diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 48d3af652b18ffbc462f68517aae822912a4f3cf..4cb2e3e7e919870fda05be798f26b56ede31b654 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -325,6 +325,15 @@ class login_index {
$error = '
Error
'.$error.'';
}
+ $app->load('getconf');
+
+ $security_config = $app->getconf->get_security_config('permissions');
+ if($security_config['password_reset_allowed'] == 'yes') {
+ $app->tpl->setVar('pw_lost_show', 1);
+ } else {
+ $app->tpl->setVar('pw_lost_show', 0);
+ }
+
$app->tpl->setVar('error', $error);
$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
$app->tpl->setVar('username_txt', $app->lng('username_txt'));
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index e29b1637dd0834f42e77197d3dcbc88e5137e9d6..c466ac8e4b466d12f5c7d394d1acdac68dc1e9fe 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -31,6 +31,11 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
require_once '../../lib/config.inc.php';
require_once '../../lib/app.inc.php';
+$app->load('getconf');
+
+$security_config = $app->getconf->get_security_config('permissions');
+if($security_config['password_reset_allowed'] != 'yes') die('Password reset function has been disabled.');
+
// Loading the template
$app->uses('tpl');
$app->tpl->newTemplate("form.tpl.htm");
diff --git a/interface/web/login/templates/index.htm b/interface/web/login/templates/index.htm
index 3fbd278ddd8429fff180252aced120d53f7cc3db..bcdd8bdb9bbf0c156927c817d8f995a631c68a04 100644
--- a/interface/web/login/templates/index.htm
+++ b/interface/web/login/templates/index.htm
@@ -35,7 +35,7 @@
-
+
diff --git a/security/README.txt b/security/README.txt
index b68f64780fde4428e16b0030c369e8651428ba73..b42cbaabb4adb2c698506c7c7abb1ecd22debc52 100644
--- a/security/README.txt
+++ b/security/README.txt
@@ -69,6 +69,10 @@ Setting: remote_api_allowed
Options: yes/no
Description: Disables the remote API
+Setting: password_reset_allowed
+Options: yes/no
+Description: Disables the password reset function.
+
Setting: ids_enabled
Options: yes/no
Description: Enables the Intrusion Detection System
diff --git a/security/security_settings.ini b/security/security_settings.ini
index 85d0433443de5b06ceedb033106528765fc80517..4b4327aafc165e1a9e29389c74cee0f053ef5f34 100644
--- a/security/security_settings.ini
+++ b/security/security_settings.ini
@@ -15,6 +15,7 @@ admin_allow_osupdate=superadmin
admin_allow_software_packages=superadmin
admin_allow_software_repo=superadmin
remote_api_allowed=yes
+password_reset_allowed=yes
[ids]
ids_enabled=yes