Skip to content

Commit 0baacef

Browse files
author
Till Brehm
committed
FS#3641 - Add option to disable the password reset function
1 parent b31c9d7 commit 0baacef

File tree

5 files changed

+20
-1
lines changed

5 files changed

+20
-1
lines changed

interface/web/login/index.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -325,6 +325,15 @@ public function render() {
325325
$error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';
326326
}
327327

328+
$app->load('getconf');
329+
330+
$security_config = $app->getconf->get_security_config('permissions');
331+
if($security_config['password_reset_allowed'] == 'yes') {
332+
$app->tpl->setVar('pw_lost_show', 1);
333+
} else {
334+
$app->tpl->setVar('pw_lost_show', 0);
335+
}
336+
328337
$app->tpl->setVar('error', $error);
329338
$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
330339
$app->tpl->setVar('username_txt', $app->lng('username_txt'));

interface/web/login/password_reset.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,11 @@
3131
require_once '../../lib/config.inc.php';
3232
require_once '../../lib/app.inc.php';
3333

34+
$app->load('getconf');
35+
36+
$security_config = $app->getconf->get_security_config('permissions');
37+
if($security_config['password_reset_allowed'] != 'yes') die('Password reset function has been disabled.');
38+
3439
// Loading the template
3540
$app->uses('tpl');
3641
$app->tpl->newTemplate("form.tpl.htm");

interface/web/login/templates/index.htm

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ <h2><tmpl_var name="login_txt"></h2>
3535

3636
<div class="buttonHolder buttons">
3737
<button class="positive iconstxt icoKey" type="button" value="{tmpl_var name='add_new_record_txt'}" onclick="submitLoginForm('pageForm');"><span>{tmpl_var name='login_button_txt'}</span></button>
38-
<button class="negative iconstxt icoKey" type="button" value="{tmpl_var name='pw_lost_txt'}" onclick="loadContent('login/password_reset.php');"><span>{tmpl_var name='pw_lost_txt'}</span></button>
38+
<tmpl_if name="pw_lost_show"><button class="negative iconstxt icoKey" type="button" value="{tmpl_var name='pw_lost_txt'}" onclick="loadContent('login/password_reset.php');"><span>{tmpl_var name='pw_lost_txt'}</span></button></tmpl_if>
3939
</div>
4040
</div>
4141

security/README.txt

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,10 @@ Setting: remote_api_allowed
6969
Options: yes/no
7070
Description: Disables the remote API
7171

72+
Setting: password_reset_allowed
73+
Options: yes/no
74+
Description: Disables the password reset function.
75+
7276
Setting: ids_enabled
7377
Options: yes/no
7478
Description: Enables the Intrusion Detection System

security/security_settings.ini

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ admin_allow_osupdate=superadmin
1515
admin_allow_software_packages=superadmin
1616
admin_allow_software_repo=superadmin
1717
remote_api_allowed=yes
18+
password_reset_allowed=yes
1819

1920
[ids]
2021
ids_enabled=yes

0 commit comments

Comments
 (0)