From 9cf1ef09d1c74504919552cd7bc85b7aa4479a31 Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Wed, 14 Jan 2015 18:37:48 -0500 Subject: [PATCH] #110 Update password.php --- admin/password.php | 361 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 361 insertions(+) create mode 100644 admin/password.php diff --git a/admin/password.php b/admin/password.php new file mode 100644 index 00000000..79b745be --- /dev/null +++ b/admin/password.php @@ -0,0 +1,361 @@ +is_valid) + { + //$_SESSION['img_a_verified']=true; + } + else + { + $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error']; + } + } + // Using ReCaptcha API v2? + elseif ($hesk_settings['recaptcha_use'] == 2) + { + require(HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php'); + + $resp = null; + $reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']); + + // Was there a reCAPTCHA response? + if ( isset($_POST["g-recaptcha-response"]) ) + { + $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response") ); + } + + if ($resp != null && $resp->success) + { + //$_SESSION['img_a_verified']=true; + } + else + { + $hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error']; + } + } + // Using PHP generated image + else + { + $mysecnum = intval( hesk_POST('mysecnum', 0) ); + + if ( empty($mysecnum) ) + { + $hesk_error_buffer['mysecnum'] = $hesklang['sec_miss']; + } + else + { + require(HESK_PATH . 'inc/secimg.inc.php'); + $sc = new PJ_SecurityImage($hesk_settings['secimg_sum']); + if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) ) + { + //$_SESSION['img_a_verified'] = true; + } + else + { + $hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng']; + } + } + } + } + + // Connect to database and check for brute force attempts + hesk_load_database_functions(); + hesk_dbConnect(); + hesk_limitBfAttempts(); + + // Get email + $email = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer['email']=$hesklang['enter_valid_email']; + + // Any errors? + if (count($hesk_error_buffer)!=0) + { + $_SESSION['a_iserror'] = array_keys($hesk_error_buffer); + + $tmp = ''; + foreach ($hesk_error_buffer as $error) + { + $tmp .= "
  • $error
    • \n"; + } + $hesk_error_buffer = $tmp; + + $hesk_error_buffer = $hesklang['pcer'].'

    '; + hesk_process_messages($hesk_error_buffer,'NOREDIRECT'); + } + else + { + // Get user data from the database + $res = hesk_dbQuery("SELECT `id`, `name`, `pass` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `email` LIKE '".hesk_dbEscape($email)."' LIMIT 1"); + if (hesk_dbNumRows($res) != 1) + { + hesk_process_messages($hesklang['noace'],'NOREDIRECT'); + } + else + { + $row = hesk_dbFetchAssoc($res); + $hash = sha1(microtime() . $_SERVER['REMOTE_ADDR'] . mt_rand() . $row['id'] . $row['name'] . $row['pass']); + + // Insert the verification hash into the database + hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` (`user`, `hash`, `ip`) VALUES (".intval($row['id']).", '{$hash}', '".hesk_dbEscape($_SERVER['REMOTE_ADDR'])."') "); + + // Prepare and send email + require(HESK_PATH . 'inc/email_functions.inc.php'); + + // Get the email message + $msg = hesk_getEmailMessage('reset_password',array(),1,0,1); + + // Replace message special tags + $msg = str_replace('%%NAME%%', hesk_msgToPlain($row['name'],1,1), $msg); + $msg = str_replace('%%SITE_URL%%', $hesk_settings['site_url'], $msg); + $msg = str_replace('%%SITE_TITLE%%', $hesk_settings['site_title'], $msg); + $msg = str_replace('%%PASSWORD_RESET%%', $hesk_settings['hesk_url'].'/'.$hesk_settings['admin_dir'].'/password.php?h='.$hash, $msg); + + // Send email + hesk_mail($email, $hesklang['reset_password'], $msg); + + // Show success + hesk_process_messages($hesklang['pemls'],'NOREDIRECT','SUCCESS'); + } + } +} +// If the "h" parameter is set verify it and reset the password +elseif ( isset($_GET['h']) ) +{ + // Get the hash + $hash = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['h']); + + // Connect to database + hesk_load_database_functions(); + hesk_dbConnect(); + + // Expire verification hashes older than 2 hours + hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `dt` < (NOW() - INTERVAL 2 HOUR)"); + + // Verify the hash exists + $res = hesk_dbQuery("SELECT `user`, `ip` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `hash` = '{$hash}' LIMIT 1"); + if (hesk_dbNumRows($res) != 1) + { + // Not a valid hash + hesk_limitBfAttempts(); + hesk_process_messages($hesklang['ehash'],'NOREDIRECT'); + } + else + { + // Get info from database + $row = hesk_dbFetchAssoc($res); + + // Only allow resetting password from the same IP address that submitted password reset request + if ($row['ip'] != $_SERVER['REMOTE_ADDR']) + { + hesk_limitBfAttempts(); + hesk_process_messages($hesklang['ehaip'],'NOREDIRECT'); + } + else + { + // Expire all verification hashes for this user + hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."reset_password` WHERE `user`=".intval($row['user'])); + + // Get user details + $res = hesk_dbQuery('SELECT * FROM `'.$hesk_settings['db_pfix']."users` WHERE `id`=".intval($row['user'])." LIMIT 1"); + $row = hesk_dbFetchAssoc($res); + foreach ($row as $k=>$v) + { + $_SESSION[$k]=$v; + } + unset($_SESSION['pass']); + + // Clean brute force attempts + hesk_cleanBfAttempts(); + + // Regenerate session ID (security) + hesk_session_regenerate_id(); + + // Get allowed categories + if (empty($_SESSION['isadmin'])) + { + $_SESSION['categories']=explode(',',$_SESSION['categories']); + } + + // Redirect to the profile page + hesk_process_messages($hesklang['resim'],'profile.php','NOTICE'); + exit(); + + } // End IP matches + } +} + +// Tell header to load reCaptcha API if needed +if ($hesk_settings['recaptcha_use'] == 2) +{ + define('RECAPTCHA',1); +} + +$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['passr']; +require_once(HESK_PATH . 'inc/header.inc.php'); +?> +
      +
      2. +
      3. +
      4. +
    + +
    +
    + +
    +
    + +