKF1mdmIcCOVzWEQJjX5tmMAFtwVVezYy7eB7Xsw3WYBX0h16a15Nm+itIHHdEHfeM1f2Y0To7yS9L35Parpe6grxqAXQfQSUUFBbQOH/qhYTNBw/uPP4oOP+VkGnX66RAD2m5wM/Ck2NYNaIfTT502p2Tr9FJbm5u6uvzkcgcoLEdJUkkJwkCitFQDlQ/IkcaMLhZtckPehgbJb7PF7Hlli4e6RQHmDmhuc3k5dVZUUCEYhrawUGh5LXah4Rnk/AqB0Pn991R44myK+f5UqmBnI3EMntqkF+fXpOU
|
||
|
$logo_shield = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAeCAYAAADU8sWcAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAACVVJREFUeNqcVgtwlNUV/v59b3Y3u2Gzm2XJg7wJIUASSBShToECArUwjhAqVVt8tEVn+lBbRtFAtQ4gPlBaFftQUSi+WpmkKPJQCkyCgBBDSMhrEzab3Wyy2ezj3/0f+/f8a9JBC07wzny789+593z3nHPPdy4jSRJGh2L0P4Grj1TCRIKDMIGgJjCj63nCEMFD6CNEMI6hGjVwNVI7oVqGGI9XBFyuyUPd3bZQf39aNBBQCrEYEqJIFlTQ6PVItVgEg9MZMGRleUxOZ4fBaGwiw6dofwNh4GrkzBWey0NHWEpY6b1wYf6lI0ecPY2N8LW0INjTg3gwCFEmHV0sjbosn36SUgmrxQJDZiashYVIKSqCQf4vKPA4ysoOm8zmF0cP8n/kZsK9bCBwT+OePcVf7NuHS8eOYSSRSMbWQDARtFotGPJU9piPxyHSXp3ZDE1GBkw8nzxAqtUKY3o6DDTPmExgJk5EkNYWrFnTbCsre53MeAnvyamRw54X9Pk+OLB16/Rju3ahd2QENposLilBzuzZyJ5WknAU5klmm1XSGVLAKBSQBA4DHj/jbutmXP85ruhqbICgViPKMNCEw9AQqYFgzc+HY9EiXDp0CMFhNts22LbJ9daz+kl3P3WXKtVaI5OXHtq1a/qz27fjlqJi3P7oBqFq1Y8E/eQSZjSiTJh+BsNgvFH6kGeUQMZMSNnLwGdWVmraV6xQ8OQpy7KQ6HAMRSGFUhQeGABHKePIc2vpTI67fEDqfuYVvT6vfL59+f3lMrm7ZNYs32t7XreX1dzpo29Nj1/QtR7pVPV2eZRefwSDw1EEQnGEWBHBGI8LFzyYXmRH3d6fKQJNZxmRiBgiDwwP47Z335WCZ8+if+dOJoXCH/J4wNOhTGkaBft5q84wmcokLSM+FvYLJYsX7wvEpHvrPm6xeDrcGo4VoFCr5CQjNc0AlVEPTYSHIhCFGGQRoqr8Yc1NyfI89+bbyfxyRGwtLUVedTWOf/ghI5C3Asch0N4OLitbMjBQ+nrOqNRUsBqrU857r1zb8dZWd+nOLXu1iIU1FZV5uGFeMRw59mQZhaMcfME4LntD6BliUd/kR9W8Kfj5imJcfPE5eBsaYbLbESfyslWrkpe4t74eaoMBVKLwdXXBWDBVkMuacx1TaDMMUFud/fTtkz2XRD4h5mQ7MGNGPlouuDE4EkcwyqO1axBt3ghYiS6ZgoFfUKC6Ohd7ty0Be+YkDj36BIx0m/lQKHnLq9avR9cnn8Df1ARzRQUEurwhyv/kqnkJhM+reLcbuuwqIs/sJN6YTI7iKc6GTw+3LDx1qgNcQgE/edrtCcI+KU1auqwMMwrTGbvV8DWB2P3LXyEok8qyRv9LNm6EitJ08vnnIdKlE6gcA53EMbMczmyLFDvytEoMUtlmTaeKQdOYwkGpUjaYU1PQ/GUfnPkT0dkXBK9U4f61syVeSDDnXcNobvRgICIgyCXw0KqpuH1rLXb/eB0s06ox86ZlmLvxHnR8VIfmAweQmZUFiTz2eb2YumGzHHJEm95VMnpAXyCLJk7/j1z+yMlN7/qsoTtX70yHQqXECF2sNY/sV7QEePRGpa+W6rRkRcTBtiBOPr4E67q7ITEqMMqhpJGIP5QUII5qfogUUU0qV7L6VhFdb6m47k4obUbo8m5so6VnrmwmfeWzcj9ValXo6PJjiHI+wkkIiAwYgx6qCaRvDgtpaBpQkYVWVwxr/txO59GAcS8BjpIsBTZg2h01cM6YCV9fH1xUflPW/0YkvZZCh7ao+BDd8pxq6LJKj45p/Rg5UgzautKpk/BFcz9CVMuDMRF9IQE9PSMQ+ARMFh3M6UYwlFfodMgvzKNdLUDrwa8E/uJfksZueqgWnZEIrPPno/KuGhHNO9WxjiYIJE76aStkqv1XdrWx8fGiBVPOv/HPpukezwg6KdRKixHbH6hKLKjKkpyOFLrvYIaokZ2jc8+RG+vFfwFy0VhJ8lw0mfEkytc+Jt3R9HumbO19lOtBJlD/sJKLkZcTMmGcvfoErT54NfKRgnzbm3Mqsra9tO8ckG7BFKcFD9xaHNcgwuD0Szrww0g3aFDkzKfltxHpAkikVUxQ/MrCZxvBGBcwy7c8zSUN7v6eJu5jERumxrS4Bmqzba+sK9dqqbaWi97j1St3FQomI1i1Fnt23MnVVIqJtp86dBqGhT6dTkxbUuYshX5lHYSTT0A4shlKh5bUL45EigP6nzQm2IZXmeD+JxkOGnB8GnIe/7xFY8ucO/ro+NrrZWwMlEzJeGX92tlgXX7QLrz6j2MaesQk7MsfTkSpw/A6J3ijBSPH6xE7/TJUN24i+fw+gpfiiCmtYP1DGNiSpxg++Awj6BwI9XBIvflBEPGLVxJfzXN5GMKh2NHypS/PavdTslINeP9Pa+MrK9MSFx8s0SeGW0kosqDg/VCIUdh+3QBNVpU0sKOC4S+fpZA4kHzlJPSIXO6HylGOom2nDjNKxcLR9weu5XmyXI0m3Ybtjy0CQvQUC4Txhx0HtfLGwvte4NhBCRFvDDEhA9GwGr1/nAth2I0Jd9dLbMyM6KCAWNSMsE9APKLFxLufE4i49pvESXGrra292vOqs7jApo2GY/NOfHIR/f0kHnqdYsGymzkmwaj9R+sYhS6N9D6NnlYRBE+8w7C97Qzr6QcfU0KIK8H2kFreuRnpC9duIntvjucN982o7F+2+rWl9e+fhyLXjo/fWsctmD1RcD13b0rgxIfQ55RSeEUkosMQ2SBUqRnUiqk5dn8J8w3LkfvIG++QjVXXIvg2cnlkRSLxwzcveqHg9IlWZJYX4vhHv41n29Riz45fpLCuZugnT6PWGaXWKL8BdIh7u6AyWZH78N/PKLQpcp4D35VcHjN83lD9ksXPO8+eO4+yWZU4eviR6ASTQnT/9XcmbsgHQ0E5JIpA3NOBRCyCSeu2dKot9ltob9u3WpbJx4HyAe9I79yKWjrpQml60aNSX180QvMD/rqdQu/fHpM8+7ZJva8+JMX97naanzoeu+MllzE1znKtq5dsp13VUobpLunzU+4QzbuGT3wQd+/eLPFD/efou2C8Nq+HXIaNsP+pje/RzjmEQmnTE+/QlHRcksQH6d9+Pfaul3wMmw78u1GqqnhA2v3GoSh9z/8udsZz4a41fkCgZo63x14m1zv+K8AAzpBEP7qfQcsAAAAASUVORK5CYII=';
|
||
|
|
||
|
//get user language code, if exists
|
||
|
$sql = "select user_setting_value from v_user_settings ";
|
||
|
$sql .= "where user_uuid = :user_uuid ";
|
||
|
$sql .= "and domain_uuid = :domain_uuid ";
|
||
|
$sql .= "and user_setting_category = 'domain' ";
|
||
|
$sql .= "and user_setting_subcategory = 'language' ";
|
||
|
$sql .= "and user_setting_name = 'code' ";
|
||
|
$parameters['user_uuid'] = $result['user_uuid'];
|
||
|
$parameters['domain_uuid'] = $domain_uuid;
|
||
|
$database = new database;
|
||
|
$row = $database->select($sql, $parameters, 'row');
|
||
|
if (is_array($row) && @sizeof($row) != 0) {
|
||
|
$user_language_code = $row['user_setting_value'];
|
||
|
}
|
||
|
unset($sql, $parameters, $row);
|
||
|
|
||
|
//get email template from db
|
||
|
$sql = "select template_subject, template_body from v_email_templates ";
|
||
|
$sql .= "where template_language = :template_language ";
|
||
|
$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
|
||
|
$sql .= "and template_category = 'password_reset' ";
|
||
|
$sql .= "and template_subcategory = 'default' ";
|
||
|
$sql .= "and template_type = 'html' ";
|
||
|
$sql .= "and template_enabled = 'true' ";
|
||
|
$parameters['template_language'] = $user_language_code ? $user_language_code : $_SESSION['domain']['language']['code'];
|
||
|
$parameters['domain_uuid'] = $domain_uuid;
|
||
|
$database = new database;
|
||
|
$row = $database->select($sql, $parameters, 'row');
|
||
|
if (is_array($row)) {
|
||
|
$email_subject = $row['template_subject'];
|
||
|
$email_body = $row['template_body'];
|
||
|
}
|
||
|
unset($sql, $parameters, $row);
|
||
|
|
||
|
//replace variables in email body
|
||
|
$email_body = str_replace('${reset_link}', $reset_link, $email_body);
|
||
|
$email_body = str_replace('${reset_button}', $reset_button, $email_body);
|
||
|
$email_body = str_replace('${logo_full}', $logo_full, $email_body);
|
||
|
$email_body = str_replace('${logo_shield}', $logo_shield, $email_body);
|
||
|
$email_body = str_replace('${domain}', $domain_name, $email_body);
|
||
|
|
||
|
//send reset link
|
||
|
if (send_email($email, $email_subject, $email_body, $eml_error)) {
|
||
|
//email sent
|
||
|
message::add($text['message-reset_link_sent'], 'positive', 2500);
|
||
|
}
|
||
|
else {
|
||
|
//email failed
|
||
|
message::add($eml_error, 'negative', 5000);
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
//not found
|
||
|
message::add($text['message-invalid_email'], 'negative', 5000);
|
||
|
}
|
||
|
|
||
|
}
|
||
|
else {
|
||
|
//matched multiple users
|
||
|
message::add($text['message-email_assigned_mutliple_users'], 'negative', 5000);
|
||
|
}
|
||
|
|
||
|
}
|
||
|
else {
|
||
|
//not found
|
||
|
message::add($text['message-invalid_email'], 'negative', 5000);
|
||
|
}
|
||
|
|
||
|
}
|
||
|
else {
|
||
|
//invalid email
|
||
|
message::add($text['message-invalid_email'], 'negative', 5000);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//reset password
|
||
|
if ($action == 'reset') {
|
||
|
$username = trim($_REQUEST['username']);
|
||
|
$password_new = trim($_REQUEST['password_new']);
|
||
|
$password_repeat = trim($_REQUEST['password_repeat']);
|
||
|
|
||
|
//if not requiring usernames to be of email format, strip off @domain as the valid domain for the reset is already being provided in the where clause below
|
||
|
if ($_SESSION['users']['username_format']['text'] != 'email') {
|
||
|
$username = substr_count($username, '@') != 0 ? explode('@', $username)[0] : $username;
|
||
|
}
|
||
|
|
||
|
if ($username !== '' &&
|
||
|
$username === $_SESSION['valid_username'] &&
|
||
|
$password_new !== '' &&
|
||
|
$password_repeat !== '' &&
|
||
|
$password_new === $password_repeat
|
||
|
) {
|
||
|
|
||
|
if (!check_password_strength($password_new, $text, 'user')) {
|
||
|
$password_reset = true;
|
||
|
}
|
||
|
else {
|
||
|
$salt = uuid();
|
||
|
$sql = "update v_users set ";
|
||
|
$sql .= "password = :password, ";
|
||
|
$sql .= "salt = :salt ";
|
||
|
$sql .= "where domain_uuid = :domain_uuid ";
|
||
|
$sql .= "and username = :username ";
|
||
|
$parameters['domain_uuid'] = $_SESSION['valid_domain'];
|
||
|
$parameters['password'] = md5($salt.$password_new);
|
||
|
$parameters['salt'] = $salt;
|
||
|
$parameters['username'] = $username;
|
||
|
$database = new database;
|
||
|
$database->execute($sql, $parameters);
|
||
|
unset($sql, $parameters);
|
||
|
|
||
|
message::add($text['message-password_reset'], 'positive', 2500);
|
||
|
unset($_SESSION['valid_username'], $_SESSION['valid_domain']);
|
||
|
|
||
|
header('Location: //'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
|
||
|
exit;
|
||
|
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
//not found
|
||
|
message::add($text['message-invalid_username_mismatch_passwords'], 'negative', 5000);
|
||
|
$password_reset = true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//get the http values and set as variables
|
||
|
$msg = isset($_GET["msg"]) ? $_GET["msg"] : null;
|
||
|
|
||
|
//set variable if not set
|
||
|
if (!isset($_SESSION['login']['domain_name_visible']['boolean'])) { $_SESSION['login']['domain_name_visible']['boolean'] = null; }
|
||
|
|
||
|
//santize the login destination url and set a default value
|
||
|
if (isset($_SESSION['login']['destination']['url'])) {
|
||
|
$destination_path = parse_url($_SESSION['login']['destination']['url'])['path'];
|
||
|
$destination_query = parse_url($_SESSION['login']['destination']['url'])['query'];
|
||
|
$destination_path = preg_replace('#[^a-zA-Z0-9_\-\./]#', '', $destination_path);
|
||
|
$destination_query = preg_replace('#[^a-zA-Z0-9_\-\./&=]#', '', $destination_query);
|
||
|
$_SESSION['login']['destination']['url'] = (strlen($destination_query) > 0) ? $destination_path.'?'.$destination_query : $destination_path;
|
||
|
}
|
||
|
else {
|
||
|
$_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/dashboard/";
|
||
|
}
|
||
|
|
||
|
if (strlen($_REQUEST['path']) > 0) {
|
||
|
$_SESSION['redirect_path'] = $_REQUEST['path'];
|
||
|
}
|
||
|
|
||
|
//add the header
|
||
|
$document['title'] = $text['title-login'];
|
||
|
include "resources/header.php";
|
||
|
|
||
|
//show the content
|
||
|
echo "<script>";
|
||
|
echo " var speed = 350;";
|
||
|
echo " function toggle_password_reset(hide_id, show_id, focus_id) {";
|
||
|
echo " if (focus_id == undefined) { focus_id = ''; }";
|
||
|
echo " $('#'+hide_id).slideToggle(speed, function() {";
|
||
|
echo " $('#'+show_id).slideToggle(speed, function() {";
|
||
|
echo " if (focus_id != '') {";
|
||
|
echo " $('#'+focus_id).trigger('focus');";
|
||
|
echo " }";
|
||
|
echo " });";
|
||
|
echo " });";
|
||
|
echo " }";
|
||
|
echo "</script>";
|
||
|
|
||
|
echo "<br />\n";
|
||
|
|
||
|
if (!$password_reset) {
|
||
|
|
||
|
//create token
|
||
|
$object = new token;
|
||
|
$token = $object->create('login');
|
||
|
|
||
|
echo "<div id='login_form'>\n";
|
||
|
echo "<form name='login' method='post' action='".$_SESSION['login']['destination']['url']."'>\n";
|
||
|
echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder=\"".$text['label-username']."\"><br />\n";
|
||
|
echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder=\"".$text['label-password']."\"><br />\n";
|
||
|
if ($_SESSION['login']['domain_name_visible']['boolean'] == "true") {
|
||
|
if (count($_SESSION['login']['domain_name']) > 0) {
|
||
|
$click_change_color = ($_SESSION['theme']['login_input_text_color']['text'] != '') ? $_SESSION['theme']['login_input_text_color']['text'] : (($_SESSION['theme']['input_text_color']['text'] != '') ? $_SESSION['theme']['input_text_color']['text'] : '#000000');
|
||
|
$placeholder_color = ($_SESSION['theme']['login_input_text_placeholder_color']['text'] != '') ? 'color: '.$_SESSION['theme']['login_input_text_placeholder_color']['text'].';' : 'color: #999999;';
|
||
|
echo "<select name='domain_name' class='txt login' style='".$placeholder_color." width: 200px; text-align: center; text-align-last: center; margin-bottom: 8px;' onclick=\"this.style.color='".$click_change_color."';\" onchange=\"this.style.color='".$click_change_color."';\">\n";
|
||
|
echo " <option value='' disabled selected hidden>".$text['label-domain']."</option>\n";
|
||
|
sort($_SESSION['login']['domain_name']);
|
||
|
foreach ($_SESSION['login']['domain_name'] as &$row) {
|
||
|
echo " <option value='".escape($row)."'>".escape($row)."</option>\n";
|
||
|
}
|
||
|
echo "</select><br />\n";
|
||
|
}
|
||
|
else {
|
||
|
echo "<input type='text' name='domain_name' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' placeholder=\"".$text['label-domain']."\"><br />\n";
|
||
|
}
|
||
|
}
|
||
|
echo "<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-login']."'>\n";
|
||
|
if (
|
||
|
function_exists('openssl_encrypt') &&
|
||
|
$_SESSION['login']['password_reset_key']['text'] != '' &&
|
||
|
$_SESSION['email']['smtp_host']['text'] != ''
|
||
|
) {
|
||
|
echo "<br><br><a class='login_link' onclick=\"toggle_password_reset('login_form','request_form','email');\">".$text['label-reset_password']."</a>";
|
||
|
}
|
||
|
echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
|
||
|
echo "</form>";
|
||
|
echo "<script>$('#username').trigger('focus');</script>";
|
||
|
echo "</div>";
|
||
|
|
||
|
echo "<div id='request_form' style='display: none;'>\n";
|
||
|
echo "<form name='request' method='post'>\n";
|
||
|
echo "<input type='hidden' name='action' value='request'>\n";
|
||
|
echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='email' id='email' placeholder=\"".$text['label-email_address']."\"><br />\n";
|
||
|
echo "<input type='submit' id='btn_reset' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-reset']."'>\n";
|
||
|
echo "<br><br><a class='login_link' onclick=\"toggle_password_reset('request_form','login_form','username');\">".$text['label-cancel']."</a>";
|
||
|
echo "</form>";
|
||
|
echo "</div>";
|
||
|
|
||
|
}
|
||
|
else {
|
||
|
|
||
|
echo "<script>\n";
|
||
|
echo " function compare_passwords() {\n";
|
||
|
echo " if (document.getElementById('password') === document.activeElement || document.getElementById('password_confirm') === document.activeElement) {\n";
|
||
|
echo " if ($('#password').val() != '' || $('#password_confirm').val() != '') {\n";
|
||
|
echo " if ($('#password').val() != $('#password_confirm').val()) {\n";
|
||
|
echo " $('#password').removeClass('formfld_highlight_good');\n";
|
||
|
echo " $('#password_confirm').removeClass('formfld_highlight_good');\n";
|
||
|
echo " $('#password').addClass('formfld_highlight_bad');\n";
|
||
|
echo " $('#password_confirm').addClass('formfld_highlight_bad');\n";
|
||
|
echo " }\n";
|
||
|
echo " else {\n";
|
||
|
echo " $('#password').removeClass('formfld_highlight_bad');\n";
|
||
|
echo " $('#password_confirm').removeClass('formfld_highlight_bad');\n";
|
||
|
echo " $('#password').addClass('formfld_highlight_good');\n";
|
||
|
echo " $('#password_confirm').addClass('formfld_highlight_good');\n";
|
||
|
echo " }\n";
|
||
|
echo " }\n";
|
||
|
echo " }\n";
|
||
|
echo " else {\n";
|
||
|
echo " $('#password').removeClass('formfld_highlight_bad');\n";
|
||
|
echo " $('#password_confirm').removeClass('formfld_highlight_bad');\n";
|
||
|
echo " $('#password').removeClass('formfld_highlight_good');\n";
|
||
|
echo " $('#password_confirm').removeClass('formfld_highlight_good');\n";
|
||
|
echo " }\n";
|
||
|
echo " }\n";
|
||
|
|
||
|
$setting['length'] = $_SESSION['users']['password_length']['numeric'];
|
||
|
$setting['number'] = ($_SESSION['users']['password_number']['boolean'] == 'true') ? true : false;
|
||
|
$setting['lowercase'] = ($_SESSION['users']['password_lowercase']['boolean'] == 'true') ? true : false;
|
||
|
$setting['uppercase'] = ($_SESSION['users']['password_uppercase']['boolean'] == 'true') ? true : false;
|
||
|
$setting['special'] = ($_SESSION['users']['password_special']['boolean'] == 'true') ? true : false;
|
||
|
|
||
|
echo " function check_password_strength(pwd) {\n";
|
||
|
echo " if ($('#password').val() != '' || $('#password_confirm').val() != '') {\n";
|
||
|
echo " var msg_errors = [];\n";
|
||
|
if (is_numeric($setting['length']) && $setting['length'] != 0) {
|
||
|
echo " var re = /.{".$setting['length'].",}/;\n"; //length
|
||
|
echo " if (!re.test(pwd)) { msg_errors.push('".$setting['length']."+ ".$text['label-characters']."'); }\n";
|
||
|
}
|
||
|
if ($setting['number']) {
|
||
|
echo " var re = /(?=.*[\d])/;\n"; //number
|
||
|
echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-numbers']."'); }\n";
|
||
|
}
|
||
|
if ($setting['lowercase']) {
|
||
|
echo " var re = /(?=.*[a-z])/;\n"; //lowercase
|
||
|
echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-lowercase_letters']."'); }\n";
|
||
|
}
|
||
|
if ($setting['uppercase']) {
|
||
|
echo " var re = /(?=.*[A-Z])/;\n"; //uppercase
|
||
|
echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-uppercase_letters']."'); }\n";
|
||
|
}
|
||
|
if ($setting['special']) {
|
||
|
echo " var re = /(?=.*[\W])/;\n"; //special
|
||
|
echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-special_characters']."'); }\n";
|
||
|
}
|
||
|
echo " if (msg_errors.length > 0) {\n";
|
||
|
echo " var msg = '".$text['message-password_requirements'].": ' + msg_errors.join(', ');\n";
|
||
|
echo " display_message(msg, 'negative', '6000');\n";
|
||
|
echo " return false;\n";
|
||
|
echo " }\n";
|
||
|
echo " else {\n";
|
||
|
echo " return true;\n";
|
||
|
echo " }\n";
|
||
|
echo " }\n";
|
||
|
echo " else {\n";
|
||
|
echo " return true;\n";
|
||
|
echo " }\n";
|
||
|
echo " }\n";
|
||
|
|
||
|
echo " function show_strenth_meter() {\n";
|
||
|
echo " $('#pwstrength_progress').slideDown();\n";
|
||
|
echo " }\n";
|
||
|
echo "</script>\n";
|
||
|
|
||
|
echo "<span id='reset_form'>\n";
|
||
|
echo "<form name='reset' id='frm' method='post'>\n";
|
||
|
echo "<input type='hidden' name='action' value='reset'>\n";
|
||
|
echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder=\"".$text['label-username']."\"><br />\n";
|
||
|
echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 4px;' name='password_new' id='password' autocomplete='off' placeholder=\"".$text['label-new_password']."\" onkeypress='show_strenth_meter();' onfocus='compare_passwords();' onkeyup='compare_passwords();' onblur='compare_passwords();'><br />\n";
|
||
|
echo "<div id='pwstrength_progress' class='pwstrength_progress pwstrength_progress_password_reset'></div>";
|
||
|
echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-top: 4px; margin-bottom: 8px;' name='password_repeat' id='password_confirm' autocomplete='off' placeholder=\"".$text['label-repeat_password']."\" onfocus='compare_passwords();' onkeyup='compare_passwords();' onblur='compare_passwords();'><br />\n";
|
||
|
echo "<input type='button' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-save']."' onclick=\"if (check_password_strength(document.getElementById('password').value)) { submit_form(); }\">\n";
|
||
|
echo "<br><br><a class='login_link' onclick=\"document.location.href='login.php';\">".$text['label-cancel']."</a>";
|
||
|
echo "</form>";
|
||
|
|
||
|
echo "<script>\n";
|
||
|
echo " $('#username').trigger('focus');\n";
|
||
|
// convert password fields to text
|
||
|
echo " function submit_form() {\n";
|
||
|
echo " hide_password_fields();\n";
|
||
|
echo " $('form#frm').submit();\n";
|
||
|
echo " }\n";
|
||
|
echo "</script>\n";
|
||
|
echo "</span>";
|
||
|
|
||
|
}
|
||
|
|
||
|
//add the footer
|
||
|
$login_page = true;
|
||
|
include "resources/footer.php";
|
||
|
|
||
|
?>
|