From 0baacefd19b7d78ab2c31d947109dec82a17f1cd Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Mon, 25 Aug 2014 20:32:20 +0200
Subject: [PATCH] FS#3641 - Add option to disable the password reset function

---
 interface/web/login/index.php           | 9 +++++++++
 interface/web/login/password_reset.php  | 5 +++++
 interface/web/login/templates/index.htm | 2 +-
 security/README.txt                     | 4 ++++
 security/security_settings.ini          | 1 +
 5 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 48d3af652..4cb2e3e7e 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -325,6 +325,15 @@ class login_index {
 			$error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';
 		}
 		
+		$app->load('getconf');
+
+		$security_config = $app->getconf->get_security_config('permissions');
+		if($security_config['password_reset_allowed'] == 'yes') {
+			$app->tpl->setVar('pw_lost_show', 1);
+		} else {
+			$app->tpl->setVar('pw_lost_show', 0);
+		}
+		
 		$app->tpl->setVar('error', $error);
 		$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
 		$app->tpl->setVar('username_txt', $app->lng('username_txt'));
diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index e29b1637d..c466ac8e4 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -31,6 +31,11 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 require_once '../../lib/config.inc.php';
 require_once '../../lib/app.inc.php';
 
+$app->load('getconf');
+
+$security_config = $app->getconf->get_security_config('permissions');
+if($security_config['password_reset_allowed'] != 'yes') die('Password reset function has been disabled.');
+
 // Loading the template
 $app->uses('tpl');
 $app->tpl->newTemplate("form.tpl.htm");
diff --git a/interface/web/login/templates/index.htm b/interface/web/login/templates/index.htm
index 3fbd278dd..bcdd8bdb9 100644
--- a/interface/web/login/templates/index.htm
+++ b/interface/web/login/templates/index.htm
@@ -35,7 +35,7 @@
 
         <div class="buttonHolder buttons">
             <button class="positive iconstxt icoKey" type="button" value="{tmpl_var name='add_new_record_txt'}" onclick="submitLoginForm('pageForm');"><span>{tmpl_var name='login_button_txt'}</span></button>
-            <button class="negative iconstxt icoKey" type="button" value="{tmpl_var name='pw_lost_txt'}" onclick="loadContent('login/password_reset.php');"><span>{tmpl_var name='pw_lost_txt'}</span></button>
+            <tmpl_if name="pw_lost_show"><button class="negative iconstxt icoKey" type="button" value="{tmpl_var name='pw_lost_txt'}" onclick="loadContent('login/password_reset.php');"><span>{tmpl_var name='pw_lost_txt'}</span></button></tmpl_if>
         </div>
     </div>
 
diff --git a/security/README.txt b/security/README.txt
index b68f64780..b42cbaabb 100644
--- a/security/README.txt
+++ b/security/README.txt
@@ -69,6 +69,10 @@ Setting:     remote_api_allowed
 Options:     yes/no
 Description: Disables the remote API
 
+Setting:     password_reset_allowed
+Options:     yes/no
+Description: Disables the password reset function.
+
 Setting:     ids_enabled
 Options:     yes/no
 Description: Enables the Intrusion Detection System
diff --git a/security/security_settings.ini b/security/security_settings.ini
index 85d043344..4b4327aaf 100644
--- a/security/security_settings.ini
+++ b/security/security_settings.ini
@@ -15,6 +15,7 @@ admin_allow_osupdate=superadmin
 admin_allow_software_packages=superadmin
 admin_allow_software_repo=superadmin
 remote_api_allowed=yes
+password_reset_allowed=yes
 
 [ids]
 ids_enabled=yes
-- 
GitLab