wcp/web/reset/index.php at b3a303b18dfdcd73bc3794ccc2eaba9beb62a13b · ghzhost/wcp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
use function Hestiacp\quoteshellarg\quoteshellarg;

define('NO_AUTH_REQUIRED', true);
$TAB = 'RESET PASSWORD';

// Main include
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");

if (isset($_SESSION['user'])) {
    header("Location: /list/user");
}

if ($_SESSION['POLICY_SYSTEM_PASSWORD_RESET'] == 'no') {
    header('Location: /login/');
    exit();
}

if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
    // Check token
    verify_csrf($_POST);
    $v_user = quoteshellarg($_POST['user']);
    $user = $_POST['user'];
    $email = $_POST['email'];
    $cmd="/usr/bin/sudo /usr/local/hestia/bin/v-list-user";
    exec($cmd." ".$v_user." json", $output, $return_var);
    if ($return_var == 0) {
        $data = json_decode(implode('', $output), true);
        unset($output);
        exec(HESTIA_CMD . "v-get-user-value ".$v_user." RKEYEXP", $output, $return_var);
        $rkeyexp = json_decode(implode('', $output), true);
        if ($rkeyexp === null || $rkeyexp < time() - 900) {
            if ($email == $data[$user]['CONTACT']) {
                $rkey = substr(password_hash("", PASSWORD_DEFAULT), 8, 12);
                $hash = password_hash($rkey, PASSWORD_DEFAULT);
                $v_rkey = tempnam("/tmp", "vst");
                $fp = fopen($v_rkey, "w");
                fwrite($fp, $hash."\n");
                fclose($fp);
                exec(HESTIA_CMD . "v-change-user-rkey ".$v_user." ".$v_rkey."", $output, $return_var);
                unset($output);
                unlink($v_rkey);
                $name = $data[$user]['NAME'];
                $contact = $data[$user]['CONTACT'];
                $to = $data[$user]['CONTACT'];
                $subject = sprintf(_('MAIL_RESET_SUBJECT'), date("Y-m-d H:i:s"));
                $hostname = get_hostname();
                if ($check == true){
                    $from = "noreply@".$hostname;
                    $from_name = _('Hestia Control Panel');
                    if (!empty($name)) {
                        $mailtext = sprintf(_('GREETINGS_GORDON'), $name);
                    } else {
                        $mailtext = _('GREETINGS');
                    }
                    $mailtext .= sprintf(_('PASSWORD_RESET_REQUEST'), $_SERVER['HTTP_HOST'], $user, $rkey, $_SERVER['HTTP_HOST'], $user, $rkey);
                        if (!empty($rkey)) {
                            send_email($to, $subject, $mailtext, $from, $from_name, $data[$user]['NAME']);
                        }
                        header("Location: /reset/?action=code&user=".$_POST['user']);
                        exit;
                }

            }
        } else {
            $ERROR = "<a class=\"error\">"._('Please wait 15 minutes before sending a new request')."</a>";
        }
    }
    unset($output);
}

if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password']))) {
    // Check token
    verify_csrf($_POST);
    if ($_POST['password'] == $_POST['password_confirm']) {
        $v_user = quoteshellarg($_POST['user']);
        $user = $_POST['user'];
        exec(HESTIA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
        if ($return_var == 0) {
            $data = json_decode(implode('', $output), true);
            $rkey = $data[$user]['RKEY'];
            if (password_verify($_POST['code'], $rkey)) {
                unset($output);
                exec(HESTIA_CMD . "v-get-user-value ".$v_user." RKEYEXP", $output, $return_var);
                if ($output[0] > time() - 900) {
                    $v_password = tempnam("/tmp", "vst");
                    $fp = fopen($v_password, "w");
                    fwrite($fp, $_POST['password']."\n");
                    fclose($fp);
                    exec(HESTIA_CMD . "v-change-user-password ".$v_user." ".$v_password, $output, $return_var);
                    unlink($v_password);
                    if ($return_var > 0) {
                        sleep(5);
                        $ERROR = "<a class=\"error\">"._('An internal error occurred')."</a>";
                    } else {
                        $_SESSION['user'] = $_POST['user'];
                        header("Location: /");
                        exit;
                    }
                } else {
                    sleep(5);
                    $ERROR = "<a class=\"error\">"._('Code has been expired')."</a>";
                    exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Reset code has been expired"', $output, $return_var);
                }
            } else {
                sleep(5);
                $ERROR = "<a class=\"error\">"._('Invalid username or code')."</a>";
                exec(HESTIA_CMD . 'v-log-user-login ' . $v_user . ' ' . $v_ip . ' failed ' . $v_session_id . ' ' . $v_user_agent .' yes "Invalid Username or Code"', $output, $return_var);
            }
        } else {
            sleep(5);
            $ERROR = "<a class=\"error\">"._('Invalid username or code')."</a>";
        }
    } else {
        $ERROR = "<a class=\"error\">"._('Passwords not match')."</a>";
    }
}

if (empty($_GET['action'])) {
    require_once '../templates/header.html';
    require_once '../templates/pages/login/reset_1.html';
} else {
    require_once '../templates/header.html';
    if ($_GET['action'] == 'code') {
        require_once '../templates/pages/login/reset_2.html';
    }
    if (($_GET['action'] == 'confirm') && (!empty($_GET['code']))) {
        require_once '../templates/pages/login/reset_3.html';
    }
}