opensmtpdadmin/password.php

<?php
// 
// OpenSMTPD Admin 
// by Mischa Peters <mischa at high5 dot nl>
// Copyright (c) 2022 High5!
// License Info: LICENSE.TXT
//
// File: password.php
//
// Template File: password.tpl
//
// Template Variables:
//
// message
//
// POST / GET Variables:
//
// password_current
// password1
// password2
//
require_once './functions.inc.php';
include './languages/' . check_language() . '.lang';

$SESSID_USERNAME = check_session();
$PERMISSIONS = check_permissions();
$admin = $SESSID_USERNAME ?? ADMIN_EMAIL;

if ($PERMISSIONS == ADMIN_RIGHTS) {
	$list_domains = list_domains();
	$list_admins = list_admins();
} else {
	$list_domains = list_domains($SESSID_USERNAME);
}

if ($_SERVER['REQUEST_METHOD'] == "POST") {
	$username = $SESSID_USERNAME;
	$password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
	$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
	$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
	  
	if (empty($password_current) || empty($password1) || $password1 != $password2) {
		$message = $LANG['Password_password_text_error'];
	}

	if (empty($message) && !empty($password_current)) {
		$dbh = pdo_connect();
		$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
		$sth->bindParam(1, $username, PDO::PARAM_STR);
		$sth->execute();
		$row = $sth->fetch(PDO::FETCH_COLUMN);
		if (!password_verify($password_current, $row)) {
			$message = $LANG['Password_password_current_text_error'];
		}
	}      

	if (empty($message) && !empty($password1)) {
		$hashed = bcrypt($password1);
		try {
			$dbh = pdo_connect();
			$sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
			$sth->bindParam(1, $hashed, PDO::PARAM_STR);
			$sth->bindParam(2, $username, PDO::PARAM_STR);
			$sth->execute();
			$message = $LANG['Password_result_succes'];
		} catch(PDOException $e) {
			$message = $LANG['Password_result_error'];
		}	
	}
}
include './templates/header.tpl';
include './templates/menu.tpl';
include './templates/password.tpl';
include './templates/footer.tpl';
?>
Initial commit 2022-08-18 14:01:52 +02:00			`<?php`
			`//`
			`// OpenSMTPD Admin`
			`// by Mischa Peters <mischa at high5 dot nl>`
			`// Copyright (c) 2022 High5!`
			`// License Info: LICENSE.TXT`
			`//`
			`// File: password.php`
			`//`
			`// Template File: password.tpl`
			`//`
			`// Template Variables:`
			`//`
more users things done 2022-09-04 19:17:50 +02:00			`// message`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
merge admin + superadmin 2022-09-05 20:29:41 +02:00			`// POST / GET Variables:`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
more users things done 2022-09-04 19:17:50 +02:00			`// password_current`
			`// password1`
			`// password2`
Initial commit 2022-08-18 14:01:52 +02:00			`//`
more users things done 2022-09-04 19:17:50 +02:00			`require_once './functions.inc.php';`
			`include './languages/' . check_language() . '.lang';`
Initial commit 2022-08-18 14:01:52 +02:00
			`$SESSID_USERNAME = check_session();`
merge admin + superadmin 2022-09-05 20:29:41 +02:00			`$PERMISSIONS = check_permissions();`
			`$admin = $SESSID_USERNAME ?? ADMIN_EMAIL;`

			`if ($PERMISSIONS == ADMIN_RIGHTS) {`
			`$list_domains = list_domains();`
			`$list_admins = list_admins();`
			`} else {`
			`$list_domains = list_domains($SESSID_USERNAME);`
			`}`
Initial commit 2022-08-18 14:01:52 +02:00
			`if ($_SERVER['REQUEST_METHOD'] == "POST") {`
			`$username = $SESSID_USERNAME;`
more users things done 2022-09-04 19:17:50 +02:00			`$password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);`
			`$password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);`
			`$password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);`
Initial commit 2022-08-18 14:01:52 +02:00
more users things done 2022-09-04 19:17:50 +02:00			`if (empty($password_current) \|\| empty($password1) \|\| $password1 != $password2) {`
			`$message = $LANG['Password_password_text_error'];`
Initial commit 2022-08-18 14:01:52 +02:00			`}`

more users things done 2022-09-04 19:17:50 +02:00			`if (empty($message) && !empty($password_current)) {`
connect_db -> pdo_connect 2022-09-04 20:50:21 +02:00			`$dbh = pdo_connect();`
more users things done 2022-09-04 19:17:50 +02:00			`$sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");`
			`$sth->bindParam(1, $username, PDO::PARAM_STR);`
			`$sth->execute();`
			`$row = $sth->fetch(PDO::FETCH_COLUMN);`
			`if (!password_verify($password_current, $row)) {`
			`$message = $LANG['Password_password_current_text_error'];`
Initial commit 2022-08-18 14:01:52 +02:00			`}`
more users things done 2022-09-04 19:17:50 +02:00			`}`

			`if (empty($message) && !empty($password1)) {`
			`$hashed = bcrypt($password1);`
			`try {`
connect_db -> pdo_connect 2022-09-04 20:50:21 +02:00			`$dbh = pdo_connect();`
more users things done 2022-09-04 19:17:50 +02:00			`$sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");`
			`$sth->bindParam(1, $hashed, PDO::PARAM_STR);`
			`$sth->bindParam(2, $username, PDO::PARAM_STR);`
			`$sth->execute();`
			`$message = $LANG['Password_result_succes'];`
			`} catch(PDOException $e) {`
			`$message = $LANG['Password_result_error'];`
			`}`
Initial commit 2022-08-18 14:01:52 +02:00			`}`
			`}`
more users things done 2022-09-04 19:17:50 +02:00			`include './templates/header.tpl';`
			`include './templates/menu.tpl';`
			`include './templates/password.tpl';`
			`include './templates/footer.tpl';`
Initial commit 2022-08-18 14:01:52 +02:00			`?>`