File: password-change.php

package info (click to toggle)
postfixadmin 4.0.1%2Bds-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 4,888 kB
  • sloc: php: 12,256; perl: 1,156; sh: 717; python: 142; xml: 63; sql: 3; makefile: 2
file content (108 lines) | stat: -rw-r--r-- 3,390 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
<?php

/**
 * Postfix Admin
 *
 * LICENSE
 * This source file is subject to the GPL license that is bundled with
 * this package in the file LICENSE.TXT.
 *
 * Further details on the project are available at https://github.com/postfixadmin/postfixadmin
 *
 * @version $Id$
 * @license GNU GPL v2 or later.
 *
 * File: password-change.php
 * Used by users and admins to change their forgotten login password.
 * Template File: password-change.tpl
 *
 * Template Variables:
 *
 * tUsername
 * tCode
 *
 * Form POST \ GET Variables:
 *
 * fUsername
 */


if (preg_match('/\/users\//', $_SERVER['REQUEST_URI'])) {
    $rel_path = '../';
    $context = 'users';
} else {
    $rel_path = './';
    $context = 'admin';
}
require_once($rel_path . 'common.php');

$smarty = PFASmarty::getInstance();
$CONF = Config::getInstance()->getAll();

$smarty->configureTheme($rel_path);

$tCode = null;
$tUsername = null;

if ($context === 'admin' && !Config::read('forgotten_admin_password_reset')) {
    die('Password change is disabled by configuration option: forgotten_admin_password_reset or mailbox_postpassword_script');
}

if ($context === 'users' && (!Config::read('forgotten_user_password_reset') || Config::read('mailbox_postpassword_script'))) {
    die('Password change is disabled by configuration option: forgotten_user_password_reset or mailbox_postpassword_script');
}

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $tUsername = safeget('username');
    $tCode = safeget('code');
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (safepost('fCancel')) {
        header('Location: main.php');
        exit(0);
    }

    $fPassword = safepost('fPassword');
    $fPassword2 = safepost('fPassword2');

    $tUsername = safepost('fUsername');
    $tCode = trim(safepost('fCode'));

    if (empty($fPassword) or ($fPassword != $fPassword2)) {
        $error = true;
        flash_error(Config::lang('pPassword_password_text_error'));
    } else {
        $handler = $context === 'admin' ? new AdminHandler() : new MailboxHandler();
        if (!$handler->checkPasswordRecoveryCode($tUsername, $tCode)) {
            flash_error(Config::lang('pPassword_code_text_error'));
        } else {
            init_session($tUsername, $context === 'admin');
            if (!$handler->init($tUsername)) {
                flash_error($handler->errormsg);
            } else {
                $values = $handler->result;
                $values['password'] = $fPassword;
                $values['password2'] = $fPassword2;
                if ($handler->set($values) && $handler->save()) {
                    flash_info(Config::lang_f('pPassword_result_success', $tUsername));
                    $handler->wipePasswordRecoveryCode($tUsername); // so we only wipe the recovery token if they've managed to change their password.
                    header('Location: main.php');
                    exit(0);
                } else {
                    foreach ($handler->errormsg as $msg) {
                        flash_error($msg);
                    }
                }
            }
        }
    }
}

$smarty->assign('language_selector', language_selector(), false);
$smarty->assign('tUsername', $tUsername);
$smarty->assign('tCode', $tCode);
$smarty->assign('smarty_template', 'password-change');
$smarty->display('index.tpl');

/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */