Portions created by the Initial Developer are Copyright (C) 2008-2016 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ //add multi-lingual support $language = new text; $text = $language->get(null,'core/user_settings'); //get action, if any if (isset($_REQUEST['action'])) { $action = check_str($_REQUEST['action']); } //retrieve parse reset key if ($action == 'define') { $key = $_GET['key']; $key_part = explode('|', decrypt($_SESSION['login']['password_reset_key']['text'], $key)); $username = $key_part[0]; $domain_uuid = $key_part[1]; $password_submitted = $key_part[2]; //get current salt, see if same as submitted salt $sql = "select password from v_users where domain_uuid = :domain_uuid and username = :username "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->bindParam(':domain_uuid', $domain_uuid); $prep_statement->bindParam(':username', $username); $prep_statement->execute(); $result = $prep_statement->fetch(PDO::FETCH_NAMED); $password_current = $result['password']; unset($prep_statement, $result); //set flag if ($username != '' && $domain_uuid == $_SESSION['domain_uuid'] && $password_submitted == $password_current) { $password_reset = true; if (!isset($_SESSION['valid_username']) || $_SESSION['valid_username'] == '') { $_SESSION['valid_username'] = $username; } } else { header("Location: /login.php"); exit; } } //send password reset link if ($action == 'request') { if (valid_email($_REQUEST['email'])) { $email = check_str($_REQUEST['email']); //see if email exists $sql = "select "; $sql .= "u.username, "; $sql .= "u.password "; $sql .= "from "; $sql .= "v_users as u, "; $sql .= "v_contact_emails as e "; $sql .= "where "; $sql .= "e.domain_uuid = u.domain_uuid "; $sql .= "and e.contact_uuid = u.contact_uuid "; $sql .= "and e.email_address = :email "; $sql .= "and e.domain_uuid = '".$_SESSION['domain_uuid']."' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->bindParam(':email', $email); $prep_statement->execute(); $result = $prep_statement->fetch(PDO::FETCH_NAMED); unset($prep_statement); if ($result['username'] != '') { //generate reset link $key = encrypt($_SESSION['login']['password_reset_key']['text'], $result['username'].'|'.$_SESSION['domain_uuid'].'|'.$result['password']); $reset_link = "https://".$_SESSION['domain_name'].PROJECT_PATH."/login.php?action=define&key=".urlencode($key); $eml_body = "".$reset_link.""; //send reset link if (send_email($email, $text['label-reset_link'], $eml_body)) { //email sent message::add($text['message-reset_link_sent'], 'positive', 2500); } else { //email failed message::add($eml_error, 'negative', 5000); } } else { //not found message::add($text['message-invalid_email'], 'negative', 5000); } } else { //not found message::add($text['message-invalid_email'], 'negative', 5000); } } //reset password if ($action == 'reset') { $authorized_username = check_str($_REQUEST['au']); $username = check_str($_REQUEST['username']); $password_new = check_str($_REQUEST['password_new']); $password_repeat = check_str($_REQUEST['password_repeat']); if ($username != '' && $authorized_username == hash('sha256',$_SESSION['login']['password_reset_key']['text'].$username) && $password_new != '' && $password_repeat != '' && $password_new == $password_repeat ) { if (!check_password_strength($password_new, $text)) { $password_reset = true; } else { $salt = generate_password('20', '4'); $sql = "update v_users set "; $sql .= "password = :password, "; $sql .= "salt = :salt "; $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; $sql .= "and username = :username "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->bindParam(':password', md5($salt.$password_new)); $prep_statement->bindParam(':salt', $salt); $prep_statement->bindParam(':username', $username); $prep_statement->execute(); unset($prep_statement); message::add($text['message-password_reset'], 'positive', 2500); unset($_SESSION['valid_username']); $password_reset = false; } } else { //not found message::add($text['message-invalid_username_mismatch_passwords'], 'negative', 5000); $password_reset = true; } } //get the http values and set as variables $msg = isset($_GET["msg"]) ? check_str($_GET["msg"]) : null; //set variable if not set if (!isset($_SESSION['login']['domain_name_visible']['boolean'])) { $_SESSION['login']['domain_name_visible']['boolean'] = null; } //set a default login destination if (strlen($_SESSION['login']['destination']['url']) == 0) { $_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/user_settings/user_dashboard.php"; } //add the header include "resources/header.php"; //show the message if (strlen($msg) > 0) { echo "

"; echo "

\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "

Message
\n"; switch ($msg) { case "username required": echo "Please provide a username."; break; case "incorrect account information": echo "The username or password was incorrect. Please try again."; break; case "install complete": echo " \n"; echo "Installation is complete. "; echo " "; echo "Getting Started: "; echo " There are two levels of admins 1. superadmin 2. admin. "; echo " \n"; echo "username: superadmin password: fusionpbx \n"; echo " \n"; echo "username: admin password: fusionpbx \n"; echo " \n"; echo " \n"; echo "The database connection settings have been saved to ".$_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/config.php. \n"; echo " \n"; echo " \n"; echo "\n"; break; } echo "

Message

\n"; switch ($msg) { case "username required": echo "Please provide a username."; break; case "incorrect account information": echo "The username or password was incorrect. Please try again."; break; case "install complete": echo "
\n"; echo "Installation is complete.
"; echo "
"; echo "Getting Started:
"; echo "

There are two levels of admins 1. superadmin 2. admin.
"; echo "
\n"; echo "username: superadmin
password: fusionpbx
\n"; echo "
\n"; echo "username: admin
password: fusionpbx

\n"; echo "
\n"; echo "The database connection settings have been saved to ".$_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/config.php.
\n"; echo "

\n"; echo "\n"; break; } echo "

\n"; echo "

\n"; echo "

\n\n"; } //show the content echo ""; echo "
\n"; if (!$password_reset) { echo "

\n"; echo "

\n"; echo "
\n"; echo "
\n"; if ($_SESSION['login']['domain_name_visible']['boolean'] == "true") { if (count($_SESSION['login']['domain_name']) > 0) { $click_change_color = ($_SESSION['theme']['login_input_text_color']['text'] != '') ? $_SESSION['theme']['login_input_text_color']['text'] : (($_SESSION['theme']['input_text_color']['text'] != '') ? $_SESSION['theme']['input_text_color']['text'] : '#000000'); $placeholder_color = ($_SESSION['theme']['login_input_text_placeholder_color']['text'] != '') ? 'color: '.$_SESSION['theme']['login_input_text_placeholder_color']['text'].';' : 'color: #999999;'; echo "
\n"; } else { echo "
\n"; } } echo "\n"; if ( function_exists('openssl_encrypt') && $_SESSION['login']['password_reset_key']['text'] != '' && $_SESSION['email']['smtp_host']['text'] != '' ) { echo "

".$text['label-reset_password'].""; } echo "

"; echo ""; echo "

"; echo ""; } else { echo "\n"; echo "\n"; echo ""; echo "\n"; echo ""; } //add the footer $default_login = true; include "resources/footer.php"; ?>