Added function to reset password in node

This commit is contained in:
Arturo Gonzalez 2017-04-20 10:59:32 +02:00
parent 4a4f52c459
commit 727bd095f5
5 changed files with 363 additions and 57 deletions

View File

@ -267,7 +267,7 @@ echo '<div id="ver_num">'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Bui
echo '</div>';
if ($mail != "") {
if ($email_error_message == '') {
if ($process_error_message == '') {
echo '<div id="reset_correct" title="' . __('Password reset') . '">';
echo '<div class="content_alert">';
echo '<div class="icon_message_alert">';
@ -294,7 +294,7 @@ if ($mail != "") {
echo '<div class="content_message_alert">';
echo '<div class="text_message_alert">';
echo '<h1>' . __('ERROR') . '</h1>';
echo '<p>' . $email_error_message . '</p>';
echo '<p>' . $process_error_message . '</p>';
echo '</div>';
echo '<div class="button_message_alert">';
html_print_submit_button("Ok", 'reset_correct_button', false);
@ -305,6 +305,25 @@ if ($mail != "") {
}
}
if ($correct_reset_pass_process != "") {
echo '<div id="final_process_correct" title="' . __('Password reset') . '">';
echo '<div class="content_alert">';
echo '<div class="icon_message_alert">';
echo html_print_image('images/icono_logo_pandora.png', true, array("alt" => __('Password reset'), "border" => 0));
echo '</div>';
echo '<div class="content_message_alert">';
echo '<div class="text_message_alert">';
echo '<h1>' . __('SUCCESS') . '</h1>';
echo '<p>' . $correct_reset_pass_process . '</p>';
echo '</div>';
echo '<div class="button_message_alert">';
html_print_submit_button("Ok", 'final_process_correct_button', false);
echo '</div>';
echo '</div>';
echo '</div>';
echo '</div>';
}
if (isset ($login_failed)) {
echo '<div id="login_failed" title="' . __('Login failed') . '">';
echo '<div class="content_alert">';
@ -579,5 +598,26 @@ html_print_div(array('id' => 'forced_title_layer', 'class' => 'forced_title_laye
$("#reset_correct").dialog('close');
});
});
$(document).ready (function () {
$(function() {
$("#final_process_correct").dialog({
resizable: true,
draggable: true,
modal: true,
height: 220,
width: 528,
clickOutside: true,
overlay: {
opacity: 0.5,
background: "black"
}
});
});
$("#submit-final_process_correct_button").click (function () {
$("#final_process_correct").dialog('close');
});
});
/* ]]> */
</script>

View File

@ -0,0 +1,196 @@
<?php
// Pandora FMS - http://pandorafms.com
// ==================================================
// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas
// Please see http://pandorafms.org for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
if (isset($config["homedir"])) {
$homedir = $config["homedir"] . '/';
}
else {
$homedir = '';
}
require_once($homedir . 'include/config.php');
require_once($homedir . 'include/functions_config.php');
include_once($homedir . 'include/functions_ui.php');
include_once($homedir . 'include/functions_users.php');
include_once($homedir . 'include/functions.php');
include_once($homedir . 'include/functions_html.php');
$login_body_style = '';
// Overrides the default background with the defined by the user
if (!empty($config['login_background'])) {
$background_url = "../../images/backgrounds/" . $config['login_background'];
$login_body_style = "style=\"background-image: url('$background_url');\"";
}
echo '<div id="login_body" ' . $login_body_style . '>';
echo '<div id="header_login">';
echo '<div id="icon_custom_pandora">';
if (defined ('PANDORA_ENTERPRISE')) {
if(isset ($config['custom_logo'])){
echo '<img src="images/custom_logo/' . $config['custom_logo'] .'" alt="pandora_console">';
}
else{
echo '<img src="images/custom_logo/logo_login_consola.png" alt="pandora_console">';
}
}
else{
echo '<img src="images/custom_logo/pandora_logo_head_3.png" alt="pandora_console">';
}
echo '</div>';
echo '<div id="list_icon_docs_support"><ul>';
echo '<li><a href="http://wiki.pandorafms.com/" target="_blank"><img src="images/icono_docs.png" alt="docs pandora"></a></li>';
echo '<li>' . __('Docs') . '</li>';
echo '<li id="li_margin_left"><a href="https://pandorafms.com/monitoring-services/support/" target="_blank"><img src="images/icono_support.png" alt="support pandora"></a></li>';
echo '<li>' . __('Support') . '</li>';
echo '</ul></div>';
echo '</div>';
echo '<div class="container_login">';
echo '<div class="login_page">';
echo '<form method="post" action="' . ui_get_full_url('index.php?correct_pass_change=true') . '"><div class="login_logo_icon">';
echo '<a href="' . $logo_link . '">';
if (defined ('METACONSOLE')) {
if (!isset ($config["custom_logo_login"])){
html_print_image ("images/custom_logo_login/login_logo.png", false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true);
}
else{
html_print_image ("images/custom_logo_login/".$config['custom_logo_login'], false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true);
}
}
else if (defined ('PANDORA_ENTERPRISE')) {
if (!isset ($config["custom_logo_login"])){
html_print_image ("enterprise/images/custom_logo_login/login_logo_v7.png", false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true);
}
else{
html_print_image ("enterprise/images/custom_logo_login/".$config['custom_logo_login'], false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true);
}
}
else {
if (!isset ($config["custom_logo_login"]) || $config["custom_logo_login"] == 0){
html_print_image ("images/custom_logo_login/pandora_logo.png", false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true);
}
else{
html_print_image ("images/custom_logo_login/".$config['custom_logo_login'], false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true);
}
echo "<br><span style='font-size:120%;color:white;top:10px;position:relative;'>Community edition</span>";
}
echo '</a></div>';
echo '<div class="login_pass">';
echo '<div>';
html_print_image ("/images/candado_login.png", false);
echo '</div>';
html_print_input_text_extended ("pass1", '', "pass1", '', '', '' ,false,
'', 'autocomplete="off" placeholder="'.__('New Password').'"', false, true);
echo '</div>';
echo '<div class="login_pass">';
echo '<div>';
html_print_image ("/images/candado_login.png", false);
echo '</div>';
html_print_input_text_extended ("pass2", '', "pass2", '', '', '' ,false,
'', 'autocomplete="off" placeholder="'.__('Repeat password').'"', false, true);
echo '</div>';
echo '<div id="reset_pass_button" style="display:none;" class="login_button">';
html_print_submit_button(__("Change password"), "login_button", false, 'class="sub next_login"');
echo '</div>';
echo '<div id="error_pass_message" style="display:none; text-align:center;">';
html_print_label(__("Passwords must be the same"), "error_pass_label", false, array('style' => 'font-size:12pt; color:red;'));
echo '</div>';
html_print_input_hidden('id_user', $id_user);
echo '</form>';
echo '<form method="post" action="' . ui_get_full_url('index.php') . '">';
echo '<div class="login_button">';
html_print_submit_button(__("Back to login"), "login_button", false, 'class="sub next_login"');
echo '</div>';
echo '</form></div>';
echo '<div style="float:right;" class="login_data">';
echo '<div class ="text_banner_login">';
echo '<div><span class="span1">';
if(defined ('PANDORA_ENTERPRISE')){
if($config['custom_title1_login']){
echo strtoupper(io_safe_output($config['custom_title1_login']));
}
else{
echo __('WELCOME TO PANDORA FMS');
}
}
else{
echo __('WELCOME TO PANDORA FMS');
}
echo '</span></div>';
echo '<div><span class="span2">';
if(defined ('PANDORA_ENTERPRISE')){
if($config['custom_title2_login']){
echo strtoupper(io_safe_output($config['custom_title2_login']));
}
else{
echo __('NEXT GENERATION');
}
}
else{
echo __('NEXT GENERATION');
}
echo '</span></div>';
echo '</div>';
echo '<div class ="img_banner_login">';
if (defined ('PANDORA_ENTERPRISE')) {
if(isset($config['custom_splash_login'])){
html_print_image ("enterprise/images/custom_splash_login/".$config['custom_splash_login'], false, array ( "alt" => "splash", "border" => 0, "title" => $splash_title), false, true);
}
else{
html_print_image ("enterprise/images/custom_splash_login/splash_image_default.png", false, array ("alt" => "logo", "border" => 0, "title" => $splash_title), false, true);
}
}
else{
html_print_image ("images/splash_image_default.png", false, array ("alt" => "logo", "border" => 0, "title" => $splash_title), false, true);
}
echo '</div>';
echo '</div>';
echo '</div>';
echo '</div>';
echo '<div id="ver_num">'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : '') . '</div>';
echo '</div>';
ui_require_css_file ('dialog');
ui_require_css_file ('jquery-ui-1.10.0.custom');
ui_require_jquery_file('jquery-ui-1.10.0.custom');
?>
<script type="text/javascript" language="javascript">
$(document).ready (function () {
$('#pass2').on('input', function(e) {
var pass1 = $('#pass1').val();
var pass2 = $('#pass2').val();
if (pass1 != pass2) {
$("#reset_pass_button").css('display', 'none');
$("#error_pass_message").css('display', '');
}
else {
$("#reset_pass_button").css('display', '');
$("#error_pass_message").css('display', 'none');
}
});
});
</script>

View File

@ -2758,10 +2758,19 @@ function send_email_to_user ($to, $body, $subject) {
catch (Exception $e) {
error_log($e->getMessage());
db_pandora_audit("Pandora mail", $e->getMessage());
html_debug($e->getMessage(), true);
}
return $result;
}
function send_token_to_db ($id_user, $cod_hash) {
db_process_sql_delete('treset_pass', array('id_user' => $id_user));
$values = array();
$values['id_user'] = $id_user;
$values['cod_hash'] = $cod_hash;
$values['reset_time'] = time();
db_process_sql_insert('treset_pass', $values);
}
?>

View File

@ -2040,6 +2040,9 @@ function html_print_label ($text, $id, $return = false, $options = false) {
if ($options) {
if (isset ($options['class']))
$output .= 'class="'.$options['class'].'" ';
if (isset ($options['style']))
$output .= 'style="'.$options['style'].'" ';
}
$output .= 'for="'.$id.'" >';

View File

@ -547,77 +547,135 @@ if (! isset ($config['id_user'])) {
}
// There is no user connected
else {
$correct_pass_change = (boolean)get_parameter('correct_pass_change', 0);
$reset = (boolean)get_parameter('reset', 0);
$first = (boolean)get_parameter('first', 0);
if (!$reset) {
$reset_hash = get_parameter('reset_hash', "");
if ($correct_pass_change) {
$correct_reset_pass_process = "";
$process_error_message = "";
$pass1 = get_parameter('pass1');
$pass2 = get_parameter('pass2');
$id_user = get_parameter('id_user');
if ($pass1 == $pass2) {
$res = update_user_password ($id_user, $pass1);
if ($res) {
$correct_reset_pass_process = __('Password changed successfully');
}
else {
$process_error_message = __('Failed to change password');
}
}
else {
$process_error_message = __('Passwords must be the same');
}
require_once ('general/login_page.php');
}
else {
$user_reset_pass = get_parameter('user_reset_pass', "");
$error = "";
$mail = "";
$show_error = false;
if ($reset_hash != "") {
$hash_data = explode(":::", $reset_hash);
$id_user = $hash_data[0];
$codified_hash = $hash_data[1];
if (!$first) {
if ($reset) {
if ($user_reset_pass == '') {
$reset = false;
$error = __('Id user cannot be empty');
$show_error = true;
$db_reset_pass_entry = db_get_value_filter('reset_time', 'treset_pass', array('id_user' => $id_user, 'cod_hash' => $id_user . ":::" . $codified_hash));
$process_error_message = "";
if ($db_reset_pass_entry) {
if (($db_reset_pass_entry + SECONDS_15MINUTES) < time()) {
$process_error_message = __('This user has not requested a password change');
db_process_sql_delete('treset_pass', array('id_user' => $id_user));
require_once ('general/login_page.php');
}
else {
$check_user = check_user_id($user_reset_pass);
if (!$check_user) {
$reset = false;
$error = __('User no exists in db');
$show_error = true;
}
else {
$check_mail = check_user_have_mail($user_reset_pass);
if (!$check_mail) {
$reset = false;
$error = __('User no have any email direction asociated');
$show_error = true;
}
else {
$mail = $check_mail;
}
}
db_process_sql_delete('treset_pass', array('id_user' => $id_user));
require_once ('general/process_reset_pass.php');
}
}
if (!$reset) {
require_once ('general/reset_pass.php');
}
else {
$subject = '[Pandora] '.__('Reset password');
$body = __('This is the automatic message');
$body .= ' "<strong>' . $user_reset_pass . '"</strong>';
$body .= '<p />';
$body .= __('Please, click in the link below to reset your password');
$body .= '<p />';
$body .= '<a href="">' . __('Reset your password') . '</a>';
$body .= '<p />';
$body .= 'Pandora FMS';
$body .= '<p />';
$body .= '<em>'.__('Please do not answer or reply to this email').'</em>';
$result = send_email_to_user($mail, $body, $subject);
$email_error_message = "";
if (!$result) {
$email_error_message = __('Error at sending the email');
}
$process_error_message = __('Too much time since password change request');
require_once ('general/login_page.php');
}
}
else {
require_once ('general/reset_pass.php');
if (!$reset) {
require_once ('general/login_page.php');
}
else {
$user_reset_pass = get_parameter('user_reset_pass', "");
$error = "";
$mail = "";
$show_error = false;
if (!$first) {
if ($reset) {
if ($user_reset_pass == '') {
$reset = false;
$error = __('Id user cannot be empty');
$show_error = true;
}
else {
$check_user = check_user_id($user_reset_pass);
if (!$check_user) {
$reset = false;
$error = __('User no exists in db');
$show_error = true;
}
else {
$check_mail = check_user_have_mail($user_reset_pass);
if (!$check_mail) {
$reset = false;
$error = __('User no have any email direction asociated');
$show_error = true;
}
else {
$mail = $check_mail;
}
}
}
}
if (!$reset) {
require_once ('general/reset_pass.php');
}
else {
$cod_hash = $user_reset_pass . "::::" . base64_encode(rand(10, 1000000) . rand(10, 1000000) . rand(10, 1000000));
$subject = '[Pandora] '.__('Reset password');
$body = __('This is the automatic message');
$body .= ' "<strong>' . $user_reset_pass . '"</strong>';
$body .= '<p />';
$body .= __('Please, click in the link below to reset your password');
$body .= '<p />';
$body .= '<a href="' . $config['homeurl'] . 'index.php?reset_hash=' . $cod_hash . '">' . __('Reset your password') . '</a>';
$body .= '<p />';
$body .= 'Pandora FMS';
$body .= '<p />';
$body .= '<em>'.__('Please do not answer or reply to this email').'</em>';
$result = send_email_to_user($mail, $body, $subject);
$process_error_message = "";
if (!$result) {
$process_error_message = __('Error at sending the email');
}
else {
send_token_to_db($user_reset_pass, $cod_hash);
}
require_once ('general/login_page.php');
}
}
else {
require_once ('general/reset_pass.php');
}
}
}
}
while (@ob_end_flush ());
exit ("</html>");
}