Development

Wiki Start
Wishlist
Timeline
Roadmap
Browse Source
New Ticket
View Tickets

root/trunk/gui/include/lostpassword-functions.php

Revision 1246, 8.1 kB (checked in by rats, 5 months ago)

GUI Update 4/5: inlcude

Line 
1 <?php
2 /**
3  * ispCP ω (OMEGA) a Virtual Hosting Control System
4  *
5  * @copyright     2001-2006 by moleSoftware GmbH
6  * @copyright     2006-2008 by ispCP | http://isp-control.net
7  * @link         http://isp-control.net
8  * @author         ispCP Team (2007)
9  *
10  * @license
11  *   This program is free software; you can redistribute it and/or modify it under
12  *   the terms of the MPL General Public License as published by the Free Software
13  *   Foundation; either version 1.1 of the License, or (at your option) any later
14  *   version.
15  *   You should have received a copy of the MPL Mozilla Public License along with
16  *   this program; if not, write to the Open Source Initiative (OSI)
17  *   http://opensource.org | osi@opensource.org
18  */
19
20 function check_gd() {
21     return function_exists('imagecreatetruecolor');
22 }
23
24 function captcha_fontfile_exists() {
25     return file_exists(Config::get('LOSTPASSWORD_CAPTCHA_FONT'));
26 }
27
28 function createImage($strSessionVar) {
29     $rgBgColor = Config::get('LOSTPASSWORD_CAPTCHA_BGCOLOR');
30     $rgTextColor = Config::get('LOSTPASSWORD_CAPTCHA_TEXTCOLOR');
31
32     $x = Config::get('LOSTPASSWORD_CAPTCHA_WIDTH');
33     $y = Config::get('LOSTPASSWORD_CAPTCHA_HEIGHT');
34
35     $font = Config::get('LOSTPASSWORD_CAPTCHA_FONT');
36
37     $iRandVal = strrand(8, $strSessionVar);
38
39     $im = imagecreate($x, $y) or die("Cannot Initialize new GD image stream");
40
41     $background_color = imagecolorallocate($im, $rgBgColor[0],
42         $rgBgColor[1],
43         $rgBgColor[2]);
44
45     $text_color = imagecolorallocate($im, $rgTextColor[0],
46         $rgTextColor[1],
47         $rgTextColor[2]);
48
49     $white = imagecolorallocate($im, 0xFF, 0xFF, 0xFF);
50
51     imagettftext($im, 34, 0, 5, 50,
52         $text_color,
53         $font,
54         $iRandVal);
55     // some obfuscation
56     for ($i = 0; $i < 3; $i++) {
57         $x1 = mt_rand(0, $x - 1);
58
59         $y1 = mt_rand(0, round($y / 10, 0));
60
61         $x2 = mt_rand(0, round($x / 10, 0));
62
63         $y2 = mt_rand(0, $y - 1);
64
65         imageline($im, $x1, $y1, $x2, $y2, $white);
66
67         $x1 = mt_rand(0, $x - 1);
68
69         $y1 = $y - mt_rand(1, round($y / 10, 0));
70
71         $x2 = $x - mt_rand(1, round($x / 10, 0));
72
73         $y2 = mt_rand(0, $y - 1);
74
75         imageline($im, $x1, $y1, $x2, $y2, $white);
76     }
77     // Header schicken
78     header("Content-type: image/png");
79     // PNG Bild erzeugen und senden
80     imagepng($im);
81     // Bild auf dem Server loeschen
82     imagedestroy($im);
83 }
84
85 function strrand($length, $strSessionVar) {
86     $str = "";
87
88     while (strlen($str) < $length) {
89         $random = mt_rand(48, 122);
90
91         if (preg_match('/[2-47-9A-HKMNPRTWUYa-hkmnp-rtwuy]/', chr($random))) {
92             $str .= chr($random);
93         }
94     }
95
96     $_SESSION[$strSessionVar] = $str;
97
98     return $_SESSION[$strSessionVar];
99 }
100
101 function removeOldKeys($ttl) {
102     $sql = Database::getInstance();
103
104     $boundary = date('Y-m-d H:i:s', time() - $ttl * 60);
105
106     $query = <<<SQL_QUERY
107                       UPDATE
108                 admin
109                         SET
110                             uniqkey = NULL,
111                             uniqkey_time = NULL
112                         WHERE
113                             uniqkey_time < ?
114 SQL_QUERY;
115
116     exec_query($sql, $query, array($boundary));
117 }
118
119 function setUniqKey($admin_name, $uniqkey) {
120     $sql = Database::getInstance();
121
122     $timestamp = date('Y-m-d H:i:s', time());
123
124     $query = <<<SQL_QUERY
125                       UPDATE
126                 admin
127             SET
128               uniqkey = ?,
129               uniqkey_time = ?
130             WHERE
131               admin_name = ?
132 SQL_QUERY;
133
134     exec_query($sql, $query, array($uniqkey, $timestamp, $admin_name));
135 }
136
137 function setPassword($uniqkey, $upass) {
138     $sql = Database::getInstance();
139
140     if ($uniqkey == '') exit;
141
142     $query = <<<SQL_QUERY
143                UPDATE
144               admin
145             SET
146               admin_pass = ?
147             WHERE
148               uniqkey = ?
149 SQL_QUERY;
150
151     exec_query($sql, $query, array(crypt_user_pass($upass), $uniqkey));
152 }
153
154 function uniqkeyexists($uniqkey) {
155     $sql = Database::getInstance();
156
157     $query = <<<SQL_QUERY
158                 SELECT
159                 uniqkey
160                 FROM
161                 admin
162                 WHERE
163                 uniqkey = ?
164 SQL_QUERY;
165
166     $res = exec_query($sql, $query, array($uniqkey));
167
168     if ($res->RecordCount() != 0)
169
170         return true;
171
172     else
173
174         return false;
175 }
176
177 function uniqkeygen() {
178     $uniqkey = '';
179
180     while ((uniqkeyexists($uniqkey)) || (!$uniqkey)) {
181         $uniqkey = md5(uniqid(mt_rand()));
182     }
183
184     return $uniqkey;
185 }
186
187 function sendpassword($uniqkey) {
188     $sql = Database::getInstance();
189
190     $query = <<<SQL_QUERY
191                 SELECT
192                 admin_name, created_by, fname, lname, email
193                 FROM
194                 admin
195                 WHERE
196                 uniqkey = ?
197 SQL_QUERY;
198
199     $res = exec_query($sql, $query, array($uniqkey));
200
201     if ($res->RecordCount() == 1) {
202         $admin_name = $res->fields['admin_name'];
203
204         $created_by = $res->fields['created_by'];
205
206         $admin_fname = $res->fields['fname'];
207
208         $admin_lname = $res->fields['lname'];
209
210         $to = $res->fields['email'];
211
212         $upass = passgen();
213
214         setPassword($uniqkey, $upass);
215
216         write_log("Lostpassword: " . $admin_name . ": password updated");
217
218         $query = <<<SQL_QUERY
219                 UPDATE
220                   admin
221                 SET
222                   uniqkey = ?,
223                   uniqkey_time = ?
224                 WHERE
225                   uniqkey = ?
226 SQL_QUERY;
227
228         $rs = exec_query($sql, $query, array('', '', $uniqkey));
229
230         if ($created_by == 0) $created_by = 1;
231
232         $data = get_lostpassword_password_email($created_by);
233
234         $from_name = $data['sender_name'];
235
236         $from_email = $data['sender_email'];
237
238         $subject = $data['subject'];
239
240         $message = $data['message'];
241
242         $base_vhost = Config::get('BASE_SERVER_VHOST');
243
244         if ($from_name) {
245             $from = "\"" . $from_name . "\" <" . $from_email . ">";
246         } else {
247             $from = $from_email;
248         }
249
250         $search = array();
251         $replace = array();
252
253         $search [] = '{USERNAME}';
254         $replace[] = $admin_name;
255         $search [] = '{NAME}';
256         $replace[] = $admin_fname . " " . $admin_lname;
257         $search [] = '{PASSWORD}';
258         $replace[] = $upass;
259         $search [] = '{BASE_SERVER_VHOST}';
260         $replace[] = $base_vhost;
261
262         $subject = str_replace($search, $replace, $subject);
263         $message = str_replace($search, $replace, $message);
264
265         $headers = "From: " . $from . "\n";
266
267         $headers .= "MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\nContent-Transfer-Encoding: 7bit\n";
268
269         $headers .= "X-Mailer: ispCP lostpassword mailer";
270
271         $mail_result = mail($to, $subject, $message, $headers);
272
273         $mail_status = ($mail_result) ? 'OK' : 'NOT OK';
274
275         write_log("Lostpassword activated: To: |$to|, From: |$from|, Status: |$mail_status| !", E_USER_NOTICE);
276
277         return true;
278     }
279
280     return false;
281 }
282
283 function requestpassword($admin_name) {
284     $sql = Database::getInstance();
285
286     $query = <<<SQL_QUERY
287                 SELECT
288                 created_by, fname, lname, email
289                 FROM
290                 admin
291                 WHERE
292                 admin_name = ?
293 SQL_QUERY;
294
295     $res = exec_query($sql, $query, array($admin_name));
296
297     if ($res->RecordCount() == 0) {
298         return false;
299     }
300
301     $created_by = $res->fields['created_by'];
302     $admin_fname = $res->fields['fname'];
303     $admin_lname = $res->fields['lname'];
304     $to = $res->fields['email'];
305
306     $uniqkey = uniqkeygen();
307
308     setUniqKey($admin_name, $uniqkey);
309
310     write_log("Lostpassword: " . $admin_name . ": uniqkey created", E_USER_NOTICE);
311
312     if ($created_by == 0) $created_by = 1;
313
314     $data = get_lostpassword_activation_email($created_by);
315
316     $from_name = $data['sender_name'];
317     $from_email = $data['sender_email'];
318     $subject = $data['subject'];
319     $message = $data['message'];
320
321     $base_vhost = Config::get('BASE_SERVER_VHOST');
322
323     if ($from_name) {
324         $from = "\"" . $from_name . "\" <" . $from_email . ">";
325     } else {
326         $from = $from_email;
327     }
328
329     $prot = isset($_SERVER['https'])? 'https' : 'http';
330
331     $link = $prot . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . "?key=" . $uniqkey;
332
333     $search = array();
334     $replace = array();
335
336     $search [] = '{USERNAME}';
337     $replace[] = $admin_name;
338     $search [] = '{NAME}';
339     $replace[] = $admin_fname . " " . $admin_lname;
340     $search [] = '{LINK}';
341     $replace[] = $link;
342     $search [] = '{BASE_SERVER_VHOST}';
343     $replace[] = $base_vhost;
344
345     $subject = str_replace($search, $replace, $subject);
346     $message = str_replace($search, $replace, $message);
347
348     $headers = "From: " . $from . "\n";
349
350     $headers .= "MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\nContent-Transfer-Encoding: 8bit\n";
351
352     $headers .= "X-Mailer: ispCP lostpassword mailer";
353
354     $mail_result = mail($to, encode($subject), $message, $headers);
355
356     $mail_status = ($mail_result) ? 'OK' : 'NOT OK';
357
358     write_log("Lostpassword send: To: |$to|, From: |$from|, Status: |$mail_status| !", E_USER_NOTICE);
359
360     return true;
361 }
362
363 ?>
Note: See TracBrowser for help on using the browser.