Merge pull request #18 from Ecodev/password-reset
#75 Enable users to reset their passwordspull/70/head
commit
f3b2fe68f1
@ -0,0 +1 @@
|
||||
users/password-change.php
|
@ -0,0 +1 @@
|
||||
users/password-recover.php
|
@ -0,0 +1,28 @@
|
||||
<div id="edit_form">
|
||||
<form name="mailbox" method="post">
|
||||
<table>
|
||||
<tr>
|
||||
<td colspan="3"><h3>{$PALANG.pPassword_welcome}</h3></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>{$PALANG.pLogin_username} :</td>
|
||||
<td><input class="flat" type="text" name="fUsername" value="{$tUsername}" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>{$PALANG.pPassword_password_code} :</td>
|
||||
<td><input class="flat" type="text" name="fCode" value="{$tCode}" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>{$PALANG.pPassword_password} :</td>
|
||||
<td><input class="flat" type="password" name="fPassword" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>{$PALANG.pPassword_password2} :</td>
|
||||
<td><input class="flat" type="password" name="fPassword2" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2" class="hlp_center"><input class="button" type="submit" name="submit" value="{$PALANG.change_password}" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</div>
|
@ -0,0 +1,26 @@
|
||||
<div id="edit_form">
|
||||
<form name="frmPassword" method="post" action="">
|
||||
<table>
|
||||
<tr>
|
||||
<th colspan="3">{$PALANG.pPassword_recovery_title}</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="label"><label>{$PALANG.pLogin_username}:</label></td>
|
||||
<td><input class="flat" type="text" name="fUsername" /></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td class="label"> </td>
|
||||
<td colspan="2">
|
||||
<input class="button" type="submit" name="submit" value="{$PALANG.pPassword_recovery_button}" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
{literal}
|
||||
<script type="text/javascript">
|
||||
<!--
|
||||
document.frmPassword.fUsername.focus();
|
||||
// -->
|
||||
</script>
|
||||
{/literal}
|
||||
</div>
|
@ -0,0 +1,104 @@
|
||||
<?php
|
||||
/**
|
||||
* Postfix Admin
|
||||
*
|
||||
* LICENSE
|
||||
* This source file is subject to the GPL license that is bundled with
|
||||
* this package in the file LICENSE.TXT.
|
||||
*
|
||||
* Further details on the project are available at http://postfixadmin.sf.net
|
||||
*
|
||||
* @version $Id$
|
||||
* @license GNU GPL v2 or later.
|
||||
*
|
||||
* File: password-change.php
|
||||
* Used by users and admins to change their forgotten login password.
|
||||
* Template File: password-change.tpl
|
||||
*
|
||||
* Template Variables:
|
||||
*
|
||||
* tUsername
|
||||
* tCode
|
||||
*
|
||||
* Form POST \ GET Variables:
|
||||
*
|
||||
* fUsername
|
||||
*/
|
||||
|
||||
if (preg_match('/\/users\//', $_SERVER['REQUEST_URI'])) {
|
||||
$rel_path = '../';
|
||||
$context = 'users';
|
||||
} else {
|
||||
$rel_path = './';
|
||||
$context = 'admin';
|
||||
}
|
||||
require_once($rel_path . 'common.php');
|
||||
|
||||
if ($context == 'admin' && !Config::read('forgotten_admin_password_reset') || $context == 'users' && !Config::read('forgotten_user_password_reset'))
|
||||
{
|
||||
header('HTTP/1.0 403 Forbidden');
|
||||
exit(0);
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'GET')
|
||||
{
|
||||
$tUsername = safeget('username');
|
||||
$tCode = safeget('code');
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST')
|
||||
{
|
||||
if(safepost('fCancel')) {
|
||||
header('Location: main.php');
|
||||
exit(0);
|
||||
}
|
||||
|
||||
$fPassword = safepost('fPassword');
|
||||
$fPassword2 = safepost('fPassword2');
|
||||
|
||||
$tUsername = safepost('fUsername');
|
||||
$tCode = trim(strtoupper(safepost('fCode')));
|
||||
|
||||
if (empty($fPassword) or ($fPassword != $fPassword2)) {
|
||||
$error = true;
|
||||
flash_error(Config::lang('pPassword_password_text_error'));
|
||||
} elseif (trim(strtoupper($tCode) != getPasswordRecoveryCode($tUsername))) {
|
||||
flash_error(Config::lang('pPassword_code_text_error'));
|
||||
} else {
|
||||
session_regenerate_id();
|
||||
$_SESSION['sessid']['username'] = $tUsername;
|
||||
if ($context == 'users') {
|
||||
$_SESSION['sessid']['roles'][] = 'user';
|
||||
$handler = new MailboxHandler;
|
||||
} else {
|
||||
$_SESSION['sessid']['roles'][] = 'admin';
|
||||
$handler = new AdminHandler;
|
||||
}
|
||||
if (!$handler->init($tUsername)) {
|
||||
flash_error($handler->errormsg);
|
||||
} else {
|
||||
$values = $handler->result;
|
||||
$values[$handler->getId_field()] = $tUsername;
|
||||
$values['password'] = $fPassword;
|
||||
$values['password2'] = $fPassword2;
|
||||
if ($handler->set($values) && $handler->store()) {
|
||||
flash_info(Config::lang_f('pPassword_result_success', $tUsername));
|
||||
header('Location: ' . dirname($_SERVER['REQUEST_URI']) . '/main.php');
|
||||
exit(0);
|
||||
} else {
|
||||
foreach($handler->errormsg as $msg) {
|
||||
flash_error($msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$smarty->assign ('language_selector', language_selector(), false);
|
||||
$smarty->assign('tUsername', @$tUsername);
|
||||
$smarty->assign('tCode', @$tCode);
|
||||
$smarty->assign ('smarty_template', 'password-change');
|
||||
$smarty->display ('index.tpl');
|
||||
|
||||
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
|
||||
?>
|
@ -0,0 +1,124 @@
|
||||
<?php
|
||||
/**
|
||||
* Postfix Admin
|
||||
*
|
||||
* LICENSE
|
||||
* This source file is subject to the GPL license that is bundled with
|
||||
* this package in the file LICENSE.TXT.
|
||||
*
|
||||
* Further details on the project are available at http://postfixadmin.sf.net
|
||||
*
|
||||
* @version $Id$
|
||||
* @license GNU GPL v2 or later.
|
||||
*
|
||||
* File: password-recover.php
|
||||
* Used by users and admins to recover their forgotten login password.
|
||||
* Template File: password-recover.tpl
|
||||
*
|
||||
* Template Variables:
|
||||
*
|
||||
* none
|
||||
*
|
||||
* Form POST \ GET Variables:
|
||||
*
|
||||
* fUsername
|
||||
*/
|
||||
|
||||
|
||||
if (preg_match('/\/users\//', $_SERVER['REQUEST_URI'])) {
|
||||
$rel_path = '../';
|
||||
$context = 'users';
|
||||
} else {
|
||||
$rel_path = './';
|
||||
$context = 'admin';
|
||||
}
|
||||
require_once($rel_path . 'common.php');
|
||||
|
||||
if ($context == 'admin' && !Config::read('forgotten_admin_password_reset') || $context == 'users' && !Config::read('forgotten_user_password_reset'))
|
||||
{
|
||||
header('HTTP/1.0 403 Forbidden');
|
||||
exit(0);
|
||||
}
|
||||
|
||||
function sendCodebyEmail($to, $username, $code)
|
||||
{
|
||||
$fHeaders = "To: " . $to . PHP_EOL;
|
||||
$fHeaders .= "From: " . Config::read('admin_email') . PHP_EOL;
|
||||
$fHeaders .= "Subject: " . encode_header(Config::Lang('pPassword_welcome')) . PHP_EOL;
|
||||
$fHeaders .= "MIME-Version: 1.0" . PHP_EOL;
|
||||
$fHeaders .= "Content-Type: text/plain; charset=utf-8" . PHP_EOL;
|
||||
$fHeaders .= "Content-Transfer-Encoding: 8bit" . PHP_EOL . PHP_EOL;
|
||||
|
||||
$url = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . '/password-change.php?username=' . urlencode($username) . '&code=' . $code;
|
||||
$fHeaders .= Config::lang_f('pPassword_recovery_email_body', $url);
|
||||
|
||||
return smtp_mail($to, Config::read('admin_email') , $fHeaders);
|
||||
}
|
||||
|
||||
function sendCodebySMS($to, $username, $code)
|
||||
{
|
||||
$text = Config::lang_f('pPassword_recovery_sms_body', $code);
|
||||
|
||||
$url = 'https://api.clickatell.com/http/sendmsg?api_id=' . Config::read('clickatell_api_id') . '&user=' . Config::read('clickatell_user') . '&password=' . Config::read('clickatell_password') . "&to=$to" . '&from=' . Config::read('clickatell_sender') . '&text=' . urlencode($text);
|
||||
|
||||
$result = file_get_contents($url);
|
||||
|
||||
return $result !== false;
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "POST")
|
||||
{
|
||||
$tUsername = escape_string (safepost('fUsername'));
|
||||
$table = table_by_key($context == 'users' ? 'mailbox' : 'admin');
|
||||
$result = db_query("SELECT * FROM `$table` WHERE username='$tUsername'");
|
||||
$eMessage = '';
|
||||
if ($result['rows'] == 1)
|
||||
{
|
||||
$row = db_array($result['result']);
|
||||
$code = getPasswordRecoveryCode($tUsername);
|
||||
|
||||
$email_other = trim($row['email_other']);
|
||||
$phone = trim($row['phone']);
|
||||
|
||||
// An active session is required to propagate flash messages to redirected page
|
||||
if ($email_other)
|
||||
{
|
||||
// send email
|
||||
if (sendCodeByEmail($email_other, $tUsername, $code))
|
||||
{
|
||||
flash_info(Config::Lang('pPassword_recovery_email_sent') . ' ' . $email_other);
|
||||
}
|
||||
}
|
||||
|
||||
if ($phone)
|
||||
{
|
||||
// send phone
|
||||
if (sendCodeBySMS($phone, $tUsername, $code))
|
||||
{
|
||||
flash_info(Config::Lang('pPassword_recovery_sms_sent') . ' ' . $phone);
|
||||
}
|
||||
}
|
||||
|
||||
if ($email_other || $phone)
|
||||
{
|
||||
// session_regenerate_id();
|
||||
header("Location: password-change.php?username=" . $tUsername);
|
||||
exit(0);
|
||||
}
|
||||
else
|
||||
{
|
||||
flash_error(Config::Lang('pPassword_recovery_no_alternative'));
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
flash_error(Config::Lang('pCreate_mailbox_username_text_error1'));
|
||||
}
|
||||
}
|
||||
|
||||
$smarty->assign ('language_selector', language_selector(), false);
|
||||
$smarty->assign ('smarty_template', 'password-recover');
|
||||
$smarty->display ('index.tpl');
|
||||
|
||||
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
|
||||
?>
|
Loading…
Reference in New Issue