opensmtpdadmin/password.php

76 lines
2.0 KiB
PHP
Raw Normal View History

2022-08-18 14:01:52 +02:00
<?php
//
// OpenSMTPD Admin
// by Mischa Peters <mischa at high5 dot nl>
// Copyright (c) 2022 High5!
// License Info: LICENSE.TXT
//
// File: password.php
//
// Template File: password.tpl
//
// Template Variables:
//
2022-09-04 19:17:50 +02:00
// message
2022-08-18 14:01:52 +02:00
//
2022-09-05 20:29:41 +02:00
// POST / GET Variables:
2022-08-18 14:01:52 +02:00
//
2022-09-04 19:17:50 +02:00
// password_current
// password1
// password2
2022-08-18 14:01:52 +02:00
//
2022-09-04 19:17:50 +02:00
require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';
2022-08-18 14:01:52 +02:00
$SESSID_USERNAME = check_session();
$ROLE = check_role();
$SESSID_USERNAME = $SESSID_USERNAME ?? ADMIN_EMAIL;
2022-09-05 20:29:41 +02:00
if ($ROLE == ADMIN_ROLE) {
2022-09-05 20:29:41 +02:00
$list_domains = list_domains();
$list_admins = list_admins();
} else {
$list_domains = list_domains($SESSID_USERNAME);
}
2022-08-18 14:01:52 +02:00
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$username = $SESSID_USERNAME;
2022-09-04 19:17:50 +02:00
$password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
2022-08-18 14:01:52 +02:00
2022-09-04 19:17:50 +02:00
if (empty($password_current) || empty($password1) || $password1 != $password2) {
$message = $LANG['Password_password_text_error'];
2022-08-18 14:01:52 +02:00
}
2022-09-04 19:17:50 +02:00
if (empty($message) && !empty($password_current)) {
2022-09-04 20:50:21 +02:00
$dbh = pdo_connect();
2022-09-04 19:17:50 +02:00
$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
$sth->bindParam(1, $username, PDO::PARAM_STR);
$sth->execute();
$row = $sth->fetch(PDO::FETCH_COLUMN);
if (!password_verify($password_current, $row)) {
$message = $LANG['Password_password_current_text_error'];
2022-08-18 14:01:52 +02:00
}
2022-09-04 19:17:50 +02:00
}
if (empty($message) && !empty($password1)) {
$hashed = bcrypt($password1);
try {
2022-09-04 20:50:21 +02:00
$dbh = pdo_connect();
2022-09-04 19:17:50 +02:00
$sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
$sth->bindParam(2, $username, PDO::PARAM_STR);
$sth->execute();
$message = $LANG['Password_result_succes'];
} catch(PDOException $e) {
$message = $LANG['Password_result_error'];
}
2022-08-18 14:01:52 +02:00
}
}
2022-09-04 19:17:50 +02:00
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/password.tpl';
include './templates/footer.tpl';
2022-08-18 14:01:52 +02:00
?>