Portions created by the Initial Developer are Copyright (C) 2008-2012 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ //add multi-lingual support $language = new text; $text = $language->get(null,'core/user_settings'); //get action, if any if (isset($_REQUEST['action'])) { $action = check_str($_REQUEST['action']); } //retrieve parse reset key if ($action == 'define') { $key = $_GET['key']; $key_part = explode('|', decrypt($_SESSION['login']['password_reset_key']['text'], $key)); $username = $key_part[0]; $domain_uuid = $key_part[1]; $password_submitted = $key_part[2]; //get current salt, see if same as submitted salt $sql = "select password from v_users where domain_uuid = '".$domain_uuid."' and username = '".$username."'"; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetch(PDO::FETCH_NAMED); $password_current = $result['password']; unset($prep_statement, $result); //set flag $password_reset = ($username != '' && $domain_uuid == $_SESSION['domain_uuid'] && $password_submitted == $password_current) ? true : false; } //send password reset link if ($action == 'request') { if (valid_email($_REQUEST['email'])) { $_SESSION["message_delay"] = 2500; $email = check_str($_REQUEST['email']); //see if email exists $sql = "select "; $sql .= "u.username, "; $sql .= "u.password "; $sql .= "from "; $sql .= "v_users as u, "; $sql .= "v_contact_emails as e "; $sql .= "where "; $sql .= "e.domain_uuid = u.domain_uuid "; $sql .= "and e.contact_uuid = u.contact_uuid "; $sql .= "and e.email_address = '".$email."' "; $sql .= "and e.domain_uuid = '".$_SESSION['domain_uuid']."' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetch(PDO::FETCH_NAMED); unset($prep_statement); if ($result['username'] != '') { //generate reset link $key = encrypt($_SESSION['login']['password_reset_key']['text'], $result['username'].'|'.$_SESSION['domain_uuid'].'|'.$result['password']); $reset_link = "https://".$_SESSION['domain_name'].PROJECT_PATH."/login.php?action=define&key=".urlencode($key); $eml_body = "".$reset_link.""; //send reset link if (!send_email($email, $text['label-reset_link'], $eml_body)) { $_SESSION["message_mood"] = 'negative'; $_SESSION["message"] = $eml_error; } else { $_SESSION["message"] = $text['message-reset_link_sent']; } } else { //not found $_SESSION["message_mood"] = 'negative'; $_SESSION["message"] = $text['message-invalid_email']; } } else { //not found $_SESSION["message_mood"] = 'negative'; $_SESSION["message"] = $text['message-invalid_email']; } } //reset password if ($action == 'reset') { $authorized_username = check_str($_REQUEST['au']); $username = check_str($_REQUEST['username']); $password_new = check_str($_REQUEST['password_new']); $password_repeat = check_str($_REQUEST['password_repeat']); if ($username != '' && $authorized_username == md5($_SESSION['login']['password_reset_key']['text'].$username) && $password_new != '' && $password_repeat != '' && $password_new == $password_repeat ) { if (!check_password_strength($password_new, $text)) { $password_reset = true; } else { $salt = generate_password('20', '4'); $sql = "update v_users set "; $sql .= "password = '".md5($salt.$password_new)."', "; $sql .= "salt = '".$salt."' "; $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' "; $sql .= "and username = '".$username."' "; $db->exec(check_sql($sql)); $_SESSION["message"] = $text['message-password_reset']; $password_reset = false; } } else { //not found $_SESSION["message_mood"] = 'negative'; $_SESSION["message"] = $text['message-invalid_username_mismatch_passwords']; $password_reset = true; } } //get the http values and set as variables $path = check_str($_GET["path"]); $msg = check_str($_GET["msg"]); //set a default login destination if (strlen($_SESSION['login']['destination']['url']) == 0) { $_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/user_settings/user_dashboard.php"; } //add the header include "resources/header.php"; //show the message if (strlen($msg) > 0) { echo "

"; echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
Message
\n"; switch ($msg) { case "username required": echo "Please provide a username."; break; case "incorrect account information": echo "The username or password was incorrect. Please try again."; break; case "install complete": echo "
\n"; echo "Installation is complete.
"; echo "
"; echo "Getting Started:
"; echo "
  • There are two levels of admins 1. superadmin 2. admin.
    "; echo "
    \n"; echo "username: superadmin
    password: fusionpbx
    \n"; echo "
    \n"; echo "username: admin
    password: fusionpbx

    \n"; echo "
    • \n"; echo "
  • \n"; echo "The database connection settings have been saved to ".$_SERVER["DOCUMENT_ROOT"].PROJECT_PATH."/resources/config.php.
    \n"; echo "
    • \n"; echo "
\n"; echo "\n"; break; } echo "
\n"; echo "
\n"; echo "

\n\n"; } //show the content echo ""; echo "
\n"; if (!$password_reset) { echo "
\n"; echo "
\n"; echo "\n"; echo "
\n"; echo "
\n"; if ($_SESSION['login']['domain_name_visible']['boolean'] == "true") { if (count($_SESSION['login']['domain_name']) > 0) { $click_change_color = ($_SESSION['theme']['login_input_text_color']['text'] != '') ? $_SESSION['theme']['login_input_text_color']['text'] : (($_SESSION['theme']['input_text_color']['text'] != '') ? $_SESSION['theme']['input_text_color']['text'] : '#000000'); $placeholder_color = ($_SESSION['theme']['login_input_text_placeholder_color']['text'] != '') ? 'color: '.$_SESSION['theme']['login_input_text_placeholder_color']['text'].';' : 'color: #999999;'; echo "
\n"; } else { echo "
\n"; } } echo "\n"; if ( function_exists('mcrypt_encrypt') && $_SESSION['login']['password_reset_key']['text'] != '' && $_SESSION['email']['smtp_host']['var'] != '' ) { echo "

"; } echo "
"; echo ""; echo "
"; echo ""; } else { echo "\n"; echo "\n"; echo "
\n"; echo "\n"; echo "\n"; echo "
\n"; echo "
\n"; echo "
"; echo "
\n"; echo "\n"; echo "

"; echo "
"; echo "\n"; echo ""; } //add the footer $default_login = true; include "resources/footer.php"; ?>