password reset support for rouncube webmail

serghey-rodin · serghey-rodin · commit eb40d641326e · 2012-12-28T11:39:01.000+02:00
diff --git a/bin/v-get-mail-account-value b/bin/v-get-mail-account-value
@@ -0,0 +1,49 @@
+#!/bin/bash
+# info: get mail account value
+# options: user domain account key
+#
+# The function for getting a certain mail account parameter.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument defenition
+user=$1
+domain=$(idn -t --quiet -u "$2" )
+domain_idn=$(idn -t --quiet -a "$domain")
+account=$3
+key=$(echo "$4"| tr '[:lower:]' '[:upper:]'|sed -e "s/^/$/")
+
+# Includes
+source $VESTA/func/main.sh
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'user domain key'
+validate_format 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_valid 'mail' 'DOMAIN' "$domain"
+is_object_valid "mail/$domain" 'ACCOUNT' "$account"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Print
+get_object_value "mail/$domain" 'ACCOUNT' "$account" "$key"
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$EVENT"
+
+exit 
diff --git a/bin/v-get-mail-domain-value b/bin/v-get-mail-domain-value
@@ -0,0 +1,47 @@
+#!/bin/bash
+# info: get mail domain value
+# options: user domain key
+#
+# The function for getting a certain mail domain parameter.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument defenition
+user=$1
+domain=$(idn -t --quiet -u "$2" )
+domain_idn=$(idn -t --quiet -a "$domain")
+key=$(echo "$3"| tr '[:lower:]' '[:upper:]'|sed -e "s/^/$/")
+
+# Includes
+source $VESTA/func/main.sh
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '3' "$#" 'user domain key'
+validate_format 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_valid 'mail' 'DOMAIN' "$domain"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Print
+get_object_value 'mail' 'DOMAIN' "$domain" "$key"
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$EVENT"
+
+exit 
diff --git a/bin/v-search-domain-owner b/bin/v-search-domain-owner
@@ -0,0 +1,55 @@
+#!/bin/bash
+# info: search domain owner
+# options: domain [type]
+#
+# The function that allows to find user objects.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument defenition
+domain=$(idn -t --quiet -u "$1" )
+type=${2-any}
+
+# Includes
+source $VESTA/func/main.sh
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'domain [type]'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Define conf 
+case $type in
+    web)    conf="$VESTA/data/users/*/web.conf" ;;
+    dns)    conf="$VESTA/data/users/*/dns.conf" ;;
+    mail)   conf="$VESTA/data/users/*/mail.conf" ;;
+    *)      conf="$VESTA/data/users/*/*.conf"
+esac
+
+
+owner=$(grep "DOMAIN='$domain'" $conf | head -n 1 | cut -f7 -d '/')
+if [ -z "$owner" ]; then
+    exit $E_NOTEXIST
+fi
+
+echo $owner
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+#log_event "$OK" "$EVENT"
+
+exit
diff --git a/web/inc/main.php b/web/inc/main.php
@@ -1,6 +1,6 @@
 <?php
 // Check user session
-if (!isset($_SESSION['user'])) {
+if ((!isset($_SESSION['user'])) && (!isset($api_mode))) {
     $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
     header("Location: /login/");
     exit;
diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php
@@ -0,0 +1,154 @@
+<?php
+// Init
+error_reporting(NULL);
+$api_mode = true;
+
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+//
+// sourceforge.net/projects/postfixadmin/
+// md5crypt 
+// Action: Creates MD5 encrypted password
+// Call: md5crypt (string cleartextpassword)
+//
+
+function md5crypt ($pw, $salt="", $magic="")
+{
+    $MAGIC = "$1$";
+
+    if ($magic == "") $magic = $MAGIC;
+    if ($salt == "") $salt = create_salt ();
+    $slist = explode ("$", $salt);
+    if ($slist[0] == "1") $salt = $slist[1];
+
+    $salt = substr ($salt, 0, 8);
+    $ctx = $pw . $magic . $salt;
+    $final = hex2bin (md5 ($pw . $salt . $pw));
+
+    for ($i=strlen ($pw); $i>0; $i-=16)
+    {
+        if ($i > 16)
+        {
+            $ctx .= substr ($final,0,16);
+        }
+        else
+        {
+            $ctx .= substr ($final,0,$i);
+        }
+    }
+    $i = strlen ($pw);
+
+    while ($i > 0)
+    {
+        if ($i & 1) $ctx .= chr (0);
+        else $ctx .= $pw[0];
+        $i = $i >> 1;
+    }
+    $final = hex2bin (md5 ($ctx));
+
+    for ($i=0;$i<1000;$i++)
+    {
+        $ctx1 = "";
+        if ($i & 1)
+        {
+            $ctx1 .= $pw;
+        }
+        else
+        {
+            $ctx1 .= substr ($final,0,16);
+        }
+        if ($i % 3) $ctx1 .= $salt;
+        if ($i % 7) $ctx1 .= $pw;
+        if ($i & 1)
+        {
+            $ctx1 .= substr ($final,0,16);
+        }
+        else
+        {
+            $ctx1 .= $pw;
+        }
+        $final = hex2bin (md5 ($ctx1));
+    }
+    $passwd = "";
+    $passwd .= to64 (((ord ($final[0]) << 16) | (ord ($final[6]) << 8) | (ord ($final[12]))), 4);
+    $passwd .= to64 (((ord ($final[1]) << 16) | (ord ($final[7]) << 8) | (ord ($final[13]))), 4);
+    $passwd .= to64 (((ord ($final[2]) << 16) | (ord ($final[8]) << 8) | (ord ($final[14]))), 4);
+    $passwd .= to64 (((ord ($final[3]) << 16) | (ord ($final[9]) << 8) | (ord ($final[15]))), 4);
+    $passwd .= to64 (((ord ($final[4]) << 16) | (ord ($final[10]) << 8) | (ord ($final[5]))), 4);
+    $passwd .= to64 (ord ($final[11]), 2);
+    return "$magic$salt\$$passwd";
+}
+
+
+//
+// sourceforge.net/projects/postfixadmin/
+// to64
+//
+
+function to64 ($v, $n)
+{
+    $ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    $ret = "";
+    while (($n - 1) >= 0)
+    {
+        $n--;
+        $ret .= $ITOA64[$v & 0x3f];
+        $v = $v >> 6;
+    }
+    return $ret;
+}
+
+
+// Check arguments
+if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST['new']))) {
+    list($v_account, $v_domain) = explode('@', $_POST['email']);
+    $v_domain = escapeshellarg($v_domain);
+    $v_account = escapeshellarg($v_account);
+    $password = $_POST['password'];
+    $new = escapeshellarg($_POST['new']);
+
+    // Get domain owner
+    exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var);
+    if ($return_var == 0) {
+        $v_user = $output[0];
+    }
+    unset($output);
+
+    // Get current md5 hash
+    if (!empty($v_user)) {
+        exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var);
+        if ($return_var == 0) {
+            $v_hash = $output[0];
+        }
+    }
+    unset($output);
+
+    // Compare hashes
+    if (!empty($v_hash)) {
+        $salt = explode('$', $v_hash);
+        $n_hash = md5crypt($password, $salt[2]);
+        $n_hash = '{MD5}'.$n_hash;
+
+        // Change password
+        if ( $v_hash == $n_hash ) {
+            exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$new, $output, $return_var);
+            $fp = fopen('/tmp/vst.log', 'w');
+            fwrite($fp, "Owner: ".$v_user."\n");
+            fwrite($fp, "Hash:  ".$v_hash."\n");
+            fwrite($fp, "New:   ".$n_hash."\n");
+            fwrite($fp, "Salt : ".$salt[2]."\n");
+            fwrite($fp, "Password: ".$password."\n");
+            fwrite($fp, "Return:   ".$return_var."\n");
+            fclose($fp);
+
+            if ($return_var == 0) {
+                echo "ok";
+                exit;
+            }
+        }
+    }
+}
+
+echo 'error';
+
+exit;
