1<?php
2/**
3 * Postfix Admin
4 *
5 * LICENSE
6 * This source file is subject to the GPL license that is bundled with
7 * this package in the file LICENSE.TXT.
8 *
9 * Further details on the project are available at http://postfixadmin.sf.net
10 *
11 * @version $Id$
12 * @license GNU GPL v2 or later.
13 *
14 * File: password-change.php
15 * Used by users and admins to change their forgotten login password.
16 * Template File: password-change.tpl
17 *
18 * Template Variables:
19 *
20 * tUsername
21 * tCode
22 *
23 * Form POST \ GET Variables:
24 *
25 * fUsername
26 */
27
28
29if (preg_match('/\/users\//', $_SERVER['REQUEST_URI'])) {
30    $rel_path = '../';
31    $context = 'users';
32} else {
33    $rel_path = './';
34    $context = 'admin';
35}
36require_once($rel_path . 'common.php');
37
38$smarty = PFASmarty::getInstance();
39$CONF = Config::getInstance()->getAll();
40
41$smarty->configureTheme($rel_path);
42
43if ($context === 'admin' && !Config::read('forgotten_admin_password_reset') ||
44    $context === 'users' && (!Config::read('forgotten_user_password_reset') || Config::read('mailbox_postpassword_script'))) {
45    die('Password reset is disabled by configuration option: forgotten_admin_password_reset or mailbox_postpassword_script');
46}
47
48if ($_SERVER['REQUEST_METHOD'] === 'GET') {
49    $tUsername = safeget('username');
50    $tCode = safeget('code');
51}
52
53if ($_SERVER['REQUEST_METHOD'] === 'POST') {
54    if (safepost('fCancel')) {
55        header('Location: main.php');
56        exit(0);
57    }
58
59    $fPassword = safepost('fPassword');
60    $fPassword2 = safepost('fPassword2');
61
62    $tUsername = safepost('fUsername');
63    $tCode = trim(safepost('fCode'));
64
65    if (empty($fPassword) or ($fPassword != $fPassword2)) {
66        $error = true;
67        flash_error(Config::lang('pPassword_password_text_error'));
68    } else {
69        $handler = $context === 'admin' ? new AdminHandler : new MailboxHandler;
70        if (!$handler->checkPasswordRecoveryCode($tUsername, $tCode)) {
71            flash_error(Config::lang('pPassword_code_text_error'));
72        } else {
73            init_session($tUsername, $context === 'admin');
74            if (!$handler->init($tUsername)) {
75                flash_error($handler->errormsg);
76            } else {
77                $values = $handler->result;
78                $values['password'] = $fPassword;
79                $values['password2'] = $fPassword2;
80                if ($handler->set($values) && $handler->save()) {
81                    flash_info(Config::lang_f('pPassword_result_success', $tUsername));
82                    header('Location: main.php');
83                    exit(0);
84                } else {
85                    foreach ($handler->errormsg as $msg) {
86                        flash_error($msg);
87                    }
88                }
89            }
90        }
91    }
92}
93
94$smarty->assign('language_selector', language_selector(), false);
95$smarty->assign('tUsername', @$tUsername);
96$smarty->assign('tCode', @$tCode);
97$smarty->assign('smarty_template', 'password-change');
98$smarty->display('index.tpl');
99
100/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
101