diff --git a/core/user_settings/app_defaults.php b/core/user_settings/app_defaults.php new file mode 100644 index 0000000000..6b897c6f61 --- /dev/null +++ b/core/user_settings/app_defaults.php @@ -0,0 +1,42 @@ + $default_settings) { + + //add theme default settings + $sql = "select count(*) as num_rows from v_default_settings "; + $sql .= "where default_setting_category = '".$default_settings['default_setting_category']."' "; + $sql .= "and default_setting_subcategory = '".$default_settings['default_setting_subcategory']."' "; + $sql .= "and default_setting_name = '".$default_settings['default_setting_name']."' "; + $prep_statement = $db->prepare($sql); + if ($prep_statement) { + $prep_statement->execute(); + $row = $prep_statement->fetch(PDO::FETCH_ASSOC); + unset($prep_statement); + if ($row['num_rows'] == 0) { + $orm = new orm; + $orm->name('default_settings'); + $orm->save($array[$index]); + $message = $orm->message; + //print_r($message); + } + unset($row); + } + + } + +} + +?> \ No newline at end of file diff --git a/core/user_settings/app_languages.php b/core/user_settings/app_languages.php index 4214f619bb..936a12b15b 100644 --- a/core/user_settings/app_languages.php +++ b/core/user_settings/app_languages.php @@ -55,16 +55,71 @@ $text['label-domain']['pt-pt'] = "Domínio"; $text['label-domain']['fr-fr'] = "Domaine"; + $text['label-reset_password']['en-us'] = "Reset Password"; + $text['label-reset_password']['es-cl'] = "Restablecer contraseña"; + $text['label-reset_password']['pt-pt'] = "Reset Password"; + $text['label-reset_password']['fr-fr'] = "Réinitialiser mot de passe"; + + $text['message-password_reset']['en-us'] = "Password Reset"; + $text['message-password_reset']['es-cl'] = "Restablecer Contraseña"; + $text['message-password_reset']['pt-pt'] = "Password Reset"; + $text['message-password_reset']['fr-fr'] = "Réinitialiser votre mot de passe"; + + $text['label-email_address']['en-us'] = "Email Address"; + $text['label-email_address']['es-cl'] = "Dirección de Correo Electrónico"; + $text['label-email_address']['pt-pt'] = "Endereço de Email"; + $text['label-email_address']['fr-fr'] = "Adresse E-mail"; + $text['button-login']['en-us'] = "Login"; $text['button-login']['es-cl'] = "Ingresar"; $text['button-login']['pt-pt'] = "Iniciar Sessão"; $text['button-login']['fr-fr'] = "connexion"; + $text['button-reset']['en-us'] = "Reset"; + $text['button-reset']['es-cl'] = "Reajustar"; + $text['button-reset']['pt-pt'] = "Restabelecer"; + $text['button-reset']['fr-fr'] = "Remettre"; + + $text['label-cancel']['en-us'] = "Cancel"; + $text['label-cancel']['es-cl'] = "Cancelar"; + $text['label-cancel']['pt-pt'] = "Cancelar"; + $text['label-cancel']['fr-fr'] = "Annuler"; + + $text['message-invalid_email']['en-us'] = "Invalid Email Address"; + $text['message-invalid_email']['es-cl'] = "Dirección no válida de correo electrónico"; + $text['message-invalid_email']['pt-pt'] = "Endereço inválido Email"; + $text['message-invalid_email']['fr-fr'] = "Adresse email invalide"; + + $text['message-reset_link_sent']['en-us'] = "Password Reset Link Sent"; + $text['message-reset_link_sent']['es-cl'] = "Restablecer Contraseña de Conexión Enviados"; + $text['message-reset_link_sent']['pt-pt'] = "Password Reset Link Enviado"; + $text['message-reset_link_sent']['fr-fr'] = "Password Reset Lien Envoyé"; + + $text['label-reset_link']['en-us'] = "Password Reset Link"; + $text['label-reset_link']['es-cl'] = "Password Reset Enlace"; + $text['label-reset_link']['pt-pt'] = "Password Reset Link"; + $text['label-reset_link']['fr-fr'] = "Password Reset Lien"; + $text['label-confirm-password']['en-us'] = "Confirm Password"; $text['label-confirm-password']['es-cl'] = "Confirmar Contraseña"; $text['label-confirm-password']['pt-pt'] = "Confirmar Palavra-Passe"; $text['label-confirm-password']['fr-fr'] = "Confirmation du mot de passe"; + $text['label-new_password']['en-us'] = "New Password"; + $text['label-new_password']['es-cl'] = "Nueva Contraseña"; + $text['label-new_password']['pt-pt'] = "Nova Senha"; + $text['label-new_password']['fr-fr'] = "Nouveau Mot de Passe"; + + $text['label-repeat_password']['en-us'] = "Repeat Password"; + $text['label-repeat_password']['es-cl'] = "Repita la Contraseña"; + $text['label-repeat_password']['pt-pt'] = "Repita a Senha"; + $text['label-repeat_password']['fr-fr'] = "Répéter le Mot de Passe"; + + $text['message-invalid_username_mismatch_passwords']['en-us'] = "Invalid Username and/or Mismatched Passwords"; + $text['message-invalid_username_mismatch_passwords']['es-cl'] = "Nombre de usuario válido y/o contraseñas no coincidentes"; + $text['message-invalid_username_mismatch_passwords']['pt-pt'] = "Nome de usuário inválido e/ou palavras-passe não correspondentes"; + $text['message-invalid_username_mismatch_passwords']['fr-fr'] = "Nom d'utilisateur valide et/ou mots de passe Mismatched"; + $text['label-extension']['en-us'] = "Extension"; $text['label-extension']['es-cl'] = "Extensión"; $text['label-extension']['pt-pt'] = "Extensão"; diff --git a/resources/functions.php b/resources/functions.php index fd36e96438..fb39aa90c5 100644 --- a/resources/functions.php +++ b/resources/functions.php @@ -1080,4 +1080,158 @@ function number_pad($number,$n) { } } } + +//function to send email + if (!function_exists('send_email')) { + function send_email($eml_recipients, $eml_subject, $eml_body, &$eml_error = '', $eml_from_address = '', $eml_from_name = '', $eml_priority = 3) { + /* + RECIPIENTS NOTE: + + Pass in a single email address... + + user@domain.com + + Pass in a comma or semi-colon delimited string of e-mail addresses... + + user@domain.com,user2@domain2.com,user3@domain3.com + user@domain.com;user2@domain2.com;user3@domain3.com + + Pass in a simple array of email addresses... + + Array ( + [0] => user@domain.com + [1] => user2@domain2.com + [2] => user3@domain3.com + ) + + Pass in a multi-dimentional array of addresses (delivery, address, name)... + + Array ( + [0] => Array ( + [delivery] => to + [address] => user@domain.com + [name] => user 1 + ) + [1] => Array ( + [delivery] => cc + [address] => user2@domain2.com + [name] => user 2 + ) + [2] => Array ( + [delivery] => bcc + [address] => user3@domain3.com + [name] => user 3 + ) + ) + + + ERROR RESPONSE: + + Error messages are stored in the variable passed into $eml_error BY REFERENCE + + */ + + include_once("resources/phpmailer/class.phpmailer.php"); + include_once("resources/phpmailer/class.smtp.php"); + + $regexp = '/^[A-z0-9][\w.-]*@[A-z0-9][\w\-\.]+\.[A-z0-9]{2,6}$/'; + + $mail = new PHPMailer(); + $mail -> IsSMTP(); + $mail -> Host = $_SESSION['email']['smtp_host']['var']; + if ($_SESSION['email']['smtp_port']['var'] != '') { + $mail -> Port = $_SESSION['email']['smtp_port']['var']; + } + if ($_SESSION['email']['smtp_auth']['var'] == "true") { + $mail -> SMTPAuth = $_SESSION['email']['smtp_auth']['var']; + } + if ($_SESSION['email']['smtp_username']['var']) { + $mail -> Username = $_SESSION['email']['smtp_username']['var']; + $mail -> Password = $_SESSION['email']['smtp_password']['var']; + } + if ($_SESSION['email']['smtp_secure']['var'] == "none") { + $_SESSION['email']['smtp_secure']['var'] = ''; + } + if ($_SESSION['email']['smtp_secure']['var'] != '') { + $mail -> SMTPSecure = $_SESSION['email']['smtp_secure']['var']; + } + $eml_from_address = ($eml_from_address != '') ? $eml_from_address : $_SESSION['email']['smtp_from']['var']; + $eml_from_name = ($eml_from_name != '') ? $eml_from_name : $_SESSION['email']['smtp_from_name']['var']; + $mail -> SetFrom($eml_from_address, $eml_from_name); + $mail -> AddReplyTo($eml_from_address, $eml_from_name); + $mail -> Subject = $eml_subject; + $mail -> MsgHTML($eml_body); + $mail -> Priority = $eml_priority; + + $address_found = false; + + if (!is_array($eml_recipients)) { // must be a single or delimited recipient address(s) + $eml_recipients = str_replace(' ', '', $eml_recipients); + if (substr_count(',', $eml_recipients)) { $delim = ','; } + if (substr_count(';', $eml_recipients)) { $delim = ';'; } + if ($delim) { $eml_recipients = explode($delim, $eml_recipients); } // delimiter found, convert to array of addresses + } + + if (is_array($eml_recipients)) { // check if multiple recipients + foreach ($eml_recipients as $eml_recipient) { + if (is_array($eml_recipient)) { // check if each recipient has multiple fields + if ($eml_recipient["address"] != '' && preg_match($regexp, $eml_recipient["address"]) == 1) { // check if valid address + switch ($eml_recipient["delivery"]) { + case "cc" : $mail -> AddCC($eml_recipient["address"], ($eml_recipient["name"]) ? $eml_recipient["name"] : $eml_recipient["address"]); break; + case "bcc" : $mail -> AddBCC($eml_recipient["address"], ($eml_recipient["name"]) ? $eml_recipient["name"] : $eml_recipient["address"]); break; + default : $mail -> AddAddress($eml_recipient["address"], ($eml_recipient["name"]) ? $eml_recipient["name"] : $eml_recipient["address"]); + } + $address_found = true; + } + } + else if ($eml_recipient != '' && preg_match($regexp, $eml_recipient) == 1) { // check if recipient value is simply (only) an address + $mail -> AddAddress($eml_recipient); + $address_found = true; + } + } + + if (!$address_found) { + $eml_error = "No valid e-mail address provided."; + return false; + } + + } + else { // just a single e-mail address found, not an array of addresses + if ($eml_recipients != '' && preg_match($regexp, $eml_recipients) == 1) { // check if email syntax is valid + $mail -> AddAddress($eml_recipients); + } + else { + $eml_error = "No valid e-mail address provided."; + return false; + } + } + + if (!$mail -> Send()) { + $eml_error = $mail -> ErrorInfo; + return false; + } + else { + return true; + } + + $mail -> ClearAddresses(); + $mail -> SmtpClose(); + + unset($mail); + } + } + +//encrypt a string + if (!function_exists('encrypt')) { + function encrypt($key, $str_to_enc) { + return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $str_to_enc, MCRYPT_MODE_CBC, md5(md5($key)))); + } + } + +//decrypt a string + if (!function_exists('decrypt')) { + function decrypt($key, $str_to_dec) { + return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($str_to_dec), MCRYPT_MODE_CBC, md5(md5($key))), "\0"); + } + } ?> diff --git a/resources/login.php b/resources/login.php index 6e2ccd0c9f..59e39c46d2 100644 --- a/resources/login.php +++ b/resources/login.php @@ -30,6 +30,113 @@ $text[$key] = $value[$_SESSION['domain']['language']['code']]; } +//get action, if any + if (isset($_REQUEST['action'])) { + $action = check_str($_REQUEST['action']); + } + +//retrieve parse reset key + if ($action == 'define') { + $key = $_GET['key']; + $key_part = explode('|', decrypt($_SESSION['login']['password_reset_key']['text'], $key)); + $username = $key_part[0]; + $domain_uuid = $key_part[1]; + $password_submitted = $key_part[2]; + //get current salt, see if same as submitted salt + $sql = "select password from v_users where domain_uuid = '".$domain_uuid."' and username = '".$username."'"; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $result = $prep_statement->fetch(PDO::FETCH_NAMED); + $password_current = $result['password']; + unset($prep_statement, $result); + + //set flag + $password_reset = ($username != '' && $domain_uuid == $_SESSION['domain_uuid'] && $password_submitted == $password_current) ? true : false; + } + +//send password reset link + if ($action == 'request') { + if (valid_email($_REQUEST['email'])) { + $_SESSION["message_delay"] = 2500; + + $email = check_str($_REQUEST['email']); + //see if email exists + $sql = "select "; + $sql .= "u.username, "; + $sql .= "u.password "; + $sql .= "from "; + $sql .= "v_users as u, "; + $sql .= "v_contact_emails e "; + $sql .= "where "; + $sql .= "e.domain_uuid = u.domain_uuid "; + $sql .= "and e.contact_uuid = u.contact_uuid "; + $sql .= "and e.email_address = '".$email."' "; + $sql .= "and e.domain_uuid = '".$_SESSION['domain_uuid']."' "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $result = $prep_statement->fetch(PDO::FETCH_NAMED); + unset($prep_statement); + + if ($result['username'] != '') { + //generate reset link + $key = encrypt($_SESSION['login']['password_reset_key']['text'], $result['username'].'|'.$_SESSION['domain_uuid'].'|'.$result['password']); + $reset_link = "https://".$_SESSION['domain_name'].PROJECT_PATH."/login.php?action=define&key=".urlencode($key); + $eml_body = "".$reset_link.""; + //send reset link + if (!send_email($email, $text['label-reset_link'], $eml_body)) { + $_SESSION["message_mood"] = 'negative'; + $_SESSION["message"] = $eml_error; + } + else { + $_SESSION["message"] = $text['message-reset_link_sent']; + } + } + else { + //not found + $_SESSION["message_mood"] = 'negative'; + $_SESSION["message"] = $text['message-invalid_email']; + } + + } + else { + //not found + $_SESSION["message_mood"] = 'negative'; + $_SESSION["message"] = $text['message-invalid_email']; + } + } + +//reset password + if ($action == 'reset') { + $authorized_username = check_str($_REQUEST['au']); + $username = check_str($_REQUEST['username']); + $password_new = check_str($_REQUEST['password_new']); + $password_repeat = check_str($_REQUEST['password_repeat']); + + if ($username != '' && + $authorized_username == md5($_SESSION['login']['password_reset_key']['text'].$username) && + $password_new != '' && + $password_repeat != '' && + $password_new == $password_repeat + ) { + $salt = generate_password('20', '4'); + $sql = "update v_users set "; + $sql .= "password = '".md5($salt.$password_new)."', "; + $sql .= "salt = '".$salt."' "; + $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; + $sql .= "and username = '".$username."' "; + $db->exec(check_sql($sql)); + + $_SESSION["message"] = $text['message-password_reset']; + $password_reset = false; + } + else { + //not found + $_SESSION["message_mood"] = 'negative'; + $_SESSION["message"] = $text['message-invalid_username_mismatch_passwords']; + $password_reset = true; + } + } + //get the http values and set as variables $path = check_str($_GET["path"]); $msg = check_str($_GET["msg"]); @@ -85,29 +192,74 @@ } //show the content + echo ""; + echo "
\n"; - echo "
\n"; - echo "\n"; - echo "
\n"; - echo "
\n"; - if ($_SESSION['login']['domain_name.visible']['boolean'] == "true") { - if (count($_SESSION['login']['domain_name']) > 0) { - echo "\n"; + echo "
\n"; + echo "
\n"; + if ($_SESSION['login']['domain_name.visible']['boolean'] == "true") { + if (count($_SESSION['login']['domain_name']) > 0) { + echo "\n"; + echo "
"; + } + else { + echo "
\n"; } - echo "\n"; - echo "
"; } - else { - echo "
\n"; + echo "\n"; + if ($_SESSION['login']['password_reset_key']['text'] != '' && function_exists('mcrypt_encrypt')) { + echo "

".$text['label-reset_password'].""; } + echo "
"; + echo ""; + echo ""; + + echo ""; + + } + else { + + echo "\n"; + echo "
\n"; + echo "\n"; + echo "\n"; + echo "
\n"; + echo "
\n"; + echo "
\n"; + echo "\n"; + echo "

"; + echo "
"; + echo ""; + echo ""; + } - echo "
"; - echo "\n"; - echo ""; - echo ""; //add the footer $default_login = true; diff --git a/themes/enhanced/template.php b/themes/enhanced/template.php index eef79f63f8..766c98ff11 100644 --- a/themes/enhanced/template.php +++ b/themes/enhanced/template.php @@ -120,6 +120,13 @@ if ( ?> } +A.login_box_link { + font-size: 11px; + text-shadow: 0 0 2px ; + cursor: pointer; + text-decoration: underline; +} + DIV#footer { background-color: ; bottom: 0; @@ -1038,7 +1045,7 @@ legend {