forgotten.php 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. <?php
  2. include_once ('tools/util.php');
  3. include_once ('tools/mail.php');
  4. include_once ('tools/htpasswd.php');
  5. include_once ('includes/head.php');
  6. include_once ('includes/nav.php');
  7. $htpasswd = new htpasswd ( $ini ['secure_path'], true );
  8. $protocol = strpos ( strtolower ( $_SERVER ['SERVER_PROTOCOL'] ), 'https' ) === FALSE ? 'http' : 'https';
  9. $host = $_SERVER ['HTTP_HOST'];
  10. $script = $_SERVER ['SCRIPT_NAME'];
  11. $params = $_SERVER ['QUERY_STRING'];
  12. $mailUrl = $protocol . '://' . $host . $script;
  13. $show_standardform = true;
  14. ?>
  15. <div class="container box">
  16. <div class="row">
  17. <div class="col-xs-12">
  18. <?php
  19. if (isset ( $_POST ['email'] )) {
  20. $email = $_POST ['email'];
  21. $user = $htpasswd->meta_find_user_for_mail ( $email );
  22. if (! isset ( $user )) {
  23. $alert_class = "alert-danger";
  24. $alert_message = "Email not found: " . htmlspecialchars ( $email );
  25. include_once ('includes/inline_message.php');
  26. } else {
  27. $meta_model = $htpasswd->get_metadata () [$user];
  28. $link = $mailUrl . '?' . 'user=' . urldecode ( $user ) . '&' . 'key=' . urlencode ( $meta_model->mailkey );
  29. send_forgotten_mail ( $email, $user, $link );
  30. $alert_class = "alert-info";
  31. $alert_message = "Email successfully sent. Please check your inbox. " . htmlspecialchars ( $email );
  32. include_once ('includes/inline_message.php');
  33. }
  34. }
  35. if (isset ( $_GET ['user'] ) && isset ( $_GET ['key'] )) {
  36. $user = $_GET ['user'];
  37. $key = $_GET ['key'];
  38. $meta_model = $htpasswd->get_metadata () [$user];
  39. if (isset ( $meta_model ) && $meta_model->mailkey === $key) {
  40. $show_standardform = false;
  41. ?>
  42. <div class=row>
  43. <div class="col-xs-12 col-md-4">
  44. <h3>Reset Password:</h3>
  45. <form class="navbar-form navbar-left" action="forgotten.php"
  46. method="post">
  47. <div class="form-group">
  48. <p>
  49. <input type="password" class="userfield form-control"
  50. placeholder="Password" name="pwd">
  51. </p>
  52. <input type="hidden" class="userfield form-control"
  53. placeholder="Password" name="user"
  54. value='<?php echo htmlspecialchars($user);?>'> <input
  55. type="hidden" class="userfield form-control"
  56. placeholder="Password" name="key"
  57. value='<?php echo htmlspecialchars($key);?>'>
  58. <button type="submit" class="btn btn-default">Submit</button>
  59. </div>
  60. </form>
  61. </div>
  62. </div>
  63. <?php
  64. } else {
  65. $alert_class = "alert-danger";
  66. $alert_message = "Security problem detected, can not display password change form.";
  67. include_once ('includes/inline_message.php');
  68. }
  69. }
  70. if (isset ( $_POST ['user'] ) && isset ( $_POST ['key'] ) && isset ( $_POST ['pwd'] )) {
  71. $user = $_POST ['user'];
  72. $key = $_POST ['key'];
  73. $pwd = $_POST ['pwd'];
  74. $meta_model = $htpasswd->get_metadata () [$user];
  75. if (isset ( $meta_model ) && $meta_model->mailkey === $key) {
  76. $htpasswd->user_update ( $user, $pwd );
  77. $meta_model->mailkey = random_password ( 8 );
  78. $htpasswd->meta_update ( $meta_model );
  79. $alert_class = "alert-info";
  80. $alert_message = "Password changed.";
  81. include_once ('includes/inline_message.php');
  82. } else {
  83. $alert_class = "alert-danger";
  84. $alert_message = "Could not reset password.";
  85. include_once ('includes/inline_message.php');
  86. }
  87. }
  88. if ($show_standardform) {
  89. ?>
  90. <div class=row>
  91. <div class="col-xs-12 col-md-4">
  92. <h3>Password forgotten?</h3>
  93. <form class="navbar-form navbar-left" action="forgotten.php"
  94. method="post">
  95. <div class="form-group">
  96. <p>
  97. <input type="text" class="userfield form-control"
  98. placeholder="Email" name="email">
  99. </p>
  100. <button type="submit" class="btn btn-default">Submit</button>
  101. </div>
  102. </form>
  103. </div>
  104. </div>
  105. </div>
  106. </div>
  107. </div>
  108. <?php
  109. }
  110. ?>