robin.thoni
/
docker-mx-server
Watch 1
Star 0
Fork 0
Code Issues 2 Pull Requests 0 Releases 12 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 Commits
3 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
docker-mx-server/postfixadmin/postfixadmin-3.2.2/public/users/password-recover.php

password-recover.php 3.1KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 
  1. <?php

  2. /**

  3.  * Postfix Admin

  4.  *

  5.  * LICENSE

  6.  * This source file is subject to the GPL license that is bundled with

  7.  * this package in the file LICENSE.TXT.

  8.  *

  9.  * Further details on the project are available at http://postfixadmin.sf.net

  10.  *

  11.  * @version $Id$

  12.  * @license GNU GPL v2 or later.

  13.  *

  14.  * File: password-recover.php

  15.  * Used by users and admins to recover their forgotten login password.

  16.  * Template File: password-recover.tpl

  17.  *

  18.  * Template Variables:

  19.  *

  20.  * none

  21.  *

  22.  * Form POST \ GET Variables:

  23.  *

  24.  * fUsername

  25.  */

  26. 

  27. 

  28. if (preg_match('/\/users\//', $_SERVER['REQUEST_URI'])) {

  29.     $rel_path = '../';

  30.     $context = 'users';

  31. } else {

  32.     $rel_path = './';

  33.     $context = 'admin';

  34. }

  35. require_once($rel_path . 'common.php');

  36. 

  37. if ($context === 'admin' && !Config::read('forgotten_admin_password_reset') || $context === 'users' && !Config::read('forgotten_user_password_reset')) {

  38.     die('Password reset is disabled by configuration option: forgotten_admin_password_reset');

  39. }

  40. 

  41. function sendCodebyEmail($to, $username, $code) {

  42.     $url = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . '/password-change.php?username=' . urlencode($username) . '&code=' . $code;

  43. 

  44.     return smtp_mail($to, Config::read('admin_email'), Config::Lang('pPassword_welcome'), Config::lang_f('pPassword_recovery_email_body', $url));

  45. }

  46. 

  47. function sendCodebySMS($to, $username, $code) {

  48.     $text = Config::lang_f('pPassword_recovery_sms_body', $code);

  49. 

  50.     if (Config::read('sms_send_function') && is_callable(Config::read('sms_send_function'))) {

  51.         $result = call_user_func(Config::read('sms_send_function'), $to, $text);

  52.         return $result !== false;

  53.     }

  54. 

  55.     return false;

  56. }

  57. 

  58. if ($_SERVER['REQUEST_METHOD'] === "POST") {

  59.     $start_time = microtime(true);

  60.     $tUsername = escape_string(safepost('fUsername'));

  61.     $handler = $context === 'admin' ? new AdminHandler : new MailboxHandler;

  62.     $token = $handler->getPasswordRecoveryCode($tUsername);

  63.     if ($token !== false) {

  64.         $table = table_by_key($context === 'users' ? 'mailbox' : 'admin');

  65.         $result = db_query("SELECT * FROM $table WHERE username='$tUsername'");

  66.         $row = db_assoc($result['result']);

  67. 

  68.         $email_other = trim($row['email_other']);

  69.         $phone = trim($row['phone']);

  70. 

  71.         if ($email_other) {

  72.             sendCodeByEmail($email_other, $tUsername, $token);

  73.         }

  74. 

  75.         if ($phone) {

  76.             sendCodeBySMS($phone, $tUsername, $token);

  77.         }

  78. 

  79.         if ($email_other || $phone) {

  80.             header("Location: password-change.php?username=" . $tUsername);

  81.             exit(0);

  82.         }

  83.     }

  84. 

  85.     // throttle password reset requests to prevent brute force attack

  86.     $elapsed_time = microtime(true) - $start_time;

  87.     if ($elapsed_time < 2 * pow(10, 6)) {

  88.         usleep(2 * pow(10, 6) - $elapsed_time);

  89.     }

  90. 

  91.     flash_info(Config::Lang('pPassword_recovery_processed'));

  92. }

  93. 

  94. $smarty->assign('language_selector', language_selector(), false);

  95. $smarty->assign('smarty_template', 'password-recover');

  96. $smarty->display('index.tpl');

  97. 

  98. /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */