From 727bd095f5bcd72db9df534969f911063485aee3 Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Thu, 20 Apr 2017 10:59:32 +0200 Subject: [PATCH] Added function to reset password in node --- pandora_console/general/login_page.php | 44 +++- .../general/process_reset_pass.php | 196 ++++++++++++++++++ pandora_console/include/functions.php | 11 +- pandora_console/include/functions_html.php | 3 + pandora_console/index.php | 166 ++++++++++----- 5 files changed, 363 insertions(+), 57 deletions(-) create mode 100644 pandora_console/general/process_reset_pass.php diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php index e6f42b4f73..d25891d483 100755 --- a/pandora_console/general/login_page.php +++ b/pandora_console/general/login_page.php @@ -267,7 +267,7 @@ echo '
'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Bui echo '
'; if ($mail != "") { - if ($email_error_message == '') { + if ($process_error_message == '') { echo '
'; echo '
'; echo '
'; @@ -294,7 +294,7 @@ if ($mail != "") { echo '
'; echo '
'; echo '

' . __('ERROR') . '

'; - echo '

' . $email_error_message . '

'; + echo '

' . $process_error_message . '

'; echo '
'; echo '
'; html_print_submit_button("Ok", 'reset_correct_button', false); @@ -305,6 +305,25 @@ if ($mail != "") { } } +if ($correct_reset_pass_process != "") { + echo '
'; + echo '
'; + echo '
'; + echo html_print_image('images/icono_logo_pandora.png', true, array("alt" => __('Password reset'), "border" => 0)); + echo '
'; + echo '
'; + echo '
'; + echo '

' . __('SUCCESS') . '

'; + echo '

' . $correct_reset_pass_process . '

'; + echo '
'; + echo '
'; + html_print_submit_button("Ok", 'final_process_correct_button', false); + echo '
'; + echo '
'; + echo '
'; + echo '
'; +} + if (isset ($login_failed)) { echo '
'; echo '
'; @@ -579,5 +598,26 @@ html_print_div(array('id' => 'forced_title_layer', 'class' => 'forced_title_laye $("#reset_correct").dialog('close'); }); }); + + $(document).ready (function () { + $(function() { + $("#final_process_correct").dialog({ + resizable: true, + draggable: true, + modal: true, + height: 220, + width: 528, + clickOutside: true, + overlay: { + opacity: 0.5, + background: "black" + } + }); + }); + + $("#submit-final_process_correct_button").click (function () { + $("#final_process_correct").dialog('close'); + }); + }); /* ]]> */ diff --git a/pandora_console/general/process_reset_pass.php b/pandora_console/general/process_reset_pass.php new file mode 100644 index 0000000000..504551e74b --- /dev/null +++ b/pandora_console/general/process_reset_pass.php @@ -0,0 +1,196 @@ +'; + echo '
'; + echo '
'; + if (defined ('PANDORA_ENTERPRISE')) { + if(isset ($config['custom_logo'])){ + echo 'pandora_console'; + } + else{ + echo 'pandora_console'; + } + } + else{ + echo 'pandora_console'; + } + echo '
'; + echo '
    '; + echo '
  • docs pandora
  • '; + echo '
  • ' . __('Docs') . '
  • '; + echo '
  • support pandora
  • '; + echo '
  • ' . __('Support') . '
  • '; + echo '
'; + echo '
'; + + echo ''; + + echo '
'; + echo '
'.$pandora_version.(($develop_bypass == 1) ? ' '.__('Build').' '.$build_version : '') . '
'; + echo '
'; + +ui_require_css_file ('dialog'); +ui_require_css_file ('jquery-ui-1.10.0.custom'); +ui_require_jquery_file('jquery-ui-1.10.0.custom'); + +?> + + \ No newline at end of file diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index c6d8bc79e2..7fba3d1ac7 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -2758,10 +2758,19 @@ function send_email_to_user ($to, $body, $subject) { catch (Exception $e) { error_log($e->getMessage()); db_pandora_audit("Pandora mail", $e->getMessage()); - html_debug($e->getMessage(), true); } return $result; } +function send_token_to_db ($id_user, $cod_hash) { + db_process_sql_delete('treset_pass', array('id_user' => $id_user)); + + $values = array(); + $values['id_user'] = $id_user; + $values['cod_hash'] = $cod_hash; + $values['reset_time'] = time(); + db_process_sql_insert('treset_pass', $values); +} + ?> diff --git a/pandora_console/include/functions_html.php b/pandora_console/include/functions_html.php index 2af6eebf8e..5d56e14595 100644 --- a/pandora_console/include/functions_html.php +++ b/pandora_console/include/functions_html.php @@ -2040,6 +2040,9 @@ function html_print_label ($text, $id, $return = false, $options = false) { if ($options) { if (isset ($options['class'])) $output .= 'class="'.$options['class'].'" '; + + if (isset ($options['style'])) + $output .= 'style="'.$options['style'].'" '; } $output .= 'for="'.$id.'" >'; diff --git a/pandora_console/index.php b/pandora_console/index.php index 78b67f80a9..2455287848 100755 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -547,77 +547,135 @@ if (! isset ($config['id_user'])) { } // There is no user connected else { + $correct_pass_change = (boolean)get_parameter('correct_pass_change', 0); $reset = (boolean)get_parameter('reset', 0); $first = (boolean)get_parameter('first', 0); - if (!$reset) { + $reset_hash = get_parameter('reset_hash', ""); + + if ($correct_pass_change) { + $correct_reset_pass_process = ""; + $process_error_message = ""; + $pass1 = get_parameter('pass1'); + $pass2 = get_parameter('pass2'); + $id_user = get_parameter('id_user'); + + if ($pass1 == $pass2) { + $res = update_user_password ($id_user, $pass1); + if ($res) { + $correct_reset_pass_process = __('Password changed successfully'); + } + else { + $process_error_message = __('Failed to change password'); + } + } + else { + $process_error_message = __('Passwords must be the same'); + } require_once ('general/login_page.php'); } else { - $user_reset_pass = get_parameter('user_reset_pass', ""); - $error = ""; - $mail = ""; - $show_error = false; + if ($reset_hash != "") { + $hash_data = explode(":::", $reset_hash); + $id_user = $hash_data[0]; + $codified_hash = $hash_data[1]; - if (!$first) { - if ($reset) { - if ($user_reset_pass == '') { - $reset = false; - $error = __('Id user cannot be empty'); - $show_error = true; + $db_reset_pass_entry = db_get_value_filter('reset_time', 'treset_pass', array('id_user' => $id_user, 'cod_hash' => $id_user . ":::" . $codified_hash)); + $process_error_message = ""; + + if ($db_reset_pass_entry) { + if (($db_reset_pass_entry + SECONDS_15MINUTES) < time()) { + $process_error_message = __('This user has not requested a password change'); + db_process_sql_delete('treset_pass', array('id_user' => $id_user)); + require_once ('general/login_page.php'); } else { - $check_user = check_user_id($user_reset_pass); - - if (!$check_user) { - $reset = false; - $error = __('User no exists in db'); - $show_error = true; - } - else { - $check_mail = check_user_have_mail($user_reset_pass); - - if (!$check_mail) { - $reset = false; - $error = __('User no have any email direction asociated'); - $show_error = true; - } - else { - $mail = $check_mail; - } - } + db_process_sql_delete('treset_pass', array('id_user' => $id_user)); + require_once ('general/process_reset_pass.php'); } } - - if (!$reset) { - require_once ('general/reset_pass.php'); - } else { - $subject = '[Pandora] '.__('Reset password'); - $body = __('This is the automatic message'); - $body .= ' "' . $user_reset_pass . '"'; - $body .= '

'; - $body .= __('Please, click in the link below to reset your password'); - $body .= '

'; - $body .= '' . __('Reset your password') . ''; - $body .= '

'; - $body .= 'Pandora FMS'; - $body .= '

'; - $body .= ''.__('Please do not answer or reply to this email').''; - - $result = send_email_to_user($mail, $body, $subject); - - $email_error_message = ""; - if (!$result) { - $email_error_message = __('Error at sending the email'); - } - + $process_error_message = __('Too much time since password change request'); require_once ('general/login_page.php'); } } else { - require_once ('general/reset_pass.php'); + if (!$reset) { + require_once ('general/login_page.php'); + } + else { + $user_reset_pass = get_parameter('user_reset_pass', ""); + $error = ""; + $mail = ""; + $show_error = false; + + if (!$first) { + if ($reset) { + if ($user_reset_pass == '') { + $reset = false; + $error = __('Id user cannot be empty'); + $show_error = true; + } + else { + $check_user = check_user_id($user_reset_pass); + + if (!$check_user) { + $reset = false; + $error = __('User no exists in db'); + $show_error = true; + } + else { + $check_mail = check_user_have_mail($user_reset_pass); + + if (!$check_mail) { + $reset = false; + $error = __('User no have any email direction asociated'); + $show_error = true; + } + else { + $mail = $check_mail; + } + } + } + } + + if (!$reset) { + require_once ('general/reset_pass.php'); + } + else { + $cod_hash = $user_reset_pass . "::::" . base64_encode(rand(10, 1000000) . rand(10, 1000000) . rand(10, 1000000)); + + $subject = '[Pandora] '.__('Reset password'); + $body = __('This is the automatic message'); + $body .= ' "' . $user_reset_pass . '"'; + $body .= '

'; + $body .= __('Please, click in the link below to reset your password'); + $body .= '

'; + $body .= '' . __('Reset your password') . ''; + $body .= '

'; + $body .= 'Pandora FMS'; + $body .= '

'; + $body .= ''.__('Please do not answer or reply to this email').''; + + $result = send_email_to_user($mail, $body, $subject); + + $process_error_message = ""; + if (!$result) { + $process_error_message = __('Error at sending the email'); + } + else { + send_token_to_db($user_reset_pass, $cod_hash); + } + + require_once ('general/login_page.php'); + } + } + else { + require_once ('general/reset_pass.php'); + } + } } } + while (@ob_end_flush ()); exit (""); }