/scp/pwreset.php

https://github.com/c1sc0guy/osTicket-1.8 · PHP · 81 lines · 56 code · 2 blank · 23 comment · 10 complexity · 0913b5731a68fbb9075f361a748d70b3 MD5 · raw file 

    

  1. <?php
    2. 

  2. /*********************************************************************
    3. 

  3.     pwreset.php
    4. 

    5. 

  5.     Handles step 2, 3 and 5 of password resetting
    6. 

  6.         1. Fail to login (2+ fail login attempts)
    7. 

  7.         2. Visit password reset form and enter username or email
    8. 

  8.         3. Receive an email with a link and follow it
    9. 

  9.         4. Visit password reset form again, with the link
    10. 

  10.         5. Enter the username or email address again and login
    11. 

  11.         6. Password change is now required, user changes password and
    12. 

  12.            continues on with the session
    13. 

    14. 

  14.     Peter Rotich <peter@osticket.com>
    15. 

  15.     Jared Hancock <jared@osticket.com>
    16. 

  16.     Copyright (c)  2006-2013 osTicket
    17. 

  17.     http://www.osticket.com
    18. 

    19. 

  19.     Released under the GNU General Public License WITHOUT ANY WARRANTY.
    20. 

  20.     See LICENSE.TXT for details.
    21. 

    22. 

  22.     vim: expandtab sw=4 ts=4 sts=4:
    23. 

  23. **********************************************************************/
    24. 

  24. require_once('../main.inc.php');
    25. 

  25. if(!defined('INCLUDE_DIR')) die('Fatal Error. Kwaheri!');
    26. 

  26. 

  27. require_once(INCLUDE_DIR.'class.staff.php');
    28. 

  28. require_once(INCLUDE_DIR.'class.csrf.php');
    29. 

  29. 

  30. $tpl = 'pwreset.php';
    31. 

  31. if($_POST) {
    32. 

  32.     if (!$ost->checkCSRFToken()) {
    33. 

  33.         Http::response(400, 'Valid CSRF Token Required');
    34. 

  34.         exit;
    35. 

  35.     }
    36. 

  36.     switch ($_POST['do']) {
    37. 

  37.         case 'sendmail':
    38. 

  38.             if (($staff=Staff::lookup($_POST['userid']))) {
    39. 

  39.                 if (!$staff->hasPassword()) {
    40. 

  40.                     $msg = 'Unable to reset password. Contact your administrator';
    41. 

  41.                 }
    42. 

  42.                 elseif (!$staff->sendResetEmail()) {
    43. 

  43.                     $tpl = 'pwreset.sent.php';
    44. 

  44.                 }
    45. 

  45.             }
    46. 

  46.             else
    47. 

  47.                 $msg = 'Unable to verify username '
    48. 

  48.                     .Format::htmlchars($_POST['userid']);
    49. 

  49.             break;
    50. 

  50.         case 'newpasswd':
    51. 

  51.             // TODO: Compare passwords
    52. 

  52.             $tpl = 'pwreset.login.php';
    53. 

  53.             $errors = array();
    54. 

  54.             if ($staff = StaffAuthenticationBackend::processSignOn($errors)) {
    55. 

  55.                 $info = array('page' => 'index.php');
    56. 

  56.                 Http::redirect($info['page']);
    57. 

  57.             }
    58. 

  58.             elseif (isset($errors['msg'])) {
    59. 

  59.                 $msg = $errors['msg'];
    60. 

  60.             }
    61. 

  61.             break;
    62. 

  62.     }
    63. 

  63. }
    64. 

  64. elseif ($_GET['token']) {
    65. 

  65.     $msg = 'Re-enter your username or email';
    66. 

  66.     $_config = new Config('pwreset');
    67. 

  67.     if (($id = $_config->get($_GET['token']))
    68. 

  68.             && ($staff = Staff::lookup($id)))
    69. 

  69.         $tpl = 'pwreset.login.php';
    70. 

  70.     else
    71. 

  71.         header('Location: index.php');
    72. 

  72. }
    73. 

  73. elseif ($cfg->allowPasswordReset()) {
    74. 

  74.     $msg = 'Enter your username or email address below';
    75. 

  75. }
    76. 

  76. else {
    77. 

  77.     $_SESSION['_staff']['auth']['msg']='Password resets are disabled';
    78. 

  78.     return header('Location: index.php');
    79. 

  79. }
    80. 

  80. define("OSTSCPINC",TRUE); //Make includes happy!
    81. 

  81. include_once(INCLUDE_DIR.'staff/'. $tpl);
    82.