forgotten.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
  1. <?php
  2. include_once ('tools/util.php');
  3. include_once ('tools/mail.php');
  4. include_once ('tools/htpasswd.php');
  5. include_once ('includes/head.php');
  6. include_once ('includes/nav.php');
  7. $htpasswd = new htpasswd ( $ini ['secure_path'], true );
  8. $protocol = strpos ( strtolower ( $_SERVER ['SERVER_PROTOCOL'] ), 'https' ) === FALSE ? 'http' : 'https';
  9. $host = $_SERVER ['HTTP_HOST'];
  10. $script = $_SERVER ['SCRIPT_NAME'];
  11. $params = $_SERVER ['QUERY_STRING'];
  12. $mailUrl = $protocol . '://' . $host . $script;
  13. $show_standardform = true;
  14. ?>
  15. <div class="container box">
  16. <div class="row">
  17. <div class="col-xs-12">
  18. <?php
  19. if (isset ( $_POST ['email'] )) {
  20. $email = $_POST ['email'];
  21. $user = $htpasswd->meta_find_user_for_mail ( $email );
  22. if (! isset ( $user )) {
  23. $alert_class = "alert-danger";
  24. $alert_message = "Email not found: " . htmlspecialchars ( $email );
  25. include_once ('includes/inline_message.php');
  26. } else {
  27. $meta_models = $htpasswd->get_metadata ();
  28. $meta_model = $meta_models [$user];
  29. $link = $mailUrl . '?' . 'user=' . urldecode ( $user ) . '&' . 'key=' . urlencode ( $meta_model->mailkey );
  30. send_forgotten_mail ( $email, $user, $link );
  31. $alert_class = "alert-info";
  32. $alert_message = "Email successfully sent. Please check your inbox. " . htmlspecialchars ( $email );
  33. include_once ('includes/inline_message.php');
  34. }
  35. }
  36. if (isset ( $_GET ['user'] ) && isset ( $_GET ['key'] )) {
  37. $user = $_GET ['user'];
  38. $key = $_GET ['key'];
  39. $meta_models = $htpasswd->get_metadata ();
  40. $meta_model = $meta_models [$user];
  41. if (isset ( $meta_model ) && $meta_model->mailkey === $key) {
  42. $show_standardform = false;
  43. ?>
  44. <div class=row>
  45. <div class="col-xs-12 col-md-4">
  46. <h3>Reset Password:</h3>
  47. <form class="navbar-form navbar-left" action="forgotten.php"
  48. method="post">
  49. <div class="form-group">
  50. <p>
  51. <input type="password" class="userfield form-control"
  52. placeholder="Password" name="pwd">
  53. </p>
  54. <input type="hidden" class="userfield form-control"
  55. placeholder="Password" name="user"
  56. value='<?php echo htmlspecialchars($user);?>'> <input
  57. type="hidden" class="userfield form-control"
  58. placeholder="Password" name="key"
  59. value='<?php echo htmlspecialchars($key);?>'>
  60. <button type="submit" class="btn btn-default">Submit</button>
  61. </div>
  62. </form>
  63. </div>
  64. </div>
  65. <?php
  66. } else {
  67. $alert_class = "alert-danger";
  68. $alert_message = "Security problem detected, can not display password change form.";
  69. include_once ('includes/inline_message.php');
  70. }
  71. }
  72. if (isset ( $_POST ['user'] ) && isset ( $_POST ['key'] ) && isset ( $_POST ['pwd'] )) {
  73. $user = $_POST ['user'];
  74. $key = $_POST ['key'];
  75. $pwd = $_POST ['pwd'];
  76. $meta_models = $htpasswd->get_metadata ();
  77. $meta_model = $meta_models[$user];
  78. if (isset ( $meta_model ) && $meta_model->mailkey === $key) {
  79. $htpasswd->user_update ( $user, $pwd );
  80. $meta_model->mailkey = random_password ( 8 );
  81. $htpasswd->meta_update ( $meta_model );
  82. $alert_class = "alert-info";
  83. $alert_message = "Password changed.";
  84. include_once ('includes/inline_message.php');
  85. } else {
  86. $alert_class = "alert-danger";
  87. $alert_message = "Could not reset password.";
  88. include_once ('includes/inline_message.php');
  89. }
  90. }
  91. if ($show_standardform) {
  92. ?>
  93. <div class=row>
  94. <div class="col-xs-12 col-md-4">
  95. <h3>Password forgotten?</h3>
  96. <form class="navbar-form navbar-left" action="forgotten.php"
  97. method="post">
  98. <div class="form-group">
  99. <p>
  100. <input type="text" class="userfield form-control"
  101. placeholder="Email" name="email">
  102. </p>
  103. <button type="submit" class="btn btn-default">Submit</button>
  104. </div>
  105. </form>
  106. </div>
  107. </div>
  108. </div>
  109. </div>
  110. </div>
  111. <?php
  112. }
  113. ?>