';
echo '
';
echo '
' . __('ERROR') . '
';
- echo '
' . $email_error_message . '
';
+ echo '
' . $process_error_message . '
';
echo '
';
echo '
';
html_print_submit_button("Ok", 'reset_correct_button', false);
@@ -305,6 +305,25 @@ if ($mail != "") {
}
}
+if ($correct_reset_pass_process != "") {
+ echo '
';
+ echo '
';
+ echo '
';
+ echo html_print_image('images/icono_logo_pandora.png', true, array("alt" => __('Password reset'), "border" => 0));
+ echo '
';
+ echo '
';
+ echo '
';
+ echo '
' . __('SUCCESS') . '
';
+ echo '
' . $correct_reset_pass_process . '
';
+ echo '
';
+ echo '
';
+ html_print_submit_button("Ok", 'final_process_correct_button', false);
+ echo '
';
+ echo '
';
+ echo '
';
+ echo '
';
+}
+
if (isset ($login_failed)) {
echo '
';
echo '
';
@@ -579,5 +598,26 @@ html_print_div(array('id' => 'forced_title_layer', 'class' => 'forced_title_laye
$("#reset_correct").dialog('close');
});
});
+
+ $(document).ready (function () {
+ $(function() {
+ $("#final_process_correct").dialog({
+ resizable: true,
+ draggable: true,
+ modal: true,
+ height: 220,
+ width: 528,
+ clickOutside: true,
+ overlay: {
+ opacity: 0.5,
+ background: "black"
+ }
+ });
+ });
+
+ $("#submit-final_process_correct_button").click (function () {
+ $("#final_process_correct").dialog('close');
+ });
+ });
/* ]]> */
diff --git a/pandora_console/general/process_reset_pass.php b/pandora_console/general/process_reset_pass.php
new file mode 100644
index 0000000000..504551e74b
--- /dev/null
+++ b/pandora_console/general/process_reset_pass.php
@@ -0,0 +1,196 @@
+';
+ echo '';
+
+ echo '
';
+ echo '
';
+
+ echo '
';
+ echo '
';
+ echo '
';
+ if(defined ('PANDORA_ENTERPRISE')){
+ if($config['custom_title1_login']){
+ echo strtoupper(io_safe_output($config['custom_title1_login']));
+ }
+ else{
+ echo __('WELCOME TO PANDORA FMS');
+ }
+ }
+ else{
+ echo __('WELCOME TO PANDORA FMS');
+ }
+ echo '
';
+ echo '
';
+ if(defined ('PANDORA_ENTERPRISE')){
+ if($config['custom_title2_login']){
+ echo strtoupper(io_safe_output($config['custom_title2_login']));
+ }
+ else{
+ echo __('NEXT GENERATION');
+ }
+ }
+ else{
+ echo __('NEXT GENERATION');
+ }
+ echo '
';
+ echo '
';
+ echo '
';
+ if (defined ('PANDORA_ENTERPRISE')) {
+ if(isset($config['custom_splash_login'])){
+ html_print_image ("enterprise/images/custom_splash_login/".$config['custom_splash_login'], false, array ( "alt" => "splash", "border" => 0, "title" => $splash_title), false, true);
+ }
+ else{
+ html_print_image ("enterprise/images/custom_splash_login/splash_image_default.png", false, array ("alt" => "logo", "border" => 0, "title" => $splash_title), false, true);
+ }
+ }
+ else{
+ html_print_image ("images/splash_image_default.png", false, array ("alt" => "logo", "border" => 0, "title" => $splash_title), false, true);
+ }
+ echo '
';
+ echo '
';
+ echo '
';
+
+ echo '
';
+ echo '
'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : '') . '
';
+ echo '
';
+
+ui_require_css_file ('dialog');
+ui_require_css_file ('jquery-ui-1.10.0.custom');
+ui_require_jquery_file('jquery-ui-1.10.0.custom');
+
+?>
+
+
\ No newline at end of file
diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php
index c6d8bc79e2..7fba3d1ac7 100644
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@@ -2758,10 +2758,19 @@ function send_email_to_user ($to, $body, $subject) {
catch (Exception $e) {
error_log($e->getMessage());
db_pandora_audit("Pandora mail", $e->getMessage());
- html_debug($e->getMessage(), true);
}
return $result;
}
+function send_token_to_db ($id_user, $cod_hash) {
+ db_process_sql_delete('treset_pass', array('id_user' => $id_user));
+
+ $values = array();
+ $values['id_user'] = $id_user;
+ $values['cod_hash'] = $cod_hash;
+ $values['reset_time'] = time();
+ db_process_sql_insert('treset_pass', $values);
+}
+
?>
diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php
index 2af6eebf8e..5d56e14595 100644
--- a/pandora_console/include/functions_html.php
+++ b/pandora_console/include/functions_html.php
@@ -2040,6 +2040,9 @@ function html_print_label ($text, $id, $return = false, $options = false) {
if ($options) {
if (isset ($options['class']))
$output .= 'class="'.$options['class'].'" ';
+
+ if (isset ($options['style']))
+ $output .= 'style="'.$options['style'].'" ';
}
$output .= 'for="'.$id.'" >';
diff --git a/pandora_console/index.php b/pandora_console/index.php
index 78b67f80a9..2455287848 100755
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@@ -547,77 +547,135 @@ if (! isset ($config['id_user'])) {
}
// There is no user connected
else {
+ $correct_pass_change = (boolean)get_parameter('correct_pass_change', 0);
$reset = (boolean)get_parameter('reset', 0);
$first = (boolean)get_parameter('first', 0);
- if (!$reset) {
+ $reset_hash = get_parameter('reset_hash', "");
+
+ if ($correct_pass_change) {
+ $correct_reset_pass_process = "";
+ $process_error_message = "";
+ $pass1 = get_parameter('pass1');
+ $pass2 = get_parameter('pass2');
+ $id_user = get_parameter('id_user');
+
+ if ($pass1 == $pass2) {
+ $res = update_user_password ($id_user, $pass1);
+ if ($res) {
+ $correct_reset_pass_process = __('Password changed successfully');
+ }
+ else {
+ $process_error_message = __('Failed to change password');
+ }
+ }
+ else {
+ $process_error_message = __('Passwords must be the same');
+ }
require_once ('general/login_page.php');
}
else {
- $user_reset_pass = get_parameter('user_reset_pass', "");
- $error = "";
- $mail = "";
- $show_error = false;
+ if ($reset_hash != "") {
+ $hash_data = explode(":::", $reset_hash);
+ $id_user = $hash_data[0];
+ $codified_hash = $hash_data[1];
- if (!$first) {
- if ($reset) {
- if ($user_reset_pass == '') {
- $reset = false;
- $error = __('Id user cannot be empty');
- $show_error = true;
+ $db_reset_pass_entry = db_get_value_filter('reset_time', 'treset_pass', array('id_user' => $id_user, 'cod_hash' => $id_user . ":::" . $codified_hash));
+ $process_error_message = "";
+
+ if ($db_reset_pass_entry) {
+ if (($db_reset_pass_entry + SECONDS_15MINUTES) < time()) {
+ $process_error_message = __('This user has not requested a password change');
+ db_process_sql_delete('treset_pass', array('id_user' => $id_user));
+ require_once ('general/login_page.php');
}
else {
- $check_user = check_user_id($user_reset_pass);
-
- if (!$check_user) {
- $reset = false;
- $error = __('User no exists in db');
- $show_error = true;
- }
- else {
- $check_mail = check_user_have_mail($user_reset_pass);
-
- if (!$check_mail) {
- $reset = false;
- $error = __('User no have any email direction asociated');
- $show_error = true;
- }
- else {
- $mail = $check_mail;
- }
- }
+ db_process_sql_delete('treset_pass', array('id_user' => $id_user));
+ require_once ('general/process_reset_pass.php');
}
}
-
- if (!$reset) {
- require_once ('general/reset_pass.php');
- }
else {
- $subject = '[Pandora] '.__('Reset password');
- $body = __('This is the automatic message');
- $body .= ' "
' . $user_reset_pass . '"';
- $body .= '
';
- $body .= __('Please, click in the link below to reset your password');
- $body .= '
';
- $body .= '
' . __('Reset your password') . '';
- $body .= '
';
- $body .= 'Pandora FMS';
- $body .= '
';
- $body .= '
'.__('Please do not answer or reply to this email').'';
-
- $result = send_email_to_user($mail, $body, $subject);
-
- $email_error_message = "";
- if (!$result) {
- $email_error_message = __('Error at sending the email');
- }
-
+ $process_error_message = __('Too much time since password change request');
require_once ('general/login_page.php');
}
}
else {
- require_once ('general/reset_pass.php');
+ if (!$reset) {
+ require_once ('general/login_page.php');
+ }
+ else {
+ $user_reset_pass = get_parameter('user_reset_pass', "");
+ $error = "";
+ $mail = "";
+ $show_error = false;
+
+ if (!$first) {
+ if ($reset) {
+ if ($user_reset_pass == '') {
+ $reset = false;
+ $error = __('Id user cannot be empty');
+ $show_error = true;
+ }
+ else {
+ $check_user = check_user_id($user_reset_pass);
+
+ if (!$check_user) {
+ $reset = false;
+ $error = __('User no exists in db');
+ $show_error = true;
+ }
+ else {
+ $check_mail = check_user_have_mail($user_reset_pass);
+
+ if (!$check_mail) {
+ $reset = false;
+ $error = __('User no have any email direction asociated');
+ $show_error = true;
+ }
+ else {
+ $mail = $check_mail;
+ }
+ }
+ }
+ }
+
+ if (!$reset) {
+ require_once ('general/reset_pass.php');
+ }
+ else {
+ $cod_hash = $user_reset_pass . "::::" . base64_encode(rand(10, 1000000) . rand(10, 1000000) . rand(10, 1000000));
+
+ $subject = '[Pandora] '.__('Reset password');
+ $body = __('This is the automatic message');
+ $body .= ' "
' . $user_reset_pass . '"';
+ $body .= '
';
+ $body .= __('Please, click in the link below to reset your password');
+ $body .= '
';
+ $body .= '
' . __('Reset your password') . '';
+ $body .= '
';
+ $body .= 'Pandora FMS';
+ $body .= '
';
+ $body .= '
'.__('Please do not answer or reply to this email').'';
+
+ $result = send_email_to_user($mail, $body, $subject);
+
+ $process_error_message = "";
+ if (!$result) {
+ $process_error_message = __('Error at sending the email');
+ }
+ else {
+ send_token_to_db($user_reset_pass, $cod_hash);
+ }
+
+ require_once ('general/login_page.php');
+ }
+ }
+ else {
+ require_once ('general/reset_pass.php');
+ }
+ }
}
}
+
while (@ob_end_flush ());
exit ("