PageRenderTime 39ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/poweradmin-2.1.6/reset_password.php

#
PHP | 126 lines | 73 code | 26 blank | 27 comment | 12 complexity | 0f4328f6b5d99a8938666cb6826da2ed MD5 | raw file
Possible License(s): GPL-3.0 
    

  1. <?php
    2. 

  2. 

  3. /*  Poweradmin, a friendly web-based admin tool for PowerDNS.
    4. 

  4.  *  See <https://www.poweradmin.org> for more details.
    5. 

  5.  *
    6. 

  6.  *  Copyright 2007-2010  Rejo Zenger <rejo@zenger.nl>
    7. 

  7.  *  Copyright 2010-2012  Poweradmin Development Team
    8. 

  8.  *      <https://www.poweradmin.org/trac/wiki/Credits>
    9. 

  9.  *
    10. 

  10.  *  This program is free software: you can redistribute it and/or modify
    11. 

  11.  *  it under the terms of the GNU General Public License as published by
    12. 

  12.  *  the Free Software Foundation, either version 3 of the License, or
    13. 

  13.  *  (at your option) any later version.
    14. 

  14.  *
    15. 

  15.  *  This program is distributed in the hope that it will be useful,
    16. 

  16.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
    17. 

  17.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    18. 

  18.  *  GNU General Public License for more details.
    19. 

  19.  *
    20. 

  20.  *  You should have received a copy of the GNU General Public License
    21. 

  21.  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
    22. 

  22.  */
    23. 

  23. 

  24. /* Disable reset password functionality, because of improper implementation.
    25. 

  25.     If you know admin or any other user email, then you initiate password change
    26. 

  26.     to some random which will be send to him by email, but that can be done
    27. 

  27.     by some malicious user or some script, which can reset password every sec. */
    28. 

  28. exit;
    29. 

  29. 

  30. session_start();
    31. 

  31. 

  32. /* TODO: reimplement displaying of errors/messages */
    33. 

  33. function error($msg) {
    34. 

  34.     if ($msg) {
    35. 

  35.         echo "     <div class=\"error\">Error: " . $msg . "</div>\n";
    36. 

  36.     } else {
    37. 

  37.         echo "     <div class=\"error\">" . _('An unknown error has occurred.') . "</div>\n";
    38. 

  38.     }
    39. 

  39. }
    40. 

  40. 

  41. include_once("inc/error.inc.php");
    42. 

  42. include_once("inc/config-me.inc.php");
    43. 

  43. if(!@include_once("inc/config.inc.php"))
    44. 

  44. {
    45. 

  45.         error( _('You have to create a config.inc.php!') );
    46. 

  46. }
    47. 

  47. 

  48. require_once("inc/database.inc.php");
    49. 

  49. // Generates $db variable to access database.
    50. 

  50. $db = dbConnect();
    51. 

  51. 

  52. if(isset($_POST['submit']) && $_POST['submit']) {
    53. 

  53. 

  54.         global $db;
    55. 

  55. 	$email = $_POST['emailaddr'];
    56. 

  56.         $query = "SELECT id, password, email FROM users WHERE email = " . $db->quote($email, 'text');
    57. 

  57.         $response = $db->query($query);
    58. 

  58.         if (PEAR::isError($response)) { error($response->getMessage()); return false; }
    59. 

  59. 

  60.         $rinfo = $response->fetchRow();
    61. 

  61. 

  62.         if(isset($rinfo['email'])) {
    63. 

  63. 		$newpass = mt_rand();
    64. 

  64.                 $query = "UPDATE users SET password = " . $db->quote(md5($newpass), 'text') . " WHERE id = " . $db->quote($rinfo['id'], 'integer') ;
    65. 

  65.                 $response = $db->query($query);
    66. 

  66.                 if (PEAR::isError($response)) { error($response->getMessage()); return false; }
    67. 

  67. 

  68. 

  69. 		$to = $rinfo['email'];
    70. 

  70. 		$subject = "Password Reset";
    71. 

  71. 		$headers = "From: Poweradmin";
    72. 

  72. 		$body = "New Password: ".$newpass."
    73. 

  73. 		";
    74. 

  74. 		$mail_sent = @mail($to, $subject, $body, $headers);
    75. 

  75. 		
    76. 

  76. 

  77. 		echo "A new password has been emailed to the registered email address. <a href='index.php'>(Return to login)</a>";
    78. 

  78. //                logout( _('Password has been changed, please login.'), 'success');
    79. 

  79. 

  80. 		
    81. 

  81.         } else {
    82. 

  82.                 error(ERR_USER_WRONG_CURRENT_PASS);
    83. 

  83.                 return false;
    84. 

  84.         }
    85. 

  85. }
    86. 

  86. 

  87. 

  88. global $iface_style;
    89. 

  89. global $iface_title;
    90. 

  90. global $ignore_install_dir;
    91. 

  91. 

  92. echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
    93. 

  93. echo "<html>\n";
    94. 

  94. echo " <head>\n";
    95. 

  95. echo "  <title>" . $iface_title ."</title>\n";
    96. 

  96. echo "  <link rel=stylesheet href=\"style/" . $iface_style . ".css\" type=\"text/css\">\n";
    97. 

  97. echo "  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n";
    98. 

  98. echo " </head>\n";
    99. 

  99. echo " <body>\n";
    100. 

  100. 

  101. 

  102. if (! function_exists('session_start')) die(error('You have to install PHP session extension!'));
    103. 

  103. if (! function_exists('_')) die(error('You have to install PHP gettext extension!'));
    104. 

  104. if (! function_exists('mcrypt_encrypt')) die(error('You have to install PHP mcrypt extension!'));
    105. 

  105. 

  106. 

  107. echo "    <h2>" . _('Reset Password') . "</h2>\n";
    108. 

  108. echo "    <form method=\"post\" action=\"reset_password.php\">\n";
    109. 

  109. echo "     <table border=\"0\" cellspacing=\"4\">\n";
    110. 

  110. echo "      <tr>\n";
    111. 

  111. echo "       <td class=\"n\">" . _('Registered Email Address') . ":</td>\n";
    112. 

  112. echo "       <td class=\"n\"><input type=\"text\" class=\"input\" name=\"emailaddr\" value=\"\"></td>\n";
    113. 

  113. echo "      </tr>\n";
    114. 

  114. echo "      <tr>\n";
    115. 

  115. echo "       <td class=\"n\">&nbsp;</td>\n";
    116. 

  116. echo "       <td class=\"n\">\n";
    117. 

  117. echo "        <input type=\"submit\" class=\"button\" name=\"submit\" value=\"" . _('Reset password') . "\">\n";
    118. 

  118. echo "       </td>\n";
    119. 

  119. echo "      </tr>\n";
    120. 

  120. echo "     </table>\n";
    121. 

  121. echo "    </form>\n";
    122. 

  122. 

  123. include_once("inc/footer.inc.php");
    124. 

  124. 

  125. 

  126. ?>
    127. 

  127.