2022-08-18 14:01:52 +02:00
|
|
|
<?php
|
|
|
|
//
|
|
|
|
// OpenSMTPD Admin
|
|
|
|
// by Mischa Peters <mischa at high5 dot nl>
|
|
|
|
// Copyright (c) 2022 High5!
|
|
|
|
// License Info: LICENSE.TXT
|
|
|
|
//
|
|
|
|
// File: password.php
|
|
|
|
//
|
2022-09-04 19:17:50 +02:00
|
|
|
// Template File: password.tpl
|
2022-08-18 14:01:52 +02:00
|
|
|
//
|
|
|
|
// Template Variables:
|
|
|
|
//
|
2022-09-04 19:17:50 +02:00
|
|
|
// message
|
2022-08-18 14:01:52 +02:00
|
|
|
//
|
2022-09-04 22:43:21 +02:00
|
|
|
// Form POST / GET Variables:
|
2022-08-18 14:01:52 +02:00
|
|
|
//
|
2022-09-04 19:17:50 +02:00
|
|
|
// password_current
|
|
|
|
// password1
|
|
|
|
// password2
|
2022-08-18 14:01:52 +02:00
|
|
|
//
|
2022-09-04 19:17:50 +02:00
|
|
|
require_once '../functions.inc.php';
|
|
|
|
include '../languages/' . check_language() . '.lang';
|
2022-08-18 14:01:52 +02:00
|
|
|
|
2022-09-04 19:17:50 +02:00
|
|
|
$SESSID_USERNAME = check_session('userid');
|
|
|
|
$admin = $SESSID_USERNAME ?? ADMIN_EMAIL;
|
2022-08-18 14:01:52 +02:00
|
|
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
2022-09-04 19:17:50 +02:00
|
|
|
$username = $SESSID_USERNAME;
|
|
|
|
$password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
|
|
|
|
$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
|
|
|
|
$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
|
2022-08-18 14:01:52 +02:00
|
|
|
|
2022-09-04 19:17:50 +02:00
|
|
|
if (empty($password_current) || empty($password1) || $password1 != $password2) {
|
|
|
|
$message = $LANG['Password_password_text_error'];
|
2022-08-18 14:01:52 +02:00
|
|
|
}
|
|
|
|
|
2022-09-04 19:17:50 +02:00
|
|
|
if (empty($message) && !empty($password_current)) {
|
2022-09-04 20:50:21 +02:00
|
|
|
$dbh = pdo_connect();
|
2022-09-04 19:17:50 +02:00
|
|
|
$sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
|
|
|
|
$sth->bindParam(1, $username, PDO::PARAM_STR);
|
|
|
|
$sth->execute();
|
|
|
|
$row = $sth->fetch(PDO::FETCH_COLUMN);
|
|
|
|
if (!password_verify($password_current, $row)) {
|
|
|
|
$message = $LANG['Password_password_current_text_error'];
|
2022-08-18 14:01:52 +02:00
|
|
|
}
|
2022-09-04 19:17:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (empty($message) && !empty($password1)) {
|
|
|
|
$hashed = bcrypt($password1);
|
|
|
|
try {
|
2022-09-04 20:50:21 +02:00
|
|
|
$dbh = pdo_connect();
|
2022-09-04 19:17:50 +02:00
|
|
|
$sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?");
|
|
|
|
$sth->bindParam(1, $hashed, PDO::PARAM_STR);
|
|
|
|
$sth->bindParam(2, $username, PDO::PARAM_STR);
|
|
|
|
$sth->execute();
|
|
|
|
logging($admin, substr(strrchr($SESSID_USERNAME, "@"), 1), $LANG['Logging_password_change'], $admin);
|
|
|
|
$message = $LANG['Password_result_succes'];
|
|
|
|
} catch(PDOException $e) {
|
|
|
|
$message = $LANG['Password_result_error'];
|
|
|
|
}
|
2022-08-18 14:01:52 +02:00
|
|
|
}
|
|
|
|
}
|
2022-09-04 19:17:50 +02:00
|
|
|
include '../templates/header.tpl';
|
|
|
|
include '../templates/users_menu.tpl';
|
|
|
|
include '../templates/password.tpl';
|
|
|
|
include '../templates/footer.tpl';
|
2022-08-18 14:01:52 +02:00
|
|
|
?>
|