nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 09:03:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Login: Adjust Password Reset feature to support using a specific or dynamic domain in the reset link sent.

Browse Source
This commit is contained in:
Nate
2020-10-13 15:10:07 -06:00
parent 6913125511
commit 54ae9e2e13
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/default_settings/app_config.php
View File

@@ -222,6 +222,14 @@
$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false";
$apps[$x]['default_settings'][$y]['default_setting_description'] = "Display a Reset Password link on the login box (requires smtp_host be defined).";
$y++;
$apps[$x]['default_settings'][$y]['default_setting_uuid'] = "a21a002c-c065-411c-ae56-3d33a09f64b4";
$apps[$x]['default_settings'][$y]['default_setting_category'] = "login";
$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "password_reset_domain";
$apps[$x]['default_settings'][$y]['default_setting_name'] = "text";
$apps[$x]['default_settings'][$y]['default_setting_value'] = "";
$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false";
$apps[$x]['default_settings'][$y]['default_setting_description'] = "Set the domain to use in the Password Reset link sent via email.";
$y++;
$apps[$x]['default_settings'][$y]['default_setting_uuid'] = "962ac32c-74ce-4cce-b1d9-89f4d921493d";
$apps[$x]['default_settings'][$y]['default_setting_category'] = "login";
$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "domain_name_visible";

16
resources/login.php
View File

@@ -91,7 +91,18 @@
//generate reset link email and body variables
$domain_uuid = $result['domain_uuid'];
$domain_name = $_SESSION['domains'][$domain_uuid]['domain_name'];
if ($_SESSION['login']['password_reset_domain']['text'] != '') {
$domain_name = $_SESSION['login']['password_reset_domain']['text'];
}
else {
foreach ($_SESSION['domains'] as $uuid => $domain) {
if (strtolower($domain['domain_name']) == strtolower($_SERVER['HTTP_HOST'])) {
$domain_name = $_SERVER['HTTP_HOST'];
break;
}
}
$domain_name = $domain_name ? $domain_name : $_SESSION['domains'][$domain_uuid]['domain_name'];
}
$key = encrypt($_SESSION['login']['password_reset_key']['text'], $result['username'].'|'.$result['domain_uuid'].'|'.$result['password']);
$reset_link = "https://".$domain_name.PROJECT_PATH."/login.php?action=define&key=".urlencode($key);
$reset_button = email_button(strtoupper($text['label-reset_password']), $reset_link, '#2e82d0', '#fff');
@@ -160,6 +171,9 @@
$password_new = trim($_REQUEST['password_new']);
$password_repeat = trim($_REQUEST['password_repeat']);
//strip off @domain if submitted with username, as the valid domain for the reset is already being provided in the where clause below
$username = substr_count($username, '@') != 0 ? explode('@', $username)[0] : $username;
if ($username !== '' &&
$username === $_SESSION['valid_username'] &&
$password_new !== '' &&