From 326a8dbb9be14d2e1be8c03feb4d6e713f6ed76f Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sun, 21 Sep 2008 11:32:58 +0000
Subject: [PATCH] Users can reset their login password. The password is sent by
 email to the email address listed in the client account settings.

---
 interface/web/login/lib/lang/en.lng           | 30 ++++---
 interface/web/login/password_reset.php        | 78 +++++++++++++++++++
 interface/web/login/templates/index.htm       |  3 +
 .../web/login/templates/password_reset.htm    | 30 +++++++
 4 files changed, 125 insertions(+), 16 deletions(-)
 create mode 100644 interface/web/login/password_reset.php
 create mode 100644 interface/web/login/templates/password_reset.htm

diff --git a/interface/web/login/lib/lang/en.lng b/interface/web/login/lib/lang/en.lng
index 9bdd5ca50d..52bda93120 100644
--- a/interface/web/login/lib/lang/en.lng
+++ b/interface/web/login/lib/lang/en.lng
@@ -1,17 +1,15 @@
-<?php
-
-$wb[1001]	= "Username or Password empty.";
-$wb[1002]	= "Username or Password wrong.";
-$wb[1003]	= "User is blocked.";
-$wb[1004]	= "To many wrong login's, Please retry it after 15 minutes";
-
-
-
-
-
-
-
-
-
-
+<?php
+
+$wb[1001]	= "Username or Password empty.";
+$wb[1002]	= "Username or Password wrong.";
+$wb[1003]	= "User is blocked.";
+$wb[1004]	= "To many wrong login's, Please retry it after 15 minutes";
+$wb['pass_reset_txt'] = 'A new password will be generated and send to your email address if the email address entered above matches the email address in your client settings.';
+$wb['pw_reset'] = 'The password has been reset and send to your email address.';
+$wb['pw_error'] = 'Username or email address does not match.';
+$wb['pw_error_noinput'] = 'Please enter email address and username.';
+
+$wb['pw_reset_mail_msg'] = 'The password to your ISPConfig 3 control panel account has been reset. The new password is: ';
+$wb['pw_reset_mail_title'] = 'ISPConfig 3 Control panel password has been reset.';
+
 ?>
\ No newline at end of file
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
new file mode 100644
index 0000000000..23516f3558
--- /dev/null
+++ b/interface/web/login/password_reset.php
@@ -0,0 +1,78 @@
+<?php
+
+/*
+Copyright (c) 2008, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once('../../lib/config.inc.php');
+require_once('../../lib/app.inc.php');
+
+// Loading the template
+$app->uses('tpl');
+$app->tpl->newTemplate("form.tpl.htm");
+$app->tpl->setInclude('content_tpl','templates/password_reset.htm');
+
+$app->tpl_defaults();
+
+include(ISPC_ROOT_PATH.'/web/login/lib/lang/'.$_SESSION['s']['language'].'.lng');
+$app->tpl->setVar($wb);
+
+if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '' && $_POST['username'] != 'admin') {
+	
+	$username = $app->db->quote($_POST['username']);
+	$email = $app->db->quote($_POST['email']);
+	
+	$client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' && email = '$email'");
+	
+	if($client['client_id'] > 0) {
+		$new_password = md5 (uniqid (rand()));
+		$new_password = $app->db->quote($new_password);
+		$username = $app->db->quote($client['username']);
+		$app->db->query("UPDATE sys_user SET passwort = md5('$new_password') WHERE username = '$username'");
+		$app->db->query("UPDATE client SET īpasswordī = md5('$new_password') WHERE username = '$username'");
+		$app->tpl->setVar("message",$wb['pw_reset']);
+		
+		mail($client['email'],$wb['pw_reset_mail_title'],$wb['pw_reset_mail_msg'].$new_password);
+		
+	} else {
+		$app->tpl->setVar("message",$wb['pw_error']);
+	}
+	
+} else {
+	$app->tpl->setVar("message",$wb['pw_error_noinput']);
+}
+
+
+
+$app->tpl_defaults();
+$app->tpl->pparse();
+
+
+
+
+
+?>
\ No newline at end of file
diff --git a/interface/web/login/templates/index.htm b/interface/web/login/templates/index.htm
index be13fc5251..401912db06 100644
--- a/interface/web/login/templates/index.htm
+++ b/interface/web/login/templates/index.htm
@@ -7,6 +7,9 @@
   <tr>
     <td colspan="2"><tmpl_var name="error"></td>
   </tr>
+  <tr>
+    <td colspan="2" height="30" align="left"><a href="#" onclick="loadContent('login/password_reset.php');">Password lost?</a></td>
+  </tr>
   </tmpl_if>  
   <tr>
     <td>Username</td>
diff --git a/interface/web/login/templates/password_reset.htm b/interface/web/login/templates/password_reset.htm
new file mode 100644
index 0000000000..34fbfea527
--- /dev/null
+++ b/interface/web/login/templates/password_reset.htm
@@ -0,0 +1,30 @@
+<div style="margin-top: 100px">
+<table style="width: 400px; margin: 0px auto;" class="table">
+  <tr>
+    <th colspan="2">Password Reset</th>
+  </tr>
+  <tmpl_if name="message">
+  <tr>
+    <td colspan="2"><b><i><tmpl_var name="message"></i></b></td>
+  </tr>
+  </tmpl_if>  
+  <tr>
+    <td>Email address</td>
+    <td><input name="email" type="text" id="email" class="text"></td>
+  </tr>
+  <tr>
+    <td>Username</td>
+    <td><input name="username" type="text" id="username" class="text"></td>
+  </tr>
+  <tr>
+    <td colspan="2"><tmpl_var name="pass_reset_txt"></td>
+  </tr>
+  <tr>
+    <td>&nbsp;</td>
+    <td><input type="button" name="submit" id="submit" value="Resend password" class="button" onclick="submitForm('pageForm','login/password_reset.php');" ><div class="buttonEnding"></div>
+    </td>
+  </tr>
+</table>
+<input type="hidden" name="s_mod" value="login" />
+<input type="hidden" name="s_pg" value="index" />
+</div>
\ No newline at end of file
-- 
GitLab