|
1 | 1 | <?php |
2 | 2 |
|
3 | 3 |
|
4 | | -/** |
5 | | - * Change password functionality |
6 | | - */ |
| 4 | +define('VESTA_DIR', dirname(__FILE__) . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR); |
| 5 | +define('V_ROOT_DIR', dirname(__FILE__) . DIRECTORY_SEPARATOR . 'vesta' . DIRECTORY_SEPARATOR); |
| 6 | + |
| 7 | +require_once V_ROOT_DIR . 'config/Config.class.php'; |
| 8 | +require_once V_ROOT_DIR . 'core/utils/Utils.class.php'; |
| 9 | +require_once V_ROOT_DIR . 'core/VestaSession.class.php'; |
| 10 | +require_once V_ROOT_DIR . 'core/Vesta.class.php'; |
| 11 | +require_once V_ROOT_DIR . 'core/exceptions/SystemException.class.php'; |
| 12 | +require_once V_ROOT_DIR . 'core/exceptions/ProtectionException.class.php'; |
| 13 | +require_once V_ROOT_DIR . 'core/utils/Message.class.php'; |
| 14 | +require_once V_ROOT_DIR . 'core/Request.class.php'; |
| 15 | +require_once V_ROOT_DIR . 'api/AjaxHandler.php'; |
| 16 | + |
| 17 | + |
7 | 18 | class ChangePassword |
8 | 19 | { |
9 | 20 |
|
10 | 21 | public function dispatch() |
11 | 22 | { |
12 | | - //print_r($_SERVER); |
13 | 23 | if (empty($_GET['v'])) { |
14 | 24 | return $this->renderError('General error'); |
15 | 25 | } |
16 | 26 |
|
17 | | - $key = $_GET['v']; |
18 | | - $real_key = sha1($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']); |
19 | | - $key_sha1 = substr($key, 0, 10) . substr($key, 20, strlen($key)); |
20 | | - $stamp = substr($key, 10, 10); |
21 | | - $allowed = time() - 60 * 5; // - 5 mins |
22 | | - |
23 | | - if (strcmp($real_key, $key_sha1) != 0) { |
| 27 | + $key = addslashes(htmlspecialchars($_GET['v'])); |
| 28 | + |
| 29 | + $users = Vesta::execute(Vesta::V_LIST_SYS_USERS, 'json'); |
| 30 | + $email_matched_count = array(); |
| 31 | + |
| 32 | + /*if (strcmp($real_key, $key_sha1) != 0) { |
24 | 33 | return $this->renderError('Invalid keys'); |
| 34 | + }*/ |
| 35 | + |
| 36 | + foreach ($users['data'] as $username => $user) { |
| 37 | + if ($user['RKEY'] == trim($key)) { |
| 38 | + $email_matched_count[] = array_merge(array('USERNAME' => $username), $user); |
| 39 | + } |
| 40 | + } |
| 41 | + |
| 42 | + if (isset($_POST['action']) && $_POST['action'] == 'change') { |
| 43 | + return $this->doChangePassword($email_matched_count); |
25 | 44 | } |
26 | 45 |
|
27 | | - /*if ($stamp < $allowed) { |
28 | | - return $this->renderError('Key is expired'); |
29 | | - }*/ |
| 46 | + return $this->showResetForm(); |
| 47 | + } |
| 48 | + |
| 49 | + protected function doChangePassword($users) |
| 50 | + { |
| 51 | + if ($_POST['secret_code'] != $_POST['confirm_secret_code']) { |
| 52 | + return $this->showResetForm('Passwords don\'t match'); |
| 53 | + } |
| 54 | + |
| 55 | + if (strlen($_POST['secret_code']) < 6) { |
| 56 | + return $this->showResetForm('Passwords is too short'); |
| 57 | + } |
| 58 | + |
| 59 | + if (strlen($_POST['secret_code']) > 255) { |
| 60 | + return $this->showResetForm('Passwords is too long'); |
| 61 | + } |
30 | 62 |
|
31 | | - $this->showResetForm(); |
32 | | - print $key_sha1 . "<br />" . $real_key; |
| 63 | + $success = true; |
| 64 | + foreach ($users as $user) { |
| 65 | + $rs = Vesta::execute(Vesta::V_CHANGE_SYS_USER_PASSWORD, array('USER' => $user['USERNAME'], |
| 66 | + 'PASSWORD' => $_POST['secret_code'])); |
| 67 | + if (!$rs) { |
| 68 | + $success = false; |
| 69 | + } |
| 70 | + } |
| 71 | + |
| 72 | + if (!$success) { |
| 73 | + return $this->showResetForm('Something went wrong. Please contact support.'); |
| 74 | + } |
| 75 | + |
| 76 | + return $this->showSuccessTpl(); |
33 | 77 | } |
34 | 78 |
|
35 | | - public function showResetForm() |
| 79 | + public function showSuccessTpl() |
36 | 80 | { |
37 | 81 | print <<<HTML |
38 | | - <form action="" > |
39 | | - <input type="hidden" name="action" value="change" /> |
40 | | - <label>Enter secret code:</label> |
41 | | - <input type="text" name="secret_code" value="" /> |
42 | | - <label>Enter new password:</label> |
43 | | - <input type="text" name="secret_code" value="" /> |
| 82 | +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| 83 | + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"> |
| 84 | + <head> |
| 85 | + <title>Vesta Control Panel</title> |
| 86 | + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
| 87 | + <meta http-equiv="imagetoolbar" content="false" /> |
| 88 | + |
| 89 | + <link rel="shortcut icon" href="images/fav.ico" type="image/x-icon"> |
| 90 | + <link rel="stylesheet" media="all" type="text/css" href="css/reset2.css" /> |
| 91 | + <link rel="stylesheet" media="all" type="text/css" href="css/main.css" /> |
| 92 | + <link rel="stylesheet" media="all" type="text/css" href="css/vesta-login-form.css" /> |
| 93 | +
|
| 94 | + <!--[if lt IE 8]> |
| 95 | + <link rel="stylesheet" type="text/css" href="http://dl.dropbox.com/u/1750887/projects/vesta2/css/ie.css" /> |
| 96 | + <![endif]--> |
| 97 | + </head> |
| 98 | +
|
| 99 | + <body class="page-auth"> |
| 100 | + <div id="change-psw-block" class="page2"> |
| 101 | + <div class="b-auth-form"> |
| 102 | + <div class="b-auth-form-wrap"> |
| 103 | + <img width="72" height="24" alt="" src="/images/vesta-logo-2011-12-14.png" class="vesta-logo"> |
| 104 | + <span style="color: #5E696B; float: right; margin-top: -48px;">~!:VERSION~!</span> |
| 105 | + <div class="b-client-title"> |
| 106 | + <span class="client-title-wrap">Control Panel<i class="planets"> </i></span> |
| 107 | + </div> |
| 108 | + <form id="change_psw-form" method="post" action="" class="auth"> |
| 109 | + <input type="hidden" value="change" name="action"> |
| 110 | +
|
| 111 | + <div class="success-box" id="change-psw-success">Password successfully changed.</div> |
| 112 | +
|
| 113 | + </form> |
| 114 | + <p class="forgot-pwd"> </p> |
| 115 | + <div class="footnotes cc"> |
| 116 | + <p class="additional-info">For questions please contact <a href="mailto:info@vestacp.com" class="questions-url">info@vestacp.com</a></p> |
| 117 | + <address class="imprint">© 2011 Vesta Control Panel</address> |
| 118 | + </div> |
| 119 | + </div> |
| 120 | + </div> |
| 121 | + </div> |
| 122 | + </body> |
| 123 | +</html> |
| 124 | +
|
| 125 | +HTML; |
| 126 | + |
| 127 | + } |
| 128 | + |
| 129 | + public function showResetForm($error_msg = '') |
| 130 | + { |
| 131 | + if (!empty($error_msg)) { |
| 132 | + $error_msg = '<i>'.$error_msg.'</i>'; |
| 133 | + } |
| 134 | + |
| 135 | + print <<<HTML |
| 136 | +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| 137 | + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"> |
| 138 | + <head> |
| 139 | + <title>Vesta Control Panel</title> |
| 140 | + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
| 141 | + <meta http-equiv="imagetoolbar" content="false" /> |
| 142 | + |
| 143 | + <link rel="shortcut icon" href="images/fav.ico" type="image/x-icon"> |
| 144 | + <link rel="stylesheet" media="all" type="text/css" href="css/reset2.css" /> |
| 145 | + <link rel="stylesheet" media="all" type="text/css" href="css/main.css" /> |
| 146 | + <link rel="stylesheet" media="all" type="text/css" href="css/vesta-login-form.css" /> |
| 147 | +
|
| 148 | + <!--[if lt IE 8]> |
| 149 | + <link rel="stylesheet" type="text/css" href="http://dl.dropbox.com/u/1750887/projects/vesta2/css/ie.css" /> |
| 150 | + <![endif]--> |
| 151 | + </head> |
| 152 | +
|
| 153 | + <body class="page-auth"> |
| 154 | + <div id="change-psw-block" class="page2"> |
| 155 | + <div class="b-auth-form"> |
| 156 | + <div class="b-auth-form-wrap"> |
| 157 | + <img width="72" height="24" alt="" src="/images/vesta-logo-2011-12-14.png" class="vesta-logo"> |
| 158 | + <span style="color: #5E696B; float: right; margin-top: -48px;">~!:VERSION~!</span> |
| 159 | + <div class="b-client-title"> |
| 160 | + <span class="client-title-wrap">Control Panel<i class="planets"> </i></span> |
| 161 | + </div> |
| 162 | + <form id="change_psw-form" method="post" action="" class="auth"> |
| 163 | + <input type="hidden" value="change" name="action"> |
| 164 | +
|
| 165 | + <div class="form-row cc"> |
| 166 | + <label for="password" class="field-label">New Password</label> |
| 167 | + <input type="password" tabindex="1" id="password" class="field-text" name="secret_code"> |
| 168 | + </div> |
| 169 | +
|
| 170 | + <div class="form-row cc"> |
| 171 | + <label for="confirm_password" class="field-label">ONE MORE TIME</label> |
| 172 | + <input type="password" tabindex="1" id="confirm_password" class="field-text" name="confirm_secret_code"> |
| 173 | + </div> |
| 174 | +
|
| 175 | + <div class="form-row cc last-row"> |
| 176 | + <input type="submit" tabindex="4" value="Change Password" class="sumbit-btn"> |
| 177 | + </div> |
| 178 | + </form> |
| 179 | + <p class="forgot-pwd"> </p> |
| 180 | + <div class="footnotes cc"> |
| 181 | + <p class="additional-info">For questions please contact <a href="mailto:info@vestacp.com" class="questions-url">info@vestacp.com</a></p> |
| 182 | + <address class="imprint">© 2011 Vesta Control Panel</address> |
| 183 | + </div> |
| 184 | + </div> |
| 185 | + </div> |
| 186 | + </div> |
| 187 | + </body> |
| 188 | +</html> |
| 189 | +
|
| 190 | +<!-- |
| 191 | +
|
| 192 | + <center> |
| 193 | + vesta password reset form |
| 194 | + <hr /> |
| 195 | + {$error_msg} |
| 196 | + <form action="" method="POST"> |
| 197 | + <table> |
| 198 | + <tr> |
| 199 | + <td> |
| 200 | + <input type="hidden" name="action" value="change" /> |
| 201 | + <label>Enter secret code:</label> |
| 202 | + </td> |
| 203 | + <td> |
| 204 | + <input type="password" name="secret_code" value="" /> |
| 205 | + </td> |
| 206 | + </tr> |
| 207 | + <tr> |
| 208 | + <td> |
| 209 | + <label>Enter new password:</label> |
| 210 | + </td> |
| 211 | + <td> |
| 212 | + <input type="password" name="confirm_secret_code" value="" /> |
| 213 | + </td> |
| 214 | + </tr> |
| 215 | + <tr> |
| 216 | + <td colspan="2"> |
| 217 | + <input type="submit" name="Apply" /> |
| 218 | + </td> |
| 219 | + </tr> |
| 220 | + </table> |
44 | 221 | </form> |
| 222 | + </center> --> |
| 223 | +
|
45 | 224 | HTML; |
46 | 225 |
|
47 | 226 | } |
|
0 commit comments