From f68122272dcca8694ccac70578b0fc35d3d70e06 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 23 Mar 2009 20:31:48 +0000
Subject: [PATCH] Changed default encryption method for ispconfig controlpanel
users from md5 to crypt-md5.
---
interface/web/admin/form/users.tform.php | 1 +
interface/web/client/form/client.tform.php | 2 +-
interface/web/login/index.php | 27 +-
interface/web/login/lib/lang/en.lng | 31 +-
interface/web/login/lib/lang/es.lng | 26 +-
interface/web/login/lib/lang/fr.lng | 26 +-
interface/web/login/lib/lang/it.lng | 26 +-
interface/web/login/lib/lang/nl.lng | 26 +-
interface/web/login/lib/lang/se.lng | 26 +-
interface/web/login/password_reset.php | 164 +++++-----
.../web/tools/form/user_settings.tform.php | 285 +++++++++---------
11 files changed, 342 insertions(+), 298 deletions(-)
diff --git a/interface/web/admin/form/users.tform.php b/interface/web/admin/form/users.tform.php
index 2466b23d0f..1edbb0cc43 100644
--- a/interface/web/admin/form/users.tform.php
+++ b/interface/web/admin/form/users.tform.php
@@ -158,6 +158,7 @@ $form['tabs']['users'] = array (
'passwort' => array (
'datatype' => 'VARCHAR',
'formtype' => 'PASSWORD',
+ 'encryption'=> 'CRYPT',
'regex' => '',
'errmsg' => '',
'default' => '',
diff --git a/interface/web/client/form/client.tform.php b/interface/web/client/form/client.tform.php
index 7497fdaed4..288e8939a1 100644
--- a/interface/web/client/form/client.tform.php
+++ b/interface/web/client/form/client.tform.php
@@ -119,7 +119,7 @@ $form["tabs"]['address'] = array (
'password' => array (
'datatype' => 'VARCHAR',
'formtype' => 'PASSWORD',
- 'encryption'=> 'MD5',
+ 'encryption'=> 'CRYPT',
'default' => '',
'value' => '',
'separator' => '',
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 36a3c3a1fc..77fdf493ed 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -58,8 +58,8 @@ class login_index {
if(count($_POST) > 0) {
//** Check variables
- if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = 'Username contains unallowed characters or is longer then 64 characters.';
- if(!preg_match("/^.{1,64}$/i", $_POST['passwort'])) $error = 'The password length is > 64 characters.';
+ if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
+ if(!preg_match("/^.{1,64}$/i", $_POST['passwort'])) $error = $app->lng('pw_error_length');
//** iporting variables
$ip = $app->db->quote(ip2long($_SERVER['REMOTE_ADDR']));
@@ -105,10 +105,29 @@ class login_index {
} else {
if ($loginAs){
$sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
+ $user = $app->db->queryOneRecord($sql);
} else {
- $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and ( PASSWORT = '".md5($passwort)."' or PASSWORT = password('$passwort') )";
+ $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";
+ $user = $app->db->queryOneRecord($sql);
+ if($user && $user['active'] == 1) {
+ $saved_password = stripslashes($user['passwort']);
+ if(substr($saved_password,0,3) == '$1$') {
+ //* The password is crypt-md5 encrypted
+ $salt = '$1$'.substr($saved_password,3,8).'$';
+ if(crypt($passwort,$salt) != $saved_password) {
+ $user = false;
+ }
+ } else {
+ //* The password is md5 encrypted
+ if(md5($passwort) != $saved_password) {
+ $user = false;
+ }
+ }
+ } else {
+ $user = false;
+ }
}
- $user = $app->db->queryOneRecord($sql);
+
if($user) {
if($user['active'] == 1) {
// User login right, so attempts can be deleted
diff --git a/interface/web/login/lib/lang/en.lng b/interface/web/login/lib/lang/en.lng
index 0bfe02a26e..9f93331b8c 100644
--- a/interface/web/login/lib/lang/en.lng
+++ b/interface/web/login/lib/lang/en.lng
@@ -1,15 +1,18 @@
-<?php
-
-$wb[1001] = "Username or Password empty.";
-$wb[1002] = "Username or Password wrong.";
-$wb[1003] = "User is blocked.";
-$wb[1004] = "To many wrong login's, Please retry it after 15 minutes";
-$wb['pass_reset_txt'] = 'A new password will be generated and send to your email address if the email address entered below matches the email address in your client settings.';
-$wb['pw_reset'] = 'The password has been reset and send to your email address.';
-$wb['pw_error'] = 'Username or email address does not match.';
-$wb['pw_error_noinput'] = 'Please enter email address and username.';
-
-$wb['pw_reset_mail_msg'] = 'The password to your ISPConfig 3 control panel account has been reset. The new password is: ';
-$wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset.';
-
+<?php
+
+$wb[1001] = "Username or Password empty.";
+$wb[1002] = "Username or Password wrong.";
+$wb[1003] = "User is blocked.";
+$wb[1004] = "To many wrong login's, Please retry it after 15 minutes";
+$wb['pass_reset_txt'] = 'A new password will be generated and send to your email address if the email address entered below matches the email address in your client settings.';
+$wb['pw_reset'] = 'The password has been reset and send to your email address.';
+$wb['pw_error'] = 'Username or email address does not match.';
+$wb['pw_error_noinput'] = 'Please enter email address and username.';
+
+$wb['pw_reset_mail_msg'] = 'The password to your ISPConfig 3 control panel account has been reset. The new password is: ';
+$wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset.';
+
+$wb['user_regex_error'] = 'Username contains unallowed characters or is longer then 64 characters.';
+$wb['pw_error_length'] = 'The password length is > 64 characters.';
+
?>
\ No newline at end of file
diff --git a/interface/web/login/lib/lang/es.lng b/interface/web/login/lib/lang/es.lng
index 19c2233314..f51ac8a19f 100644
--- a/interface/web/login/lib/lang/es.lng
+++ b/interface/web/login/lib/lang/es.lng
@@ -1,12 +1,14 @@
-<?php
-$wb['1001'] = 'Usuario o contraseña vacÃos.';
-$wb['1002'] = 'Usuario o contraseña incorrectos.';
-$wb['1003'] = 'El usuario está bloqueado';
-$wb['1004'] = 'Demasiados intentos erroneos, por favor, inténtelo dentro de 15 minutos.';
-$wb['pass_reset_txt'] = 'Se generará una nueva contraseña que se le enviará a la cuenta de correo que tiene configurada.';
-$wb['pw_reset'] = 'La contraseña ha sido reseteada y enviada a su cuenta de correo.';
-$wb['pw_error'] = 'El usuario o la cuenta de correo no coinciden.';
-$wb['pw_error_noinput'] = 'Por favor, introduzca la dirección de correo y el nombre de usuario.';
-$wb['pw_reset_mail_msg'] = 'La contraseña de su cuenta de panel de control ISPConfig 3 ha sido reseteada. La nueva contraseña es: ';
-$wb['pw_reset_mail_title'] = 'La contraseña del panel de control ISPConfig 3 ha sido reseteada.';
-?>
+<?php
+$wb['1001'] = 'Usuario o contraseña vacÃos.';
+$wb['1002'] = 'Usuario o contraseña incorrectos.';
+$wb['1003'] = 'El usuario está bloqueado';
+$wb['1004'] = 'Demasiados intentos erroneos, por favor, inténtelo dentro de 15 minutos.';
+$wb['pass_reset_txt'] = 'Se generará una nueva contraseña que se le enviará a la cuenta de correo que tiene configurada.';
+$wb['pw_reset'] = 'La contraseña ha sido reseteada y enviada a su cuenta de correo.';
+$wb['pw_error'] = 'El usuario o la cuenta de correo no coinciden.';
+$wb['pw_error_noinput'] = 'Por favor, introduzca la dirección de correo y el nombre de usuario.';
+$wb['pw_reset_mail_msg'] = 'La contraseña de su cuenta de panel de control ISPConfig 3 ha sido reseteada. La nueva contraseña es: ';
+$wb['pw_reset_mail_title'] = 'La contraseña del panel de control ISPConfig 3 ha sido reseteada.';
+$wb['user_regex_error'] = 'Username contains unallowed characters or is longer then 64 characters.';
+$wb['pw_error_length'] = 'The password length is > 64 characters.';
+?>
diff --git a/interface/web/login/lib/lang/fr.lng b/interface/web/login/lib/lang/fr.lng
index e142b6e947..d0d6b81727 100644
--- a/interface/web/login/lib/lang/fr.lng
+++ b/interface/web/login/lib/lang/fr.lng
@@ -1,12 +1,14 @@
-<?php
-$wb['1001'] = 'Nom dutilisateur ou mot de passe vide.';
-$wb['1002'] = 'Nom dutilisateur ou mot de passe faux.';
-$wb['1003'] = 'Utilisateur bloqué.';
-$wb['1004'] = 'To many wrong logins, Please retry it after 15 minutes';
-$wb['pass_reset_txt'] = 'A new password will be generated and send to your email address if the email address entered below matches the email address in your client settings.';
-$wb['pw_reset'] = 'The password has been reset and send to your email address.';
-$wb['pw_error'] = 'Username or email address does not match.';
-$wb['pw_error_noinput'] = 'Please enter email address and username.';
-$wb['pw_reset_mail_msg'] = 'The password to your ISPConfig 3 control panel account has been reset. The new password is: ';
-$wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset.';
-?>
+<?php
+$wb['1001'] = 'Nom dutilisateur ou mot de passe vide.';
+$wb['1002'] = 'Nom dutilisateur ou mot de passe faux.';
+$wb['1003'] = 'Utilisateur bloqué.';
+$wb['1004'] = 'To many wrong logins, Please retry it after 15 minutes';
+$wb['pass_reset_txt'] = 'A new password will be generated and send to your email address if the email address entered below matches the email address in your client settings.';
+$wb['pw_reset'] = 'The password has been reset and send to your email address.';
+$wb['pw_error'] = 'Username or email address does not match.';
+$wb['pw_error_noinput'] = 'Please enter email address and username.';
+$wb['pw_reset_mail_msg'] = 'The password to your ISPConfig 3 control panel account has been reset. The new password is: ';
+$wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset.';
+$wb['user_regex_error'] = 'Username contains unallowed characters or is longer then 64 characters.';
+$wb['pw_error_length'] = 'The password length is > 64 characters.';
+?>
diff --git a/interface/web/login/lib/lang/it.lng b/interface/web/login/lib/lang/it.lng
index 55d980ec52..35941734fc 100644
--- a/interface/web/login/lib/lang/it.lng
+++ b/interface/web/login/lib/lang/it.lng
@@ -1,12 +1,14 @@
-<?php
-$wb['1001'] = 'Nome utente o Password vuoti.';
-$wb['1002'] = 'Nome utente o Password errati.';
-$wb['1003'] = 'Utente bloccato.';
-$wb['1004'] = 'Troppi tentativi di login errati, Riprova tra 15 minuti';
-$wb['pass_reset_txt'] = 'Una nuova password sarà generata e spedita alla tua email se l`email inserita corrisponde a quella delle impostazioni dell`utente.';
-$wb['pw_reset'] = 'La password è stata reimpostata e spedita al tuo indirizzo mail.';
-$wb['pw_error'] = 'Nome utente o email non corrispondenti.';
-$wb['pw_error_noinput'] = 'Inserisci nome utente e indirizzo email.';
-$wb['pw_reset_mail_msg'] = 'La password nel tuo pannello di controllo ISPConfig 3 è stata reimpostata. La nuova password è: ';
-$wb['pw_reset_mail_title'] = 'Password del pannello di controllo ISPConfig 3 reimpostata.';
-?>
+<?php
+$wb['1001'] = 'Nome utente o Password vuoti.';
+$wb['1002'] = 'Nome utente o Password errati.';
+$wb['1003'] = 'Utente bloccato.';
+$wb['1004'] = 'Troppi tentativi di login errati, Riprova tra 15 minuti';
+$wb['pass_reset_txt'] = 'Una nuova password sarà generata e spedita alla tua email se l`email inserita corrisponde a quella delle impostazioni dell`utente.';
+$wb['pw_reset'] = 'La password è stata reimpostata e spedita al tuo indirizzo mail.';
+$wb['pw_error'] = 'Nome utente o email non corrispondenti.';
+$wb['pw_error_noinput'] = 'Inserisci nome utente e indirizzo email.';
+$wb['pw_reset_mail_msg'] = 'La password nel tuo pannello di controllo ISPConfig 3 è stata reimpostata. La nuova password è: ';
+$wb['pw_reset_mail_title'] = 'Password del pannello di controllo ISPConfig 3 reimpostata.';
+$wb['user_regex_error'] = 'Username contains unallowed characters or is longer then 64 characters.';
+$wb['pw_error_length'] = 'The password length is > 64 characters.';
+?>
diff --git a/interface/web/login/lib/lang/nl.lng b/interface/web/login/lib/lang/nl.lng
index 28dfc7318f..ef775cdd8f 100644
--- a/interface/web/login/lib/lang/nl.lng
+++ b/interface/web/login/lib/lang/nl.lng
@@ -1,12 +1,14 @@
-<?php
-$wb['1001'] = 'Gebruikersnaam of wachtwoord is leeg.';
-$wb['1002'] = 'Gebruikersnaam of wachtwoord ongeldig.';
-$wb['1003'] = 'Gebruiker is geblokkeerd.';
-$wb['1004'] = 'Teveel ongeldige login pogingen, Probeer het na 15 minuten opnieuw.';
-$wb['pass_reset_txt'] = 'Een nieuw wachtwoord zal worden gegenereerd en na het hierboven ingevulde Emailadres worden gestuurd, op voorwaarde dat het Emailadres overeenkomt met het Emailadres in uw klanten-settings';
-$wb['pw_reset'] = 'Het wachtwoord is gereset en is verzonden aan uw Emailadres.';
-$wb['pw_error'] = 'Gebruikersnaam of Emailadres komen niet overeen.';
-$wb['pw_error_noinput'] = 'Voer a.u.b. uw Emailadres en gebruikersnaam in.';
-$wb['pw_reset_mail_msg'] = 'Het wachtwoord dat toegang biedt tot ISPConfig 3 is gereset. Het nieuwe wachtwoord is: ';
-$wb['pw_reset_mail_title'] = 'Het wachtwoord dat toegang biedt tot ISPConfig 3 is gereset.';
-?>
+<?php
+$wb['1001'] = 'Gebruikersnaam of wachtwoord is leeg.';
+$wb['1002'] = 'Gebruikersnaam of wachtwoord ongeldig.';
+$wb['1003'] = 'Gebruiker is geblokkeerd.';
+$wb['1004'] = 'Teveel ongeldige login pogingen, Probeer het na 15 minuten opnieuw.';
+$wb['pass_reset_txt'] = 'Een nieuw wachtwoord zal worden gegenereerd en na het hierboven ingevulde Emailadres worden gestuurd, op voorwaarde dat het Emailadres overeenkomt met het Emailadres in uw klanten-settings';
+$wb['pw_reset'] = 'Het wachtwoord is gereset en is verzonden aan uw Emailadres.';
+$wb['pw_error'] = 'Gebruikersnaam of Emailadres komen niet overeen.';
+$wb['pw_error_noinput'] = 'Voer a.u.b. uw Emailadres en gebruikersnaam in.';
+$wb['pw_reset_mail_msg'] = 'Het wachtwoord dat toegang biedt tot ISPConfig 3 is gereset. Het nieuwe wachtwoord is: ';
+$wb['pw_reset_mail_title'] = 'Het wachtwoord dat toegang biedt tot ISPConfig 3 is gereset.';
+$wb['user_regex_error'] = 'Username contains unallowed characters or is longer then 64 characters.';
+$wb['pw_error_length'] = 'The password length is > 64 characters.';
+?>
diff --git a/interface/web/login/lib/lang/se.lng b/interface/web/login/lib/lang/se.lng
index 706aa5c3ef..e6172cfbd6 100644
--- a/interface/web/login/lib/lang/se.lng
+++ b/interface/web/login/lib/lang/se.lng
@@ -1,12 +1,14 @@
-<?php
-$wb['1001'] = 'Användarnamn eller Lösenord är tomt.';
-$wb['1002'] = 'Felaktigt Användarnamn eller Lösenord.';
-$wb['1003'] = 'Användaren är spärrad.';
-$wb['1004'] = 'To many wrong logins, Please retry it after 15 minutes';
-$wb['pass_reset_txt'] = 'A new password will be generated and send to your email address if the email address entered below matches the email address in your client settings.';
-$wb['pw_reset'] = 'The password has been reset and send to your email address.';
-$wb['pw_error'] = 'Username or email address does not match.';
-$wb['pw_error_noinput'] = 'Please enter email address and username.';
-$wb['pw_reset_mail_msg'] = 'The password to your ISPConfig 3 control panel account has been reset. The new password is: ';
-$wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset.';
-?>
+<?php
+$wb['1001'] = 'Användarnamn eller Lösenord är tomt.';
+$wb['1002'] = 'Felaktigt Användarnamn eller Lösenord.';
+$wb['1003'] = 'Användaren är spärrad.';
+$wb['1004'] = 'To many wrong logins, Please retry it after 15 minutes';
+$wb['pass_reset_txt'] = 'A new password will be generated and send to your email address if the email address entered below matches the email address in your client settings.';
+$wb['pw_reset'] = 'The password has been reset and send to your email address.';
+$wb['pw_error'] = 'Username or email address does not match.';
+$wb['pw_error_noinput'] = 'Please enter email address and username.';
+$wb['pw_reset_mail_msg'] = 'The password to your ISPConfig 3 control panel account has been reset. The new password is: ';
+$wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset.';
+$wb['user_regex_error'] = 'Username contains unallowed characters or is longer then 64 characters.';
+$wb['pw_error_length'] = 'The password length is > 64 characters.';
+?>
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index 23516f3558..4b39def304 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -1,78 +1,88 @@
-<?php
-
-/*
-Copyright (c) 2008, Till Brehm, projektfarm Gmbh
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
- * Neither the name of ISPConfig nor the names of its contributors
- may be used to endorse or promote products derived from this software without
- specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
-
-// Loading the template
-$app->uses('tpl');
-$app->tpl->newTemplate("form.tpl.htm");
-$app->tpl->setInclude('content_tpl','templates/password_reset.htm');
-
-$app->tpl_defaults();
-
-include(ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng');
-$app->tpl->setVar($wb);
-
-if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
-
- $username = $app->db->quote($_POST['username']);
- $email = $app->db->quote($_POST['email']);
-
- $client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' && email = '$email'");
-
- if($client['client_id'] > 0) {
- $new_password = md5 (uniqid (rand()));
- $new_password = $app->db->quote($new_password);
- $username = $app->db->quote($client['username']);
- $app->db->query("UPDATE sys_user SET passwort = md5('$new_password') WHERE username = '$username'");
- $app->db->query("UPDATE client SET ´password´ = md5('$new_password') WHERE username = '$username'");
- $app->tpl->setVar("message",$wb['pw_reset']);
-
- mail($client['email'],$wb['pw_reset_mail_title'],$wb['pw_reset_mail_msg'].$new_password);
-
- } else {
- $app->tpl->setVar("message",$wb['pw_error']);
- }
-
-} else {
- $app->tpl->setVar("message",$wb['pw_error_noinput']);
-}
-
-
-
-$app->tpl_defaults();
-$app->tpl->pparse();
-
-
-
-
-
+<?php
+
+/*
+Copyright (c) 2008, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once('../../lib/config.inc.php');
+require_once('../../lib/app.inc.php');
+
+// Loading the template
+$app->uses('tpl');
+$app->tpl->newTemplate("form.tpl.htm");
+$app->tpl->setInclude('content_tpl','templates/password_reset.htm');
+
+$app->tpl_defaults();
+
+include(ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng');
+$app->tpl->setVar($wb);
+
+if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
+
+ if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) die($app->lng('user_regex_error'));
+ if(!preg_match("/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i", $_POST['email'])) die($app->lng('email_error'));
+
+ $username = $app->db->quote($_POST['username']);
+ $email = $app->db->quote($_POST['email']);
+
+ $client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'");
+
+ if($client['client_id'] > 0) {
+ $new_password = md5 (uniqid (rand()));
+ $salt="$1$";
+ for ($n=0;$n<11;$n++) {
+ $salt.=chr(mt_rand(64,126));
+ }
+ $salt.="$";
+ $new_password_encrypted = crypt($new_password,$salt);
+ $new_password_encrypted = $app->db->quote($new_password_encrypted);
+
+ $username = $app->db->quote($client['username']);
+ $app->db->query("UPDATE sys_user SET passwort = '$new_password_encrypted' WHERE username = '$username'");
+ $app->db->query("UPDATE client SET ´password´ = '$new_password_encrypted' WHERE username = '$username'");
+ $app->tpl->setVar("message",$wb['pw_reset']);
+
+ mail($client['email'],$wb['pw_reset_mail_title'],$wb['pw_reset_mail_msg'].$new_password);
+
+ } else {
+ $app->tpl->setVar("message",$wb['pw_error']);
+ }
+
+} else {
+ $app->tpl->setVar("message",$wb['pw_error_noinput']);
+}
+
+
+
+$app->tpl_defaults();
+$app->tpl->pparse();
+
+
+
+
+
?>
\ No newline at end of file
diff --git a/interface/web/tools/form/user_settings.tform.php b/interface/web/tools/form/user_settings.tform.php
index 05b3e8c0f6..516031a18d 100644
--- a/interface/web/tools/form/user_settings.tform.php
+++ b/interface/web/tools/form/user_settings.tform.php
@@ -1,143 +1,144 @@
-<?php
-
-/*
-Copyright (c) 2005, Till Brehm, projektfarm Gmbh
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
- * Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
- * Neither the name of ISPConfig nor the names of its contributors
- may be used to endorse or promote products derived from this software without
- specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
-EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*
- Form Definition
-
- Tabellendefinition
-
- Datentypen:
- - INTEGER (Wandelt Ausdr�cke in Int um)
- - DOUBLE
- - CURRENCY (Formatiert Zahlen nach W�hrungsnotation)
- - VARCHAR (kein weiterer Format Check)
- - TEXT (kein weiterer Format Check)
- - DATE (Datumsformat, Timestamp Umwandlung)
-
- Formtype:
- - TEXT (normales Textfeld)
- - TEXTAREA (normales Textfeld)
- - PASSWORD (Feldinhalt wird nicht angezeigt)
- - SELECT (Gibt Werte als option Feld aus)
- - RADIO
- - CHECKBOX
- - CHECKBOXARRAY
- - FILE
-
- VALUE:
- - Wert oder Array
-
- Hinweis:
- Das ID-Feld ist nicht bei den Table Values einzuf�gen.
-
-
-*/
-
-$form['title'] = 'User Settings';
-$form['description'] = 'Form to edit the user password and language.';
-$form['name'] = 'usersettings';
-$form['action'] = 'user_settings.php';
-$form['db_table'] = 'sys_user';
-$form['db_table_idx'] = 'userid';
-$form["db_history"] = "no";
-$form['tab_default'] = 'users';
-$form['list_default'] = 'index.php';
-$form['auth'] = 'no';
-
-//* 0 = id of the user, > 0 id must match with id of current user
-$form['auth_preset']['userid'] = 0;
-//* 0 = default groupid of the user, > 0 id must match with groupid of current user
-$form['auth_preset']['groupid'] = 0;
-
-//** Permissions are: r = read, i = insert, u = update, d = delete
-$form['auth_preset']['perm_user'] = 'riud';
-$form['auth_preset']['perm_group'] = 'riud';
-$form['auth_preset']['perm_other'] = '';
-
-//* Languages
-$language_list = array();
-$handle = @opendir(ISPC_ROOT_PATH.'/lib/lang');
-while ($file = @readdir ($handle)) {
- if ($file != '.' && $file != '..') {
- if(@is_file(ISPC_ROOT_PATH.'/lib/lang/'.$file) and substr($file,-4,4) == '.lng') {
- $tmp = substr($file, 0, 2);
- $language_list[$tmp] = $tmp;
- }
- }
-}
-
-$form['tabs']['users'] = array (
- 'title' => 'Settings',
- 'width' => 80,
- 'template' => 'templates/user_settings.htm',
- 'fields' => array (
- ##################################
- # Beginn Datenbankfelder
- ##################################
- 'passwort' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'PASSWORD',
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => '',
- 'separator' => '',
- 'width' => '15',
- 'maxlength' => '100',
- 'rows' => '',
- 'cols' => ''
- ),
- 'language' => array (
- 'datatype' => 'VARCHAR',
- 'formtype' => 'SELECT',
- 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
- 'errmsg'=> 'language_is_empty'),
- 1 => array ( 'type' => 'REGEX',
- 'regex' => '/^[a-z]{2}$/i',
- 'errmsg'=> 'language_regex_mismatch'),
- ),
- 'regex' => '',
- 'errmsg' => '',
- 'default' => '',
- 'value' => $language_list,
- 'separator' => '',
- 'width' => '30',
- 'maxlength' => '2',
- 'rows' => '',
- 'cols' => ''
- )
- ##################################
- # ENDE Datenbankfelder
- ##################################
- )
-);
-
-
+<?php
+
+/*
+Copyright (c) 2005, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ * Neither the name of ISPConfig nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/*
+ Form Definition
+
+ Tabellendefinition
+
+ Datentypen:
+ - INTEGER (Wandelt Ausdr�cke in Int um)
+ - DOUBLE
+ - CURRENCY (Formatiert Zahlen nach W�hrungsnotation)
+ - VARCHAR (kein weiterer Format Check)
+ - TEXT (kein weiterer Format Check)
+ - DATE (Datumsformat, Timestamp Umwandlung)
+
+ Formtype:
+ - TEXT (normales Textfeld)
+ - TEXTAREA (normales Textfeld)
+ - PASSWORD (Feldinhalt wird nicht angezeigt)
+ - SELECT (Gibt Werte als option Feld aus)
+ - RADIO
+ - CHECKBOX
+ - CHECKBOXARRAY
+ - FILE
+
+ VALUE:
+ - Wert oder Array
+
+ Hinweis:
+ Das ID-Feld ist nicht bei den Table Values einzuf�gen.
+
+
+*/
+
+$form['title'] = 'User Settings';
+$form['description'] = 'Form to edit the user password and language.';
+$form['name'] = 'usersettings';
+$form['action'] = 'user_settings.php';
+$form['db_table'] = 'sys_user';
+$form['db_table_idx'] = 'userid';
+$form["db_history"] = "no";
+$form['tab_default'] = 'users';
+$form['list_default'] = 'index.php';
+$form['auth'] = 'no';
+
+//* 0 = id of the user, > 0 id must match with id of current user
+$form['auth_preset']['userid'] = 0;
+//* 0 = default groupid of the user, > 0 id must match with groupid of current user
+$form['auth_preset']['groupid'] = 0;
+
+//** Permissions are: r = read, i = insert, u = update, d = delete
+$form['auth_preset']['perm_user'] = 'riud';
+$form['auth_preset']['perm_group'] = 'riud';
+$form['auth_preset']['perm_other'] = '';
+
+//* Languages
+$language_list = array();
+$handle = @opendir(ISPC_ROOT_PATH.'/lib/lang');
+while ($file = @readdir ($handle)) {
+ if ($file != '.' && $file != '..') {
+ if(@is_file(ISPC_ROOT_PATH.'/lib/lang/'.$file) and substr($file,-4,4) == '.lng') {
+ $tmp = substr($file, 0, 2);
+ $language_list[$tmp] = $tmp;
+ }
+ }
+}
+
+$form['tabs']['users'] = array (
+ 'title' => 'Settings',
+ 'width' => 80,
+ 'template' => 'templates/user_settings.htm',
+ 'fields' => array (
+ ##################################
+ # Beginn Datenbankfelder
+ ##################################
+ 'passwort' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'PASSWORD',
+ 'encryption'=> 'CRYPT',
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => '',
+ 'separator' => '',
+ 'width' => '15',
+ 'maxlength' => '100',
+ 'rows' => '',
+ 'cols' => ''
+ ),
+ 'language' => array (
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'SELECT',
+ 'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
+ 'errmsg'=> 'language_is_empty'),
+ 1 => array ( 'type' => 'REGEX',
+ 'regex' => '/^[a-z]{2}$/i',
+ 'errmsg'=> 'language_regex_mismatch'),
+ ),
+ 'regex' => '',
+ 'errmsg' => '',
+ 'default' => '',
+ 'value' => $language_list,
+ 'separator' => '',
+ 'width' => '30',
+ 'maxlength' => '2',
+ 'rows' => '',
+ 'cols' => ''
+ )
+ ##################################
+ # ENDE Datenbankfelder
+ ##################################
+ )
+);
+
+
?>
\ No newline at end of file
--
GitLab