From 727bd095f5bcd72db9df534969f911063485aee3 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez <arturo.gonzalez@artica.es> Date: Thu, 20 Apr 2017 10:59:32 +0200 Subject: [PATCH] Added function to reset password in node --- pandora_console/general/login_page.php | 44 +++- .../general/process_reset_pass.php | 196 ++++++++++++++++++ pandora_console/include/functions.php | 11 +- pandora_console/include/functions_html.php | 3 + pandora_console/index.php | 166 ++++++++++----- 5 files changed, 363 insertions(+), 57 deletions(-) create mode 100644 pandora_console/general/process_reset_pass.php diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php index e6f42b4f73..d25891d483 100755 --- a/pandora_console/general/login_page.php +++ b/pandora_console/general/login_page.php @@ -267,7 +267,7 @@ echo '<div id="ver_num">'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Bui echo '</div>'; if ($mail != "") { - if ($email_error_message == '') { + if ($process_error_message == '') { echo '<div id="reset_correct" title="' . __('Password reset') . '">'; echo '<div class="content_alert">'; echo '<div class="icon_message_alert">'; @@ -294,7 +294,7 @@ if ($mail != "") { echo '<div class="content_message_alert">'; echo '<div class="text_message_alert">'; echo '<h1>' . __('ERROR') . '</h1>'; - echo '<p>' . $email_error_message . '</p>'; + echo '<p>' . $process_error_message . '</p>'; echo '</div>'; echo '<div class="button_message_alert">'; html_print_submit_button("Ok", 'reset_correct_button', false); @@ -305,6 +305,25 @@ if ($mail != "") { } } +if ($correct_reset_pass_process != "") { + echo '<div id="final_process_correct" title="' . __('Password reset') . '">'; + echo '<div class="content_alert">'; + echo '<div class="icon_message_alert">'; + echo html_print_image('images/icono_logo_pandora.png', true, array("alt" => __('Password reset'), "border" => 0)); + echo '</div>'; + echo '<div class="content_message_alert">'; + echo '<div class="text_message_alert">'; + echo '<h1>' . __('SUCCESS') . '</h1>'; + echo '<p>' . $correct_reset_pass_process . '</p>'; + echo '</div>'; + echo '<div class="button_message_alert">'; + html_print_submit_button("Ok", 'final_process_correct_button', false); + echo '</div>'; + echo '</div>'; + echo '</div>'; + echo '</div>'; +} + if (isset ($login_failed)) { echo '<div id="login_failed" title="' . __('Login failed') . '">'; echo '<div class="content_alert">'; @@ -579,5 +598,26 @@ html_print_div(array('id' => 'forced_title_layer', 'class' => 'forced_title_laye $("#reset_correct").dialog('close'); }); }); + + $(document).ready (function () { + $(function() { + $("#final_process_correct").dialog({ + resizable: true, + draggable: true, + modal: true, + height: 220, + width: 528, + clickOutside: true, + overlay: { + opacity: 0.5, + background: "black" + } + }); + }); + + $("#submit-final_process_correct_button").click (function () { + $("#final_process_correct").dialog('close'); + }); + }); /* ]]> */ </script> diff --git a/pandora_console/general/process_reset_pass.php b/pandora_console/general/process_reset_pass.php new file mode 100644 index 0000000000..504551e74b --- /dev/null +++ b/pandora_console/general/process_reset_pass.php @@ -0,0 +1,196 @@ +<?php + +// Pandora FMS - http://pandorafms.com +// ================================================== +// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas +// Please see http://pandorafms.org for full contribution list + +// This program is free software; you can redistribute it and/or +// modify it under the terms of the GNU General Public License +// as published by the Free Software Foundation; version 2 + +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + + +if (isset($config["homedir"])) { + $homedir = $config["homedir"] . '/'; +} +else { + $homedir = ''; +} + +require_once($homedir . 'include/config.php'); +require_once($homedir . 'include/functions_config.php'); +include_once($homedir . 'include/functions_ui.php'); +include_once($homedir . 'include/functions_users.php'); +include_once($homedir . 'include/functions.php'); +include_once($homedir . 'include/functions_html.php'); + +$login_body_style = ''; +// Overrides the default background with the defined by the user +if (!empty($config['login_background'])) { + $background_url = "../../images/backgrounds/" . $config['login_background']; + $login_body_style = "style=\"background-image: url('$background_url');\""; +} + +echo '<div id="login_body" ' . $login_body_style . '>'; + echo '<div id="header_login">'; + echo '<div id="icon_custom_pandora">'; + if (defined ('PANDORA_ENTERPRISE')) { + if(isset ($config['custom_logo'])){ + echo '<img src="images/custom_logo/' . $config['custom_logo'] .'" alt="pandora_console">'; + } + else{ + echo '<img src="images/custom_logo/logo_login_consola.png" alt="pandora_console">'; + } + } + else{ + echo '<img src="images/custom_logo/pandora_logo_head_3.png" alt="pandora_console">'; + } + echo '</div>'; + echo '<div id="list_icon_docs_support"><ul>'; + echo '<li><a href="http://wiki.pandorafms.com/" target="_blank"><img src="images/icono_docs.png" alt="docs pandora"></a></li>'; + echo '<li>' . __('Docs') . '</li>'; + echo '<li id="li_margin_left"><a href="https://pandorafms.com/monitoring-services/support/" target="_blank"><img src="images/icono_support.png" alt="support pandora"></a></li>'; + echo '<li>' . __('Support') . '</li>'; + echo '</ul></div>'; + echo '</div>'; + + echo '<div class="container_login">'; + echo '<div class="login_page">'; + echo '<form method="post" action="' . ui_get_full_url('index.php?correct_pass_change=true') . '"><div class="login_logo_icon">'; + echo '<a href="' . $logo_link . '">'; + if (defined ('METACONSOLE')) { + if (!isset ($config["custom_logo_login"])){ + html_print_image ("images/custom_logo_login/login_logo.png", false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true); + } + else{ + html_print_image ("images/custom_logo_login/".$config['custom_logo_login'], false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true); + } + } + else if (defined ('PANDORA_ENTERPRISE')) { + + if (!isset ($config["custom_logo_login"])){ + html_print_image ("enterprise/images/custom_logo_login/login_logo_v7.png", false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true); + } + else{ + html_print_image ("enterprise/images/custom_logo_login/".$config['custom_logo_login'], false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true); + } + } + else { + if (!isset ($config["custom_logo_login"]) || $config["custom_logo_login"] == 0){ + html_print_image ("images/custom_logo_login/pandora_logo.png", false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true); + } + else{ + html_print_image ("images/custom_logo_login/".$config['custom_logo_login'], false, array ("class" => "login_logo", "alt" => "logo", "border" => 0, "title" => $logo_title), false, true); + } + echo "<br><span style='font-size:120%;color:white;top:10px;position:relative;'>Community edition</span>"; + } + echo '</a></div>'; + + echo '<div class="login_pass">'; + echo '<div>'; + html_print_image ("/images/candado_login.png", false); + echo '</div>'; + html_print_input_text_extended ("pass1", '', "pass1", '', '', '' ,false, + '', 'autocomplete="off" placeholder="'.__('New Password').'"', false, true); + echo '</div>'; + echo '<div class="login_pass">'; + echo '<div>'; + html_print_image ("/images/candado_login.png", false); + echo '</div>'; + html_print_input_text_extended ("pass2", '', "pass2", '', '', '' ,false, + '', 'autocomplete="off" placeholder="'.__('Repeat password').'"', false, true); + echo '</div>'; + echo '<div id="reset_pass_button" style="display:none;" class="login_button">'; + html_print_submit_button(__("Change password"), "login_button", false, 'class="sub next_login"'); + echo '</div>'; + echo '<div id="error_pass_message" style="display:none; text-align:center;">'; + html_print_label(__("Passwords must be the same"), "error_pass_label", false, array('style' => 'font-size:12pt; color:red;')); + echo '</div>'; + html_print_input_hidden('id_user', $id_user); + + echo '</form>'; + + echo '<form method="post" action="' . ui_get_full_url('index.php') . '">'; + echo '<div class="login_button">'; + html_print_submit_button(__("Back to login"), "login_button", false, 'class="sub next_login"'); + echo '</div>'; + echo '</form></div>'; + + echo '<div style="float:right;" class="login_data">'; + echo '<div class ="text_banner_login">'; + echo '<div><span class="span1">'; + if(defined ('PANDORA_ENTERPRISE')){ + if($config['custom_title1_login']){ + echo strtoupper(io_safe_output($config['custom_title1_login'])); + } + else{ + echo __('WELCOME TO PANDORA FMS'); + } + } + else{ + echo __('WELCOME TO PANDORA FMS'); + } + echo '</span></div>'; + echo '<div><span class="span2">'; + if(defined ('PANDORA_ENTERPRISE')){ + if($config['custom_title2_login']){ + echo strtoupper(io_safe_output($config['custom_title2_login'])); + } + else{ + echo __('NEXT GENERATION'); + } + } + else{ + echo __('NEXT GENERATION'); + } + echo '</span></div>'; + echo '</div>'; + echo '<div class ="img_banner_login">'; + if (defined ('PANDORA_ENTERPRISE')) { + if(isset($config['custom_splash_login'])){ + html_print_image ("enterprise/images/custom_splash_login/".$config['custom_splash_login'], false, array ( "alt" => "splash", "border" => 0, "title" => $splash_title), false, true); + } + else{ + html_print_image ("enterprise/images/custom_splash_login/splash_image_default.png", false, array ("alt" => "logo", "border" => 0, "title" => $splash_title), false, true); + } + } + else{ + html_print_image ("images/splash_image_default.png", false, array ("alt" => "logo", "border" => 0, "title" => $splash_title), false, true); + } + echo '</div>'; + echo '</div>'; + echo '</div>'; + + echo '</div>'; + echo '<div id="ver_num">'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : '') . '</div>'; + echo '</div>'; + +ui_require_css_file ('dialog'); +ui_require_css_file ('jquery-ui-1.10.0.custom'); +ui_require_jquery_file('jquery-ui-1.10.0.custom'); + +?> + +<script type="text/javascript" language="javascript"> + +$(document).ready (function () { + $('#pass2').on('input', function(e) { + var pass1 = $('#pass1').val(); + var pass2 = $('#pass2').val(); + if (pass1 != pass2) { + $("#reset_pass_button").css('display', 'none'); + $("#error_pass_message").css('display', ''); + } + else { + $("#reset_pass_button").css('display', ''); + $("#error_pass_message").css('display', 'none'); + } + }); +}); + +</script> \ No newline at end of file diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index c6d8bc79e2..7fba3d1ac7 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -2758,10 +2758,19 @@ function send_email_to_user ($to, $body, $subject) { catch (Exception $e) { error_log($e->getMessage()); db_pandora_audit("Pandora mail", $e->getMessage()); - html_debug($e->getMessage(), true); } return $result; } +function send_token_to_db ($id_user, $cod_hash) { + db_process_sql_delete('treset_pass', array('id_user' => $id_user)); + + $values = array(); + $values['id_user'] = $id_user; + $values['cod_hash'] = $cod_hash; + $values['reset_time'] = time(); + db_process_sql_insert('treset_pass', $values); +} + ?> diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index 2af6eebf8e..5d56e14595 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -2040,6 +2040,9 @@ function html_print_label ($text, $id, $return = false, $options = false) { if ($options) { if (isset ($options['class'])) $output .= 'class="'.$options['class'].'" '; + + if (isset ($options['style'])) + $output .= 'style="'.$options['style'].'" '; } $output .= 'for="'.$id.'" >'; diff --git a/pandora_console/index.php b/pandora_console/index.php index 78b67f80a9..2455287848 100755 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -547,77 +547,135 @@ if (! isset ($config['id_user'])) { } // There is no user connected else { + $correct_pass_change = (boolean)get_parameter('correct_pass_change', 0); $reset = (boolean)get_parameter('reset', 0); $first = (boolean)get_parameter('first', 0); - if (!$reset) { + $reset_hash = get_parameter('reset_hash', ""); + + if ($correct_pass_change) { + $correct_reset_pass_process = ""; + $process_error_message = ""; + $pass1 = get_parameter('pass1'); + $pass2 = get_parameter('pass2'); + $id_user = get_parameter('id_user'); + + if ($pass1 == $pass2) { + $res = update_user_password ($id_user, $pass1); + if ($res) { + $correct_reset_pass_process = __('Password changed successfully'); + } + else { + $process_error_message = __('Failed to change password'); + } + } + else { + $process_error_message = __('Passwords must be the same'); + } require_once ('general/login_page.php'); } else { - $user_reset_pass = get_parameter('user_reset_pass', ""); - $error = ""; - $mail = ""; - $show_error = false; + if ($reset_hash != "") { + $hash_data = explode(":::", $reset_hash); + $id_user = $hash_data[0]; + $codified_hash = $hash_data[1]; - if (!$first) { - if ($reset) { - if ($user_reset_pass == '') { - $reset = false; - $error = __('Id user cannot be empty'); - $show_error = true; + $db_reset_pass_entry = db_get_value_filter('reset_time', 'treset_pass', array('id_user' => $id_user, 'cod_hash' => $id_user . ":::" . $codified_hash)); + $process_error_message = ""; + + if ($db_reset_pass_entry) { + if (($db_reset_pass_entry + SECONDS_15MINUTES) < time()) { + $process_error_message = __('This user has not requested a password change'); + db_process_sql_delete('treset_pass', array('id_user' => $id_user)); + require_once ('general/login_page.php'); } else { - $check_user = check_user_id($user_reset_pass); - - if (!$check_user) { - $reset = false; - $error = __('User no exists in db'); - $show_error = true; - } - else { - $check_mail = check_user_have_mail($user_reset_pass); - - if (!$check_mail) { - $reset = false; - $error = __('User no have any email direction asociated'); - $show_error = true; - } - else { - $mail = $check_mail; - } - } + db_process_sql_delete('treset_pass', array('id_user' => $id_user)); + require_once ('general/process_reset_pass.php'); } } - - if (!$reset) { - require_once ('general/reset_pass.php'); - } else { - $subject = '[Pandora] '.__('Reset password'); - $body = __('This is the automatic message'); - $body .= ' "<strong>' . $user_reset_pass . '"</strong>'; - $body .= '<p />'; - $body .= __('Please, click in the link below to reset your password'); - $body .= '<p />'; - $body .= '<a href="">' . __('Reset your password') . '</a>'; - $body .= '<p />'; - $body .= 'Pandora FMS'; - $body .= '<p />'; - $body .= '<em>'.__('Please do not answer or reply to this email').'</em>'; - - $result = send_email_to_user($mail, $body, $subject); - - $email_error_message = ""; - if (!$result) { - $email_error_message = __('Error at sending the email'); - } - + $process_error_message = __('Too much time since password change request'); require_once ('general/login_page.php'); } } else { - require_once ('general/reset_pass.php'); + if (!$reset) { + require_once ('general/login_page.php'); + } + else { + $user_reset_pass = get_parameter('user_reset_pass', ""); + $error = ""; + $mail = ""; + $show_error = false; + + if (!$first) { + if ($reset) { + if ($user_reset_pass == '') { + $reset = false; + $error = __('Id user cannot be empty'); + $show_error = true; + } + else { + $check_user = check_user_id($user_reset_pass); + + if (!$check_user) { + $reset = false; + $error = __('User no exists in db'); + $show_error = true; + } + else { + $check_mail = check_user_have_mail($user_reset_pass); + + if (!$check_mail) { + $reset = false; + $error = __('User no have any email direction asociated'); + $show_error = true; + } + else { + $mail = $check_mail; + } + } + } + } + + if (!$reset) { + require_once ('general/reset_pass.php'); + } + else { + $cod_hash = $user_reset_pass . "::::" . base64_encode(rand(10, 1000000) . rand(10, 1000000) . rand(10, 1000000)); + + $subject = '[Pandora] '.__('Reset password'); + $body = __('This is the automatic message'); + $body .= ' "<strong>' . $user_reset_pass . '"</strong>'; + $body .= '<p />'; + $body .= __('Please, click in the link below to reset your password'); + $body .= '<p />'; + $body .= '<a href="' . $config['homeurl'] . 'index.php?reset_hash=' . $cod_hash . '">' . __('Reset your password') . '</a>'; + $body .= '<p />'; + $body .= 'Pandora FMS'; + $body .= '<p />'; + $body .= '<em>'.__('Please do not answer or reply to this email').'</em>'; + + $result = send_email_to_user($mail, $body, $subject); + + $process_error_message = ""; + if (!$result) { + $process_error_message = __('Error at sending the email'); + } + else { + send_token_to_db($user_reset_pass, $cod_hash); + } + + require_once ('general/login_page.php'); + } + } + else { + require_once ('general/reset_pass.php'); + } + } } } + while (@ob_end_flush ()); exit ("</html>"); }