Merge pull request hestiacp#1298 from hestiacp/fix/2020-10-unlink_temp_file

Unlink hashed temp file

Author: Kristan Kenney

web/reset/index.php

@@ -20,16 +20,15 @@
         $data = json_decode(implode('', $output), true);
         if($email == $data[$user]['CONTACT']){
             //genrate new rkey
-            $rkey = substr( password_hash( 'hestiacp', PASSWORD_DEFAULT ), 5, 12 );
+            $rkey = substr( password_hash( rand(0,10), PASSWORD_DEFAULT ), 5, 12 );
             $hash = password_hash($rkey, PASSWORD_DEFAULT);
             $v_rkey = tempnam("/tmp","vst");
             $fp = fopen($v_rkey, "w");
             fwrite($fp, $hash."\n");
             fclose($fp);
             exec ("/usr/bin/sudo /usr/local/hestia/bin/v-change-user-rkey ".$v_user." ".$v_rkey."", $output, $return_var);
             unset($output);
-            exec ($cmd." ".$v_user." json", $output, $return_var);
-            $data = json_decode(implode('', $output), true);
+            unlink($v_rkey);
             $name = $data[$user]['NAME'];
             $contact = $data[$user]['CONTACT'];
             $to = $data[$user]['CONTACT'];