|
29 | 29 | unset($output); |
30 | 30 | exec(HESTIA_CMD . "v-get-user-value " . $v_user . " RKEYEXP", $output, $return_var); |
31 | 31 | $rkeyexp = json_decode(implode("", $output), true); |
32 | | - if ($rkeyexp === null || $rkeyexp < time() - 900) { |
| 32 | + if ($rkeyexp === null || $rkeyexp < time() - 1) { |
33 | 33 | if ($email == $data[$user]["CONTACT"]) { |
34 | 34 | $rkey = substr(password_hash("", PASSWORD_DEFAULT), 8, 12); |
35 | 35 | $hash = password_hash($rkey, PASSWORD_DEFAULT); |
|
49 | 49 | $to = $data[$user]["CONTACT"]; |
50 | 50 | $subject = sprintf(_("MAIL_RESET_SUBJECT"), date("Y-m-d H:i:s")); |
51 | 51 | $hostname = get_hostname(); |
| 52 | + if ($hostname . ":" . $_SERVER["SERVER_PORT"] == $_SERVER["HTTP_HOST"]) { |
| 53 | + $check = true; |
| 54 | + $hostname_email = $hostname; |
| 55 | + } elseif ($hostname_full . ":" . $_SERVER["SERVER_PORT"] == $_SERVER["HTTP_HOST"]) { |
| 56 | + $check = true; |
| 57 | + $hostname_email = $hostname_full; |
| 58 | + } else { |
| 59 | + $check = false; |
| 60 | + $ERROR = "<p class=\"error\">" . _("Invalid host domain") . "</p>"; |
| 61 | + } |
52 | 62 | if ($check == true) { |
53 | 63 | $from = "noreply@" . $hostname; |
54 | 64 | $from_name = _("Hestia Control Panel"); |
|
76 | 86 | $data[$user]["NAME"], |
77 | 87 | ); |
78 | 88 | } |
79 | | - header("Location: /reset/?action=code&user=" . $_POST["user"]); |
80 | | - exit(); |
| 89 | + $ERROR = |
| 90 | + "<p class=\"error\">" . |
| 91 | + _( |
| 92 | + "Password reset instructions have been sent to the email address associated with this account.", |
| 93 | + ) . |
| 94 | + "</p>"; |
81 | 95 | } |
| 96 | + } else { |
| 97 | + # Prevent user enumeration and let hackers guess username and working email |
| 98 | + $ERROR = |
| 99 | + "<p class=\"error\">" . |
| 100 | + _( |
| 101 | + "Password reset instructions have been sent to the email address associated with this account.", |
| 102 | + ) . |
| 103 | + "</p>"; |
82 | 104 | } |
83 | 105 | } else { |
84 | 106 | $ERROR = |
85 | 107 | "<p class=\"error\">" . |
86 | 108 | _("Please wait 15 minutes before sending a new request") . |
87 | 109 | "</p>"; |
88 | 110 | } |
| 111 | + } else { |
| 112 | + # Prevent user enumeration and let hackers guess username and working email |
| 113 | + $ERROR = |
| 114 | + "<p class=\"error\">" . |
| 115 | + _( |
| 116 | + "Password reset instructions have been sent to the email address associated with this account.", |
| 117 | + ) . |
| 118 | + "</p>"; |
89 | 119 | } |
90 | 120 | unset($output); |
91 | 121 | } |
|
0 commit comments