2013-02-10 03:12:23 +01:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
FusionPBX
|
|
|
|
|
Version: MPL 1.1
|
|
|
|
|
|
|
|
|
|
The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
|
1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
|
the License. You may obtain a copy of the License at
|
|
|
|
|
http://www.mozilla.org/MPL/
|
|
|
|
|
|
|
|
|
|
Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
|
for the specific language governing rights and limitations under the
|
|
|
|
|
License.
|
|
|
|
|
|
|
|
|
|
The Original Code is FusionPBX
|
|
|
|
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
2019-08-18 08:54:21 +02:00
|
|
|
Portions created by the Initial Developer are Copyright (C) 2008-2019
|
2013-02-10 03:12:23 +01:00
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
|
|
|
|
Contributor(s):
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
//add multi-lingual support
|
2015-01-18 11:33:34 +01:00
|
|
|
$language = new text;
|
|
|
|
|
$text = $language->get(null,'core/user_settings');
|
2013-02-10 03:12:23 +01:00
|
|
|
|
2019-03-01 01:32:27 +01:00
|
|
|
//get action, if any
|
|
|
|
|
if (isset($_REQUEST['action'])) {
|
2019-08-18 08:34:16 +02:00
|
|
|
$action = $_REQUEST['action'];
|
2019-03-01 01:32:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//retrieve parse reset key
|
|
|
|
|
if ($action == 'define') {
|
|
|
|
|
$key = $_GET['key'];
|
|
|
|
|
$key_part = explode('|', decrypt($_SESSION['login']['password_reset_key']['text'], $key));
|
|
|
|
|
$username = $key_part[0];
|
|
|
|
|
$domain_uuid = $key_part[1];
|
|
|
|
|
$password_submitted = $key_part[2];
|
|
|
|
|
//get current salt, see if same as submitted salt
|
2019-08-29 01:53:34 +02:00
|
|
|
$sql = "select password from v_users ";
|
|
|
|
|
$sql .= "where domain_uuid = :domain_uuid ";
|
|
|
|
|
$sql .= "and username = :username ";
|
|
|
|
|
$parameters['domain_uuid'] = $domain_uuid;
|
|
|
|
|
$parameters['username'] = $username;
|
|
|
|
|
$database = new database;
|
|
|
|
|
$password_current = $database->select($sql, $parameters, 'column');
|
|
|
|
|
unset($sql, $parameters);
|
2019-03-01 01:32:27 +01:00
|
|
|
|
|
|
|
|
//set flag
|
2019-03-01 06:03:19 +01:00
|
|
|
if ($username != '' && $domain_uuid == $_SESSION['domain_uuid'] && $password_submitted == $password_current) {
|
|
|
|
|
$password_reset = true;
|
2019-03-01 06:13:54 +01:00
|
|
|
$_SESSION['valid_username'] = $username;
|
2019-03-01 06:03:19 +01:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
header("Location: /login.php");
|
|
|
|
|
exit;
|
|
|
|
|
}
|
2019-03-01 01:32:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//send password reset link
|
|
|
|
|
if ($action == 'request') {
|
|
|
|
|
if (valid_email($_REQUEST['email'])) {
|
2019-08-18 08:34:16 +02:00
|
|
|
$email = $_REQUEST['email'];
|
2019-08-18 08:45:07 +02:00
|
|
|
|
2019-03-01 01:32:27 +01:00
|
|
|
//see if email exists
|
|
|
|
|
$sql = "select ";
|
|
|
|
|
$sql .= "u.username, ";
|
|
|
|
|
$sql .= "u.password ";
|
|
|
|
|
$sql .= "from ";
|
|
|
|
|
$sql .= "v_users as u, ";
|
|
|
|
|
$sql .= "v_contact_emails as e ";
|
2019-08-18 08:54:21 +02:00
|
|
|
$sql .= "where e.domain_uuid = u.domain_uuid ";
|
2019-03-01 01:32:27 +01:00
|
|
|
$sql .= "and e.contact_uuid = u.contact_uuid ";
|
2019-08-18 08:54:21 +02:00
|
|
|
$sql .= "and u.email_address = :email ";
|
2019-08-18 08:34:16 +02:00
|
|
|
$sql .= "and e.domain_uuid = :domain_uuid ";
|
2019-08-29 01:53:34 +02:00
|
|
|
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
|
|
$parameters['email'] = $email;
|
|
|
|
|
$database = new database;
|
|
|
|
|
$result = $database->select($sql, $parameters, 'row');
|
|
|
|
|
unset($sql, $parameters);
|
2019-03-01 01:32:27 +01:00
|
|
|
|
|
|
|
|
if ($result['username'] != '') {
|
2019-08-18 08:45:07 +02:00
|
|
|
|
2019-03-14 06:30:39 +01:00
|
|
|
//generate reset link email and body variables
|
2019-03-01 01:32:27 +01:00
|
|
|
$key = encrypt($_SESSION['login']['password_reset_key']['text'], $result['username'].'|'.$_SESSION['domain_uuid'].'|'.$result['password']);
|
|
|
|
|
$reset_link = "https://".$_SESSION['domain_name'].PROJECT_PATH."/login.php?action=define&key=".urlencode($key);
|
2019-03-14 06:30:39 +01:00
|
|
|
$reset_button = email_button(strtoupper($text['label-reset_password']), $reset_link, '#2e82d0', '#fff');
|
|
|
|
|
$logo_full = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAPoAAABGCAYAAADl5IkzAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoV2luZG93cykiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6NjAzQjkyMEYxMzA5MTFFNEJCMEVBNTk1RkYzM0FEMjciIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6NjAzQjkyMTAxMzA5MTFFNEJCMEVBNTk1RkYzM0FEMjciPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo2MDNCOTIwRDEzMDkxMUU0QkIwRUE1OTVGRjMzQUQyNyIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo2MDNCOTIwRTEzMDkxMUU0QkIwRUE1OTVGRjMzQUQyNyIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PufA528AAFJVSURBVHja7H0HnBRV8n/15Lg5B9hdwpKDkiQJBlA5Eczp7sR05sN0Zw5n+OmZw5m9UzFgVowICh4gIhmJy7I5787O7OTY8//Wm55lWBZEz/Pu703zaWZ2Zvr169fvW/WtelXVUjQapd62t99+mw5lO+200w72tZTwPkr/3k36hc6T3JLbz7YdKs5+Avb22TQ/N9i2b98upaSkdAO8qKhI/ingwwBIh3Ch0YMIkgMdnxQEye1/bvs5gC41NDSo+I1er5eys7PFh+3t7fK2bduiB5I8PYAsxfe8vDy1RqNRDR06VKt8p+pxqKxSqSRZlqPr168Pd3R0hJ1OZ1yYRBOB3EMQ9BQCScAntyTQD0GbCu0NkEsMcP4sEAhEV69eLR8E1ALM0Pjq4cOHGw0GgxF/G9RqtRG7GQC24tUiSRLvJuxqBehxsMswNbj9CPYwwO4vLi524TN3OBzm3YPPPOiHz263e3HekAJouQf4o0nQJ7ck0A8R5EzRGeSJ2rsXzamCltfk5OSYzGZzqlarzQSYs7FnAdi5eM3Bawb2NACbwZ6GPQXvDfH+4b0AuuJPiMaBjr/9kUikC69dALgLeyf2duxtmZmZraWlpfzeHgqFHB6Px4k+egB+uQfwk2BPbkmg9wS4YocTgxyUOQrwyL2BG9TbZLFY0gFsBnUewFsASt5X2UvxWTE+s2A3RtxuQ3tVFfna2sjNu8NBQZeLIoEARYJBikYiFOfmKq2WNHo9aUwm0mK3pKeTMTeXzAUFlFtaGlVJkg/gdjPYoeFbsNdAGNRDyNRnZWU14+9WAL/NZrN17dmzxw8GEgUrkdFf1ZAhQxJt+CTwk9v/rkaHRjwQENT9+vUzpKenp0HL5wHg/QDogdj5tT/+7o/XnIjPJ9WuXk0Na9dS265dZKupIV97O/kB7JDPR2HsQYBbDodJBsDjqwKJ/DuqUpGkVpNFo6FMAF8NwJPZTJA+kgTmkF5WZiodOTKncMSIYVkjR5LZag2jvSYAfDeAXgXg7zEajbtzc3NrmAGkpqba29ra/BBakR+w7ZNbcvv/cpN+4vJaos2tHjRoUArAkqfT6foB5MMB6CEA9iD8PTDo81laNm+m6q++op3LllHLzp0kA8zRUEiAGLSc1AAs7wTwavGqYiDjc7xh3i4ALiV42gBO8ZkRgiAd73UQCjgXaVnb43gWErDTyYv2261WShs4kAaMH08FkyZR+ogRlJmW1smgx74dv1vn9/vXgZ1UAegOxSxIgj25/SLbf+vyWhzgqoKCAn1+fn4WNGMf1tgA+BiAbTxrcr/Nlr7j00+pdsUKqli+nJorKoQGNhoMpAcg1UYjaSwWAs3uBrUAdswg3/c10ROnAJ3b4m9lAJu9bTpuB5+puX1odj00vDE1lYwpKaTDubx1dWT76CP6JwaVz23p1y8je9as8cOmTRufnpMzA/b7xwD9wpEjR1ZDiDjRlzAofQCUPpQEfXL7n6LubMOC3qoyMjKAn5RMALs/gD0K+2F4Px6vJdsXL1ZtXbSIqr75hppgxxO0tgmAs2Rmkh6alsEswB2jEmInaGWo6ARRIsWkSQ+tToowiFN4SVG9QewmtCO0PLfD79FmCPRf4/eTFsBOB30vzMigSRACrq4uam9ooJoFC+jDW2+lnNNPLzzujjtOhw3vBqWvhNDy4TxOXGN9Tk5OHa7ZoXjvk4BPbr96oEtdXV2avn37prMjzWQyTQSwgRvzUZFAIG3tK6/QmpdeogaAm21trV5PKWlppGI6DnBqAbwwQCcD+BJ2BrdaFdPCWrVG2NwsAKIMaABVmBORMIUje8HLbanRrhZg1YAVRBLoPL+P8HEMdrQdYecdzhMBhQ+BwqthKnjtdmEaWPr3p9yJE2kYKH3zhg305V13U+SWW1JwTTO1Ot1p6E9xKBxaD0q/Vq1Wr8L1bkhPT2+y2+1u9tgnwZ7cftVAh9Y247UUmu63APgcZ2trwZLnnqOVTz1FHaDGTJF1AKIlK4v0AGwYGjUA0EcBMq1OS6k5uZTety9Zc3PIkp9PhuwcMkMYpIDCq40GUuF4/BCIDZHsD1DI6aIut5v8Djt5mprJ29ZKflsndeJcDH6m6bJC6+NAjyhaXXjpWbgw2Nmxx3/jcwZ90OEgNSi/IT2dDKD2Um4ue/HDUjhcIDlaMmoeO59Sj/r9mJSJp7IpMg6mxaug9Z87HI5qhUAkt+T2qwS6WC6DlrVCuw21WCxnrnr++Yz37rqLOpqaKAtgMYMWMw1ngIWdTuEIS8vOpmHHHEO5hx9OOUMGU/aAAZRZXBzVZGT2bD+2OJ7gFJT22uf7hLGGQburli+Xvrj5ZiFEVBAs4QSgh6HBGdwaAJm1OTvl+DUCYSNYAFgFe/Y1Hg8ZsLOW7+JIvhiL0ETCPnKu+5LsK74ky6gnqOCCvx5uGjDO53Q6K3HdbW63O3665JbcfpUaXQ0QcaRaXwbEtx98QA0AeT7sbwao3+UUFNwKwI+aO4fKTziBSiZPJlN2TjTaw63fC6ClHuDeTxDEj1FDqJTPmUMrH3hA8nZ0CKDzNwHsWvbOQ2sHAWDZ6yUT+qKF1mdmIcCOVzWEQJjX5tmMAFtwVVezYy7eB7Xsw3WYBX0h16a15Nm+itIHHdEHfeM1f2Y0To7yS9L35Parpe6grxqAXQfQSUUFBbQOH/qhYTNBw/uPP4oOP+VkGnX66RAD2m5wM/Ck2NYNaIfTT502p2Tr9FJbm5u6uvzkcgcoLEdJUkkJwkCitFQDlQ/IkcaMLhZtckPehgbJb7PF7Hlli4e6RQHmDmhuc3k5dVZUUCEYhrawUGh5LXah4Rnk/AqB0Pn991R44myK+f5UqmBnI3EMntqkF+fXpOUITY/
|
|
|
|
|
$logo_shield = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB8AAAAeCAYAAADU8sWcAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAACVVJREFUeNqcVgtwlNUV/v59b3Y3u2Gzm2XJg7wJIUASSBShToECArUwjhAqVVt8tEVn+lBbRtFAtQ4gPlBaFftQUSi+WpmkKPJQCkyCgBBDSMhrEzab3Wyy2ezj3/0f+/f8a9JBC07wzny789+593z3nHPPdy4jSRJGh2L0P4Grj1TCRIKDMIGgJjCj63nCEMFD6CNEMI6hGjVwNVI7oVqGGI9XBFyuyUPd3bZQf39aNBBQCrEYEqJIFlTQ6PVItVgEg9MZMGRleUxOZ4fBaGwiw6dofwNh4GrkzBWey0NHWEpY6b1wYf6lI0ecPY2N8LW0INjTg3gwCFEmHV0sjbosn36SUgmrxQJDZiashYVIKSqCQf4vKPA4ysoOm8zmF0cP8n/kZsK9bCBwT+OePcVf7NuHS8eOYSSRSMbWQDARtFotGPJU9piPxyHSXp3ZDE1GBkw8nzxAqtUKY3o6DDTPmExgJk5EkNYWrFnTbCsre53MeAnvyamRw54X9Pk+OLB16/Rju3ahd2QENposLilBzuzZyJ5WknAU5klmm1XSGVLAKBSQBA4DHj/jbutmXP85ruhqbICgViPKMNCEw9AQqYFgzc+HY9EiXDp0CMFhNts22LbJ9daz+kl3P3WXKtVaI5OXHtq1a/qz27fjlqJi3P7oBqFq1Y8E/eQSZjSiTJh+BsNgvFH6kGeUQMZMSNnLwGdWVmraV6xQ8OQpy7KQ6HAMRSGFUhQeGABHKePIc2vpTI67fEDqfuYVvT6vfL59+f3lMrm7ZNYs32t7XreX1dzpo29Nj1/QtR7pVPV2eZRefwSDw1EEQnGEWBHBGI8LFzyYXmRH3d6fKQJNZxmRiBgiDwwP47Z335WCZ8+if+dOJoXCH/J4wNOhTGkaBft5q84wmcokLSM+FvYLJYsX7wvEpHvrPm6xeDrcGo4VoFCr5CQjNc0AlVEPTYSHIhCFGGQRoqr8Yc1NyfI89+bbyfxyRGwtLUVedTWOf/ghI5C3Asch0N4OLitbMjBQ+nrOqNRUsBqrU857r1zb8dZWd+nOLXu1iIU1FZV5uGFeMRw59mQZhaMcfME4LntD6BliUd/kR9W8Kfj5imJcfPE5eBsaYbLbESfyslWrkpe4t74eaoMBVKLwdXXBWDBVkMuacx1TaDMMUFud/fTtkz2XRD4h5mQ7MGNGPlouuDE4EkcwyqO1axBt3ghYiS6ZgoFfUKC6Ohd7ty0Be+YkDj36BIx0m/lQKHnLq9avR9cnn8Df1ARzRQUEurwhyv/kqnkJhM+reLcbuuwqIs/sJN6YTI7iKc6GTw+3LDx1qgNcQgE/edrtCcI+KU1auqwMMwrTGbvV8DWB2P3LXyEok8qyRv9LNm6EitJ08vnnIdKlE6gcA53EMbMczmyLFDvytEoMUtlmTaeKQdOYwkGpUjaYU1PQ/GUfnPkT0dkXBK9U4f61syVeSDDnXcNobvRgICIgyCXw0KqpuH1rLXb/eB0s06ox86ZlmLvxHnR8VIfmAweQmZUFiTz2eb2YumGzHHJEm95VMnpAXyCLJk7/j1z+yMlN7/qsoTtX70yHQqXECF2sNY/sV7QEePRGpa+W6rRkRcTBtiBOPr4E67q7ITEqMMqhpJGIP5QUII5qfogUUU0qV7L6VhFdb6m47k4obUbo8m5so6VnrmwmfeWzcj9ValXo6PJjiHI+wkkIiAwYgx6qCaRvDgtpaBpQkYVWVwxr/txO59GAcS8BjpIsBTZg2h01cM6YCV9fH1xUflPW/0YkvZZCh7ao+BDd8pxq6LJKj45p/Rg5UgzautKpk/BFcz9CVMuDMRF9IQE9PSMQ+ARMFh3M6UYwlFfodMgvzKNdLUDrwa8E/uJfksZueqgWnZEIrPPno/KuGhHNO9WxjiYIJE76aStkqv1XdrWx8fGiBVPOv/HPpukezwg6KdRKixHbH6hKLKjKkpyOFLrvYIaokZ2jc8+RG+vFfwFy0VhJ8lw0mfEkytc+Jt3R9HumbO19lOtBJlD/sJKLkZcTMmGcvfoErT54NfKRgnzbm3Mqsra9tO8ckG7BFKcFD9xaHNcgwuD0Szrww0g3aFDkzKfltxHpAkikVUxQ/MrCZxvBGBcwy7c8zSUN7v6eJu5jERumxrS4Bmqzba+sK9dqqbaWi97j1St3FQomI1i1Fnt23MnVVIqJtp86dBqGhT6dTkxbUuYshX5lHYSTT0A4shlKh5bUL45EigP6nzQm2IZXmeD+JxkOGnB8GnIe/7xFY8ucO/ro+NrrZWwMlEzJeGX92tlgXX7QLrz6j2MaesQk7MsfTkSpw/A6J3ijBSPH6xE7/TJUN24i+fw+gpfiiCmtYP1DGNiSpxg++Awj6BwI9XBIvflBEPGLVxJfzXN5GMKh2NHypS/PavdTslINeP9Pa+MrK9MSFx8s0SeGW0kosqDg/VCIUdh+3QBNVpU0sKOC4S+fpZA4kHzlJPSIXO6HylGOom2nDjNKxcLR9weu5XmyXI0m3Ybtjy0CQvQUC4Txhx0HtfLGwvte4NhBCRFvDDEhA9GwGr1/nAth2I0Jd9dLbMyM6KCAWNSMsE9APKLFxLufE4i49pvESXGrra292vOqs7jApo2GY/NOfHIR/f0kHnqdYsGymzkmwaj9R+sYhS6N9D6NnlYRBE+8w7C97Qzr6QcfU0KIK8H2kFreuRnpC9duIntvjucN982o7F+2+rWl9e+fhyLXjo/fWsctmD1RcD13b0rgxIfQ55RSeEUkosMQ2SBUqRnUiqk5dn8J8w3LkfvIG++QjVXXIvg2cnlkRSLxwzcveqHg9IlWZJYX4vhHv41n29Riz45fpLCuZugnT6PWGaXWKL8BdIh7u6AyWZH78N/PKLQpcp4D35VcHjN83lD9ksXPO8+eO4+yWZU4eviR6ASTQnT/9XcmbsgHQ0E5JIpA3NOBRCyCSeu2dKot9ltob9u3WpbJx4HyAe9I79yKWjrpQml60aNSX180QvMD/rqdQu/fHpM8+7ZJva8+JMX97naanzoeu+MllzE1znKtq5dsp13VUobpLunzU+4QzbuGT3wQd+/eLPFD/efou2C8Nq+HXIaNsP+pje/RzjmEQmnTE+/QlHRcksQH6d9+Pfaul3wMmw78u1GqqnhA2v3GoSh9z/8udsZz4a41fkCgZo63x14m1zv+K8AAzpBEP7qfQcsAAAAASUVORK5CYII=';
|
|
|
|
|
$domain = $_SESSION['domains'][$_SESSION['domain_uuid']]['domain_name'];
|
2019-08-18 08:45:07 +02:00
|
|
|
|
2019-03-14 06:30:39 +01:00
|
|
|
//get email template from db
|
|
|
|
|
$sql = "select template_subject, template_body from v_email_templates ";
|
2019-08-29 01:53:34 +02:00
|
|
|
$sql .= "where template_language = :template_language ";
|
|
|
|
|
$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
|
2019-03-14 06:30:39 +01:00
|
|
|
$sql .= "and template_category = 'password_reset' ";
|
|
|
|
|
$sql .= "and template_subcategory = 'default' ";
|
|
|
|
|
$sql .= "and template_type = 'html' ";
|
|
|
|
|
$sql .= "and template_enabled = 'true' ";
|
2019-08-29 01:53:34 +02:00
|
|
|
$parameters['template_language'] = $_SESSION['domain']['language']['code'];
|
|
|
|
|
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
|
|
$database = new database;
|
|
|
|
|
$row = $database->select($sql, $parameters, 'row');
|
2019-08-18 08:54:21 +02:00
|
|
|
$email_subject = $row['template_subject'];
|
|
|
|
|
$email_body = $row['template_body'];
|
2019-08-29 01:53:34 +02:00
|
|
|
unset($sql, $parameters, $row);
|
2019-08-18 08:45:07 +02:00
|
|
|
|
2019-03-14 06:30:39 +01:00
|
|
|
//replace variables in email body
|
2019-08-18 08:54:21 +02:00
|
|
|
$email_body = str_replace('${reset_link}', $reset_link, $email_body);
|
|
|
|
|
$email_body = str_replace('${reset_button}', $reset_button, $email_body);
|
|
|
|
|
$email_body = str_replace('${logo_full}', $logo_full, $email_body);
|
|
|
|
|
$email_body = str_replace('${logo_shield}', $logo_shield, $email_body);
|
|
|
|
|
$email_body = str_replace('${domain}', $domain, $email_body);
|
2019-08-18 08:45:07 +02:00
|
|
|
|
2019-03-01 01:32:27 +01:00
|
|
|
//send reset link
|
2019-08-18 08:54:21 +02:00
|
|
|
if (send_email($email, $email_subject, $email_body)) {
|
2019-03-01 01:32:27 +01:00
|
|
|
//email sent
|
|
|
|
|
message::add($text['message-reset_link_sent'], 'positive', 2500);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//email failed
|
|
|
|
|
message::add($eml_error, 'negative', 5000);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//not found
|
|
|
|
|
message::add($text['message-invalid_email'], 'negative', 5000);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//not found
|
|
|
|
|
message::add($text['message-invalid_email'], 'negative', 5000);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//reset password
|
|
|
|
|
if ($action == 'reset') {
|
2019-08-18 08:34:16 +02:00
|
|
|
$authorized_username = $_REQUEST['au'];
|
|
|
|
|
$username = $_REQUEST['username'];
|
|
|
|
|
$password_new = $_REQUEST['password_new'];
|
|
|
|
|
$password_repeat = $_REQUEST['password_repeat'];
|
2019-03-01 01:32:27 +01:00
|
|
|
|
|
|
|
|
if ($username != '' &&
|
2019-03-01 06:03:19 +01:00
|
|
|
$authorized_username == hash('sha256',$_SESSION['login']['password_reset_key']['text'].$username) &&
|
2019-03-01 01:32:27 +01:00
|
|
|
$password_new != '' &&
|
|
|
|
|
$password_repeat != '' &&
|
|
|
|
|
$password_new == $password_repeat
|
|
|
|
|
) {
|
|
|
|
|
|
|
|
|
|
if (!check_password_strength($password_new, $text)) {
|
|
|
|
|
$password_reset = true;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$salt = generate_password('20', '4');
|
|
|
|
|
$sql = "update v_users set ";
|
|
|
|
|
$sql .= "password = :password, ";
|
|
|
|
|
$sql .= "salt = :salt ";
|
2019-08-18 08:34:16 +02:00
|
|
|
$sql .= "where domain_uuid = :domain_uuid ";
|
2019-03-01 01:32:27 +01:00
|
|
|
$sql .= "and username = :username ";
|
2019-08-29 01:53:34 +02:00
|
|
|
$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
|
|
|
|
|
$parameters['password'] = md5($salt.$password_new);
|
|
|
|
|
$parameters['salt'] = $salt;
|
|
|
|
|
$parameters['username'] = $username;
|
|
|
|
|
$database = new database;
|
|
|
|
|
$database->execute($sql, $parameters);
|
|
|
|
|
unset($sql, $parameters);
|
2019-03-01 01:32:27 +01:00
|
|
|
|
|
|
|
|
message::add($text['message-password_reset'], 'positive', 2500);
|
2019-03-01 06:03:19 +01:00
|
|
|
unset($_SESSION['valid_username']);
|
2019-03-01 01:32:27 +01:00
|
|
|
$password_reset = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//not found
|
|
|
|
|
message::add($text['message-invalid_username_mismatch_passwords'], 'negative', 5000);
|
|
|
|
|
$password_reset = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-10 03:12:23 +01:00
|
|
|
//get the http values and set as variables
|
2019-08-18 08:34:16 +02:00
|
|
|
$msg = isset($_GET["msg"]) ? $_GET["msg"] : null;
|
2016-12-13 16:56:02 +01:00
|
|
|
|
|
|
|
|
//set variable if not set
|
|
|
|
|
if (!isset($_SESSION['login']['domain_name_visible']['boolean'])) { $_SESSION['login']['domain_name_visible']['boolean'] = null; }
|
2013-02-10 03:12:23 +01:00
|
|
|
|
|
|
|
|
//set a default login destination
|
|
|
|
|
if (strlen($_SESSION['login']['destination']['url']) == 0) {
|
|
|
|
|
$_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/user_settings/user_dashboard.php";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//add the header
|
2013-07-06 08:29:50 +02:00
|
|
|
include "resources/header.php";
|
2013-02-10 03:12:23 +01:00
|
|
|
|
|
|
|
|
//show the message
|
|
|
|
|
if (strlen($msg) > 0) {
|
|
|
|
|
echo "<br><br>";
|
|
|
|
|
echo "<div align='center'>\n";
|
|
|
|
|
echo "<table width='50%'>\n";
|
|
|
|
|
echo "<tr>\n";
|
|
|
|
|
echo "<th align='left'>Message</th>\n";
|
|
|
|
|
echo "</tr>\n";
|
|
|
|
|
echo "<tr>\n";
|
|
|
|
|
echo "<td class='row_style1'>\n";
|
|
|
|
|
switch ($msg) {
|
|
|
|
|
case "username required":
|
|
|
|
|
echo "<strong>Please provide a username.</strong>";
|
|
|
|
|
break;
|
|
|
|
|
case "incorrect account information":
|
|
|
|
|
echo "<strong>The username or password was incorrect. Please try again.</strong>";
|
|
|
|
|
break;
|
|
|
|
|
case "install complete":
|
|
|
|
|
echo "<br />\n";
|
|
|
|
|
echo "Installation is complete. <br />";
|
|
|
|
|
echo "<br /> ";
|
|
|
|
|
echo "<strong>Getting Started:</strong><br /> ";
|
|
|
|
|
echo "<ul><li>There are two levels of admins 1. superadmin 2. admin.<br />";
|
|
|
|
|
echo "<br />\n";
|
|
|
|
|
echo "username: <strong>superadmin</strong> <br />password: <strong>fusionpbx</strong> <br />\n";
|
|
|
|
|
echo "<br />\n";
|
|
|
|
|
echo "username: <strong>admin</strong> <br />password: <strong>fusionpbx</strong> <br/><br/>\n";
|
|
|
|
|
echo "</li>\n";
|
|
|
|
|
echo "<li>\n";
|
2013-07-11 01:41:12 +02:00
|
|
|
echo "The database connection settings have been saved to ".$_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/config.php.<br />\n";
|
2013-02-10 03:12:23 +01:00
|
|
|
echo "</li>\n";
|
|
|
|
|
echo "</ul>\n";
|
|
|
|
|
echo "<strong>\n";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
echo "</td>\n";
|
|
|
|
|
echo "</tr>\n";
|
|
|
|
|
echo "</table>\n";
|
|
|
|
|
echo "</div>\n";
|
|
|
|
|
echo "<br /><br />\n\n";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//show the content
|
2019-03-01 01:32:27 +01:00
|
|
|
echo "<script>";
|
|
|
|
|
echo " var speed = 350;";
|
|
|
|
|
echo " function toggle_password_reset(hide_id, show_id, focus_id) {";
|
|
|
|
|
echo " if (focus_id == undefined) { focus_id = ''; }";
|
|
|
|
|
echo " $('#'+hide_id).slideToggle(speed, function() {";
|
|
|
|
|
echo " $('#'+show_id).slideToggle(speed, function() {";
|
|
|
|
|
echo " if (focus_id != '') {";
|
2019-08-21 02:15:50 +02:00
|
|
|
echo " $('#'+focus_id).trigger('focus');";
|
2019-03-01 01:32:27 +01:00
|
|
|
echo " }";
|
|
|
|
|
echo " });";
|
|
|
|
|
echo " });";
|
|
|
|
|
echo " }";
|
|
|
|
|
echo "</script>";
|
|
|
|
|
|
|
|
|
|
echo "<br />\n";
|
|
|
|
|
|
|
|
|
|
if (!$password_reset) {
|
|
|
|
|
|
|
|
|
|
echo "<div id='login_form'>\n";
|
|
|
|
|
echo "<form name='login' method='post' action='".$_SESSION['login']['destination']['url']."'>\n";
|
|
|
|
|
echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder=\"".$text['label-username']."\"><br />\n";
|
|
|
|
|
echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder=\"".$text['label-password']."\"><br />\n";
|
|
|
|
|
if ($_SESSION['login']['domain_name_visible']['boolean'] == "true") {
|
|
|
|
|
if (count($_SESSION['login']['domain_name']) > 0) {
|
|
|
|
|
$click_change_color = ($_SESSION['theme']['login_input_text_color']['text'] != '') ? $_SESSION['theme']['login_input_text_color']['text'] : (($_SESSION['theme']['input_text_color']['text'] != '') ? $_SESSION['theme']['input_text_color']['text'] : '#000000');
|
|
|
|
|
$placeholder_color = ($_SESSION['theme']['login_input_text_placeholder_color']['text'] != '') ? 'color: '.$_SESSION['theme']['login_input_text_placeholder_color']['text'].';' : 'color: #999999;';
|
|
|
|
|
echo "<select name='domain_name' class='txt login' style='".$placeholder_color." width: 200px; text-align: center; text-align-last: center; margin-bottom: 8px;' onclick=\"this.style.color='".$click_change_color."';\" onchange=\"this.style.color='".$click_change_color."';\">\n";
|
|
|
|
|
echo " <option value='' disabled selected hidden>".$text['label-domain']."</option>\n";
|
|
|
|
|
sort($_SESSION['login']['domain_name']);
|
|
|
|
|
foreach ($_SESSION['login']['domain_name'] as &$row) {
|
|
|
|
|
echo " <option value='$row'>$row</option>\n";
|
|
|
|
|
}
|
|
|
|
|
echo "</select><br />\n";
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
echo "<input type='text' name='domain_name' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' placeholder=\"".$text['label-domain']."\"><br />\n";
|
2013-02-10 03:12:23 +01:00
|
|
|
}
|
|
|
|
|
}
|
2019-03-01 01:32:27 +01:00
|
|
|
echo "<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-login']."'>\n";
|
|
|
|
|
if (
|
2019-03-01 02:22:34 +01:00
|
|
|
function_exists('openssl_encrypt') &&
|
2019-03-01 01:32:27 +01:00
|
|
|
$_SESSION['login']['password_reset_key']['text'] != '' &&
|
|
|
|
|
$_SESSION['email']['smtp_host']['text'] != ''
|
|
|
|
|
) {
|
|
|
|
|
echo "<br><br><a class='login_link' onclick=\"toggle_password_reset('login_form','request_form','email');\">".$text['label-reset_password']."</a>";
|
2013-02-10 03:12:23 +01:00
|
|
|
}
|
2019-03-01 01:32:27 +01:00
|
|
|
echo "</form>";
|
2019-08-21 02:15:50 +02:00
|
|
|
echo "<script>$('#username').trigger('focus');</script>";
|
2019-03-01 01:32:27 +01:00
|
|
|
echo "</div>";
|
|
|
|
|
|
|
|
|
|
echo "<div id='request_form' style='display: none;'>\n";
|
|
|
|
|
echo "<form name='request' method='post' action=''>\n";
|
|
|
|
|
echo "<input type='hidden' name='action' value='request'>\n";
|
|
|
|
|
echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='email' id='email' placeholder=\"".$text['label-email_address']."\"><br />\n";
|
|
|
|
|
echo "<input type='submit' id='btn_reset' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-reset']."'>\n";
|
|
|
|
|
echo "<br><br><a class='login_link' onclick=\"toggle_password_reset('request_form','login_form','username');\">".$text['label-cancel']."</a>";
|
|
|
|
|
echo "</form>";
|
|
|
|
|
echo "</div>";
|
|
|
|
|
|
2014-12-06 18:53:29 +01:00
|
|
|
}
|
2019-03-01 01:32:27 +01:00
|
|
|
else {
|
|
|
|
|
|
|
|
|
|
echo "<script>\n";
|
|
|
|
|
echo " function compare_passwords() {\n";
|
|
|
|
|
echo " if (document.getElementById('password') === document.activeElement || document.getElementById('password_confirm') === document.activeElement) {\n";
|
|
|
|
|
echo " if ($('#password').val() != '' || $('#password_confirm').val() != '') {\n";
|
|
|
|
|
echo " if ($('#password').val() != $('#password_confirm').val()) {\n";
|
|
|
|
|
echo " $('#password').removeClass('formfld_highlight_good');\n";
|
|
|
|
|
echo " $('#password_confirm').removeClass('formfld_highlight_good');\n";
|
|
|
|
|
echo " $('#password').addClass('formfld_highlight_bad');\n";
|
|
|
|
|
echo " $('#password_confirm').addClass('formfld_highlight_bad');\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " else {\n";
|
|
|
|
|
echo " $('#password').removeClass('formfld_highlight_bad');\n";
|
|
|
|
|
echo " $('#password_confirm').removeClass('formfld_highlight_bad');\n";
|
|
|
|
|
echo " $('#password').addClass('formfld_highlight_good');\n";
|
|
|
|
|
echo " $('#password_confirm').addClass('formfld_highlight_good');\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " else {\n";
|
|
|
|
|
echo " $('#password').removeClass('formfld_highlight_bad');\n";
|
|
|
|
|
echo " $('#password_confirm').removeClass('formfld_highlight_bad');\n";
|
|
|
|
|
echo " $('#password').removeClass('formfld_highlight_good');\n";
|
|
|
|
|
echo " $('#password_confirm').removeClass('formfld_highlight_good');\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
|
2019-07-29 18:28:51 +02:00
|
|
|
$req['length'] = $_SESSION['users']['password_length']['numeric'];
|
|
|
|
|
$req['number'] = ($_SESSION['users']['password_number']['boolean'] == 'true') ? true : false;
|
|
|
|
|
$req['lowercase'] = ($_SESSION['users']['password_lowercase']['boolean'] == 'true') ? true : false;
|
|
|
|
|
$req['uppercase'] = ($_SESSION['users']['password_uppercase']['boolean'] == 'true') ? true : false;
|
|
|
|
|
$req['special'] = ($_SESSION['users']['password_special']['boolean'] == 'true') ? true : false;
|
2016-06-03 02:26:32 +02:00
|
|
|
|
2019-03-01 01:32:27 +01:00
|
|
|
echo " function check_password_strength(pwd) {\n";
|
|
|
|
|
echo " if ($('#password').val() != '' || $('#password_confirm').val() != '') {\n";
|
|
|
|
|
echo " var msg_errors = [];\n";
|
|
|
|
|
if (is_numeric($req['length']) && $req['length'] != 0) {
|
|
|
|
|
echo " var re = /.{".$req['length'].",}/;\n"; //length
|
|
|
|
|
echo " if (!re.test(pwd)) { msg_errors.push('".$req['length']."+ ".$text['label-characters']."'); }\n";
|
|
|
|
|
}
|
|
|
|
|
if ($req['number']) {
|
|
|
|
|
echo " var re = /(?=.*[\d])/;\n"; //number
|
|
|
|
|
echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-numbers']."'); }\n";
|
|
|
|
|
}
|
|
|
|
|
if ($req['lowercase']) {
|
|
|
|
|
echo " var re = /(?=.*[a-z])/;\n"; //lowercase
|
|
|
|
|
echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-lowercase_letters']."'); }\n";
|
|
|
|
|
}
|
|
|
|
|
if ($req['uppercase']) {
|
|
|
|
|
echo " var re = /(?=.*[A-Z])/;\n"; //uppercase
|
|
|
|
|
echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-uppercase_letters']."'); }\n";
|
|
|
|
|
}
|
|
|
|
|
if ($req['special']) {
|
|
|
|
|
echo " var re = /(?=.*[\W])/;\n"; //special
|
|
|
|
|
echo " if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-special_characters']."'); }\n";
|
|
|
|
|
}
|
|
|
|
|
echo " if (msg_errors.length > 0) {\n";
|
|
|
|
|
echo " var msg = '".$text['message-password_requirements'].": ' + msg_errors.join(', ');\n";
|
|
|
|
|
echo " display_message(msg, 'negative', '6000');\n";
|
|
|
|
|
echo " return false;\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " else {\n";
|
|
|
|
|
echo " return true;\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " else {\n";
|
|
|
|
|
echo " return true;\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
|
|
|
|
|
echo " function show_strenth_meter() {\n";
|
|
|
|
|
echo " $('#pwstrength_progress').slideDown();\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo "</script>\n";
|
|
|
|
|
|
|
|
|
|
echo "<span id='reset_form'>\n";
|
|
|
|
|
echo "<form name='reset' id='frm' method='post' action=''>\n";
|
|
|
|
|
echo "<input type='hidden' name='action' value='reset'>\n";
|
2019-03-01 06:03:19 +01:00
|
|
|
echo "<input type='hidden' name='au' value='".hash('sha256',$_SESSION['login']['password_reset_key']['text'].$_SESSION['valid_username'])."'>\n";
|
2019-03-01 01:32:27 +01:00
|
|
|
echo "<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder=\"".$text['label-username']."\"><br />\n";
|
|
|
|
|
echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 4px;' name='password_new' id='password' autocomplete='off' placeholder=\"".$text['label-new_password']."\" onkeypress='show_strenth_meter();' onfocus='compare_passwords();' onkeyup='compare_passwords();' onblur='compare_passwords();'><br />\n";
|
|
|
|
|
echo "<div id='pwstrength_progress' class='pwstrength_progress pwstrength_progress_password_reset'></div>";
|
|
|
|
|
echo "<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-top: 4px; margin-bottom: 8px;' name='password_repeat' id='password_confirm' autocomplete='off' placeholder=\"".$text['label-repeat_password']."\" onfocus='compare_passwords();' onkeyup='compare_passwords();' onblur='compare_passwords();'><br />\n";
|
|
|
|
|
echo "<input type='button' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-save']."' onclick=\"if (check_password_strength(document.getElementById('password').value)) { submit_form(); }\">\n";
|
|
|
|
|
echo "<br><br><a class='login_link' onclick=\"document.location.href='login.php';\">".$text['label-cancel']."</a>";
|
|
|
|
|
echo "</form>";
|
|
|
|
|
|
|
|
|
|
echo "<script>\n";
|
2019-08-21 02:15:50 +02:00
|
|
|
echo " $('#username').trigger('focus');\n";
|
2019-03-01 01:32:27 +01:00
|
|
|
// convert password fields to text
|
|
|
|
|
echo " function submit_form() {\n";
|
|
|
|
|
echo " $('input:password').css('visibility','hidden');\n";
|
|
|
|
|
echo " $('input:password').attr({type:'text'});\n";
|
|
|
|
|
echo " $('form#frm').submit();\n";
|
|
|
|
|
echo " }\n";
|
|
|
|
|
echo "</script>\n";
|
|
|
|
|
echo "</span>";
|
|
|
|
|
|
|
|
|
|
}
|
2013-02-10 03:12:23 +01:00
|
|
|
|
|
|
|
|
//add the footer
|
2014-07-27 02:13:52 +02:00
|
|
|
$default_login = true;
|
2013-07-06 08:29:50 +02:00
|
|
|
include "resources/footer.php";
|
2013-02-10 03:12:23 +01:00
|
|
|
|
2019-08-29 01:53:34 +02:00
|
|
|
?>
|
