Fix the forget password feature

core/authentication/app_languages.php

@@ -162,4 +162,31 @@ $text['description-totp']['zh-cn'] = "载有认证申请或密码管理员的编
 $text['description-totp']['ja-jp'] = "認証アプリケーションまたはパスワードマネージャでコードをスキャンします。 ログイン時にトークンを生成します。";
 $text['description-totp']['ko-kr'] = "인증 신청서 또는 비밀번호 관리자로 코드를 스캔합니다. 그런 다음 로그인 토큰을 생성합니다.";
 
+$text['button-forgot_password']['en-us'] = "Forgot Password?";
+$text['button-forgot_password']['en-gb'] = "Forgot Password?";
+$text['button-forgot_password']['ar-eg'] = "هل نسيت كلمة المرور؟";
+$text['button-forgot_password']['de-at'] = "Passwort vergessen?";
+$text['button-forgot_password']['de-ch'] = "Passwort vergessen?";
+$text['button-forgot_password']['de-de'] = "Passwort vergessen?";
+$text['button-forgot_password']['el-gr'] = "Ξεχάσατε τον κωδικό σας;";
+$text['button-forgot_password']['es-cl'] = "¿Olvidó su contraseña?";
+$text['button-forgot_password']['es-mx'] = "¿Olvidó su contraseña?";
+$text['button-forgot_password']['fr-ca'] = "Mot de passe oublié ?";
+$text['button-forgot_password']['fr-fr'] = "Mot de passe oublié ?";
+$text['button-forgot_password']['he-il'] = "שכחת את הסיסמה שלך؟";
+$text['button-forgot_password']['it-it'] = "Password dimenticata?";
+$text['button-forgot_password']['ka-ge'] = "დაგიფარგებათ პაროლი?";
+$text['button-forgot_password']['nl-nl'] = "Wachtwoord vergeten?";
+$text['button-forgot_password']['pl-pl'] = "Zapomniałeś hasła?";
+$text['button-forgot_password']['pt-br'] = "Esqueceu a senha?";
+$text['button-forgot_password']['pt-pt'] = "Esqueceu a password?";
+$text['button-forgot_password']['ro-ro'] = "Ați uitat parola?";
+$text['button-forgot_password']['ru-ru'] = "Забыли пароль?";
+$text['button-forgot_password']['sv-se'] = "Glömt lösenordet?";
+$text['button-forgot_password']['uk-ua'] = "Забули пароль?";
+$text['button-forgot_password']['tr-tr'] = "Parolanızı mı unuttunuz?";
+$text['button-forgot_password']['zh-cn'] = "忘记密码？";
+$text['button-forgot_password']['ja-jp'] = "パスワードを忘れた？";
+$text['button-forgot_password']['ko-kr'] = "비밀번호를 잊으셨나요?";
+
 ?>

core/authentication/resources/classes/plugins/database.php

@@ -67,6 +67,12 @@ class plugin_database {
 			$login_destination = $settings->get('login', 'destination');
 			$users_unique = $settings->get('users', 'unique', '');
 
+		//determine whether to show the forgot password for resetting the password
+			$login_password_reset_enabled = false;
+			if (!empty($settings->get('login', 'password_reset_key'))) {
+				$login_password_reset_enabled = true;
+			}
+
 		//check if already authorized
 			if (isset($_SESSION['authentication']['plugin']['database']) && $_SESSION['authentication']['plugin']['database']["authorized"]) {
 				return;
@@ -106,16 +112,18 @@ class plugin_database {
 					$view->assign("login_destination_url", $login_destination);
 					$view->assign("login_domain_name_visible", $login_domain_name_visible);
 					$view->assign("login_domain_names", $login_domain_name);
+					$view->assign("login_password_reset_enabled", $login_password_reset_enabled);
 					$view->assign("favicon", $theme_favicon);
 					$view->assign("login_logo_width", $theme_login_logo_width);
 					$view->assign("login_logo_height", $theme_login_logo_height);
 					$view->assign("login_logo_source", $theme_logo);
 					$view->assign("message_delay", $theme_message_delay);
 					$view->assign("background_video", $theme_background_video);
+					$view->assign("login_password_description", $text['label-password_description']);
+					$view->assign("button_cancel", $text['button-cancel']);
+					$view->assign("button_forgot_password", $text['button-forgot_password']);
 					if (!empty($_SESSION['username'])) {
-						$view->assign("login_password_description", $text['label-password_description']);
 						$view->assign("username", $_SESSION['username']);
-						$view->assign("button_cancel", $text['button-cancel']);
 					}
 
 				//messages

core/authentication/resources/views/login.htm

@@ -79,7 +79,7 @@
 							<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='username' id='username' placeholder="{$label_username}" /><br />
 						{/if}
 						<input type='password' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='password' placeholder="{$label_password}" /><br />
-						{if !empty($login_domain_name_visible) && $login_domain_name_visible == 'true'}
+						{if !empty($login_domain_name_visible) && $login_domain_name_visible}
 							{if empty($login_domain_names)}
 								<input type='text' class='txt login' style='text-align: center; min-width: 200px; width: 200px; margin-bottom: 8px;' name='domain_name' id='domain_name' placeholder="{$label_domain}" /><br />
 							{else}
@@ -93,10 +93,16 @@
 					</div>
 					<div>
 						<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='{$button_login}' />
+						<!--
 						{if !empty($username)}
 							<br /><br />
 							<a class='login_link' href='{$project_path}/logout.php'>{$button_cancel}</a>
 						{/if}
+						-->
+						<br />
+						{if !empty($login_password_reset_enabled) && $login_password_reset_enabled}
+						<a class='login_link' class='btn' href='{$project_path}/resources/login.php?action=request'>{$button_forgot_password}</a>
+						{/if}
 					</div>
 				</form>
 			</div>
@@ -104,4 +110,3 @@
 		<script>document.getElementsByName('username')[0].focus();</script>
 	</body>
 </html>
-

login.php

@@ -23,10 +23,11 @@
 	Contributor(s):
 	Mark J. Crane <markjcrane@fusionpbx.com>
 */
+
 //includes files
 	require_once __DIR__ . "/resources/require.php";
 
 //additional includes
 	require_once "resources/check_auth.php";
 
-?>
+?>

resources/functions.php

@@ -1045,19 +1045,23 @@
 
 //check password strength against requirements (if any)
 	function check_password_strength($password, $text, $type = 'default') {
+
+		//initialize the settigns object
+		$settings = new settings(['database' => $database, 'domain_uuid' => $_SESSION['domain_uuid']]);
+
 		if (!empty($password)) {
 			if ($type == 'default') {
-				$req['length'] = $_SESSION['extension']['password_length']['numeric'];
-				$req['number'] = ($_SESSION['extension']['password_number']['boolean'] == 'true') ? true : false;
-				$req['lowercase'] = ($_SESSION['extension']['password_lowercase']['boolean'] == 'true') ? true : false;
-				$req['uppercase'] = ($_SESSION['extension']['password_uppercase']['boolean'] == 'true') ? true : false;
-				$req['special'] = ($_SESSION['extension']['password_special']['boolean'] == 'true') ? true : false;
+				$req['length'] = $settings->get('extension', 'password_length', '10');
+				$req['number'] = $settings->get('extension', 'password_number', true);
+				$req['lowercase'] = $settings->get('extension', 'password_lowercase', true);
+				$req['uppercase'] = $settings->get('extension', 'password_uppercase', false);
+				$req['special'] = $settings->get('extension', 'password_special', false);
 			} elseif ($type == 'user') {
-				$req['length'] = $_SESSION['user']['password_length']['numeric'];
-				$req['number'] = ($_SESSION['user']['password_number']['boolean'] == 'true') ? true : false;
-				$req['lowercase'] = ($_SESSION['user']['password_lowercase']['boolean'] == 'true') ? true : false;
-				$req['uppercase'] = ($_SESSION['user']['password_uppercase']['boolean'] == 'true') ? true : false;
-				$req['special'] = ($_SESSION['user']['password_special']['boolean'] == 'true') ? true : false;
+				$req['length'] = $settings->get('users', 'password_length', '10');
+				$req['number'] = $settings->get('users', 'password_number', true);
+				$req['lowercase'] = $settings->get('users', 'password_lowercase', true);
+				$req['uppercase'] = $settings->get('users', 'password_uppercase', false);
+				$req['special'] = $settings->get('users', 'password_special', false);
 			}
 			if (is_numeric($req['length']) && $req['length'] != 0 && !preg_match_all('$\S*(?=\S{' . $req['length'] . ',})\S*$', $password)) { // length
 				$msg_errors[] = $req['length'] . '+ ' . $text['label-characters'];