maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

major refactoring of almost all files

Browse Source
This commit is contained in:
envoyr
2022-04-28 20:48:00 +02:00
parent a2e95b960f
commit 4f4c71d79b
285 changed files with 21716 additions and 18766 deletions
Download Patch File Download Diff File Expand all files Collapse all files

363
index.php
View File

@@ -2,27 +2,44 @@
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* @copyright (c) the authors
* @author Florian Lippert <flo@syscp.org> (2003-2009)
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Panel
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, you can also view it online at
* https://files.froxlor.org/misc/COPYING.txt
*
* @copyright the authors
* @author Froxlor team <team@froxlor.org>
* @license https://files.froxlor.org/misc/COPYING.txt GPLv2
*/
define('AREA', 'login');
const AREA = 'login';
require __DIR__ . '/lib/init.php';
use Froxlor\CurrentUser;
use Froxlor\Customer\Customer;
use Froxlor\Database\Database;
use Froxlor\Settings;
use Froxlor\FileDir;
use Froxlor\Froxlor;
use Froxlor\FroxlorLogger;
use Froxlor\FroxlorTwoFactorAuth;
use Froxlor\PhpHelper;
use Froxlor\Settings;
use Froxlor\System\Crypt;
use Froxlor\UI\Panel\UI;
use Froxlor\UI\Response;
use Froxlor\User;
use Froxlor\Validate\Validate;
if ($action == '') {
$action = 'login';
@@ -32,23 +49,23 @@ if ($action == '2fa_entercode') {
// page for entering the 2FA code after successful login
if (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {
// no session - redirect to index
\Froxlor\UI\Response::redirectTo('index.php');
Response::redirectTo('index.php');
exit();
}
// show template to enter code
UI::view('login/enter2fa.html.twig', [
'pagetitle' => $lng['login']['2fa']
'pagetitle' => lng('login.2fa')
]);
} elseif ($action == '2fa_verify') {
// verify code from 2fa code-enter form
if (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {
// no session - redirect to index
\Froxlor\UI\Response::redirectTo('index.php');
Response::redirectTo('index.php');
exit();
}
$code = isset($_POST['2fa_code']) ? $_POST['2fa_code'] : null;
// verify entered code
$tfa = new \Froxlor\FroxlorTwoFactorAuth('Froxlor');
$tfa = new FroxlorTwoFactorAuth('Froxlor');
$result = ($_SESSION['secret_2fa'] == 'email' ? true : $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3));
// either the code is valid when using authenticator-app, or we will select userdata by id and entered code
// which is temporarily stored for the customer when using email-2fa
@@ -58,9 +75,9 @@ if ($action == '2fa_entercode') {
$field = $_SESSION['uidfield_2fa'];
$uid = $_SESSION['uid_2fa'];
$isadmin = $_SESSION['unfo_2fa'];
$sel_param = array(
$sel_param = [
'uid' => $uid
);
];
if ($_SESSION['secret_2fa'] == 'email') {
// verify code by selecting user by id and the temp. stored code,
// so only if it's the correct code, we get the user-data
@@ -73,9 +90,9 @@ if ($action == '2fa_entercode') {
$userinfo = Database::pexecute_first($sel_stmt, $sel_param);
// whoops, no (valid) user? Start again
if (empty($userinfo)) {
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '2'
));
]);
}
// set fields in $userinfo required for finishLogin()
$userinfo['adminsession'] = $isadmin;
@@ -83,34 +100,34 @@ if ($action == '2fa_entercode') {
// if not successful somehow - start again
if (!finishLogin($userinfo)) {
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '2'
));
]);
}
// when using email-2fa, remove the one-time-code
if ($userinfo['type_2fa'] == '1') {
$del_stmt = Database::prepare("UPDATE $table SET `data_2fa` = '' WHERE `" . $field . "` = :uid");
$userinfo = Database::pexecute_first($del_stmt, array(
$userinfo = Database::pexecute_first($del_stmt, [
'uid' => $uid
));
]);
}
exit();
}
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '2'
));
]);
exit();
} elseif ($action == 'login') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$loginname = \Froxlor\Validate\Validate::validate($_POST['loginname'], 'loginname');
$password = \Froxlor\Validate\Validate::validate($_POST['password'], 'password');
$loginname = Validate::validate($_POST['loginname'], 'loginname');
$password = Validate::validate($_POST['password'], 'password');
$stmt = Database::prepare("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "`
WHERE `loginname`= :loginname");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"loginname" => $loginname
));
]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row && $row['customer'] == $loginname) {
@@ -120,26 +137,26 @@ if ($action == '2fa_entercode') {
$is_admin = false;
} else {
$is_admin = true;
if ((int) Settings::Get('login.domain_login') == 1) {
$domainname = $idna_convert->encode(preg_replace(array(
if ((int)Settings::Get('login.domain_login') == 1) {
$domainname = $idna_convert->encode(preg_replace([
'/\:(\d)+$/',
'/^https?\:\/\//'
), '', $loginname));
], '', $loginname));
$stmt = Database::prepare("SELECT `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
WHERE `domain` = :domain");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"domain" => $domainname
));
]);
$row2 = $stmt->fetch(PDO::FETCH_ASSOC);
if (isset($row2['customerid']) && $row2['customerid'] > 0) {
$loginname = \Froxlor\Customer\Customer::getCustomerDetail($row2['customerid'], 'loginname');
$loginname = Customer::getCustomerDetail($row2['customerid'], 'loginname');
if ($loginname !== false) {
$stmt = Database::prepare("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "`
WHERE `loginname`= :loginname");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"loginname" => $loginname
));
]);
$row3 = $stmt->fetch(PDO::FETCH_ASSOC);
if ($row3 && $row3['customer'] == $loginname) {
$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
@@ -152,31 +169,31 @@ if ($action == '2fa_entercode') {
}
}
if ((\Froxlor\Froxlor::hasUpdates() || \Froxlor\Froxlor::hasDbUpdates()) && $is_admin == false) {
\Froxlor\UI\Response::redirectTo('index.php');
if ((Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) && $is_admin == false) {
Response::redirectTo('index.php');
exit();
}
if ($is_admin) {
if (\Froxlor\Froxlor::hasUpdates() || \Froxlor\Froxlor::hasDbUpdates()) {
if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
WHERE `loginname`= :loginname
AND `change_serversettings` = '1'");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"loginname" => $loginname
));
]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!isset($row['admin'])) {
// not an admin who can see updates
\Froxlor\UI\Response::redirectTo('index.php');
Response::redirectTo('index.php');
exit();
}
} else {
$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
WHERE `loginname`= :loginname");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"loginname" => $loginname
));
]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
}
@@ -186,38 +203,38 @@ if ($action == '2fa_entercode') {
$adminsession = '1';
} else {
// Log failed login
$rstlog = FroxlorLogger::getInstanceOf(array(
$rstlog = FroxlorLogger::getInstanceOf([
'loginname' => $_SERVER['REMOTE_ADDR']
));
$rstlog->logAction(\Froxlor\FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login.");
]);
$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login.");
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '2'
));
]);
exit();
}
}
$userinfo_stmt = Database::prepare("SELECT * FROM $table
WHERE `loginname`= :loginname");
Database::pexecute($userinfo_stmt, array(
Database::pexecute($userinfo_stmt, [
"loginname" => $loginname
));
]);
$userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC);
if ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) {
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '3'
));
]);
exit();
} elseif (\Froxlor\System\Crypt::validatePasswordLogin($userinfo, $password, $table, $uid)) {
} elseif (Crypt::validatePasswordLogin($userinfo, $password, $table, $uid)) {
// only show "you're banned" if the login was successful
// because we don't want to publish that the user does exist
if ($userinfo['deactivated']) {
unset($userinfo);
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '5'
));
]);
exit();
} else {
// login correct
@@ -225,10 +242,10 @@ if ($action == '2fa_entercode') {
$stmt = Database::prepare("UPDATE $table
SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
WHERE `$uid`= :uid");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"lastlogin_succ" => time(),
"uid" => $userinfo[$uid]
));
]);
$userinfo['userid'] = $userinfo[$uid];
$userinfo['adminsession'] = $adminsession;
}
@@ -237,21 +254,21 @@ if ($action == '2fa_entercode') {
$stmt = Database::prepare("UPDATE $table
SET `lastlogin_fail`= :lastlogin_fail, `loginfail_count`=`loginfail_count`+1
WHERE `$uid`= :uid");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"lastlogin_fail" => time(),
"uid" => $userinfo[$uid]
));
]);
// Log failed login
$rstlog = FroxlorLogger::getInstanceOf(array(
$rstlog = FroxlorLogger::getInstanceOf([
'loginname' => $_SERVER['REMOTE_ADDR']
));
$rstlog->logAction(\Froxlor\FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password.");
]);
$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password.");
unset($userinfo);
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '2'
));
]);
exit();
}
@@ -266,27 +283,27 @@ if ($action == '2fa_entercode') {
// send mail if type_2fa = 1 (email)
if ($userinfo['type_2fa'] == 1) {
// generate code
$tfa = new \Froxlor\FroxlorTwoFactorAuth('Froxlor');
$tfa = new FroxlorTwoFactorAuth('Froxlor');
$code = $tfa->getCode($tfa->createSecret());
// set code for user
$stmt = Database::prepare("UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"d2fa" => $code,
"uid" => $userinfo[$uid]
));
]);
// build up & send email
$_mailerror = false;
$mailerr_msg = "";
$replace_arr = array(
$replace_arr = [
'CODE' => $code
);
$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables($lng['mails']['2fa']['mailbody'], $replace_arr));
];
$mail_body = html_entity_decode(PhpHelper::replaceVariables(lng('mails.2fa.mailbody'), $replace_arr));
try {
$mail->Subject = $lng['mails']['2fa']['subject'];
$mail->Subject = lng('mails.2fa.subject');
$mail->AltBody = $mail_body;
$mail->MsgHTML(str_replace("\n", "<br />", $mail_body));
$mail->AddAddress($userinfo['email'], \Froxlor\User::getCorrectUserSalutation($userinfo));
$mail->AddAddress($userinfo['email'], User::getCorrectUserSalutation($userinfo));
$mail->Send();
} catch (\PHPMailer\PHPMailer\Exception $e) {
$mailerr_msg = $e->errorMessage();
@@ -297,67 +314,66 @@ if ($action == '2fa_entercode') {
}
if ($_mailerror) {
$rstlog = FroxlorLogger::getInstanceOf(array(
$rstlog = FroxlorLogger::getInstanceOf([
'loginname' => '2fa code-sending'
));
$rstlog->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
\Froxlor\UI\Response::redirectTo('index.php', array(
]);
$rstlog->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
Response::redirectTo('index.php', [
'showmessage' => '4',
'customermail' => $userinfo['email']
));
]);
exit();
}
$mail->ClearAddresses();
}
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'action' => '2fa_entercode'
));
]);
exit();
}
if (!finishLogin($userinfo)) {
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '2'
));
]);
}
exit();
} else {
$smessage = isset($_GET['showmessage']) ? (int) $_GET['showmessage'] : 0;
$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0;
$message = '';
$successmessage = '';
switch ($smessage) {
case 1:
$successmessage = $lng['pwdreminder']['success'];
$successmessage = lng('pwdreminder.success');
break;
case 2:
$message = $lng['error']['login'];
$message = lng('error.login');
break;
case 3:
$message = sprintf($lng['error']['login_blocked'], Settings::Get('login.deactivatetime'));
$message = lng('error.login_blocked', [Settings::Get('login.deactivatetime')]);
break;
case 4:
$cmail = isset($_GET['customermail']) ? $_GET['customermail'] : 'unknown';
$message = str_replace('%s', $cmail, $lng['error']['errorsendingmail']);
$message = str_replace('%s', $cmail, lng('error.errorsendingmail'));
break;
case 5:
$message = $lng['error']['user_banned'];
$message = lng('error.user_banned');
break;
case 6:
$successmessage = $lng['pwdreminder']['changed'];
$successmessage = lng('pwdreminder.changed');
break;
case 7:
$message = $lng['pwdreminder']['wrongcode'];
$message = lng('pwdreminder.wrongcode');
break;
case 8:
$message = $lng['pwdreminder']['notallowed'];
$message = lng('pwdreminder.notallowed');
break;
}
$update_in_progress = false;
if (\Froxlor\Froxlor::hasUpdates() || \Froxlor\Froxlor::hasDbUpdates()) {
if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
$update_in_progress = true;
}
@@ -394,24 +410,24 @@ if ($action == 'forgotpwd') {
$message = '';
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$loginname = \Froxlor\Validate\Validate::validate($_POST['loginname'], 'loginname');
$email = \Froxlor\Validate\Validate::validateEmail($_POST['loginemail'], 'email');
$loginname = Validate::validate($_POST['loginname'], 'loginname');
$email = Validate::validateEmail($_POST['loginemail'], 'email');
$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
WHERE `loginname`= :loginname
AND `email`= :email");
Database::pexecute($result_stmt, array(
Database::pexecute($result_stmt, [
"loginname" => $loginname,
"email" => $email
));
]);
if (Database::num_rows() == 0) {
$result_stmt = Database::prepare("SELECT `adminid`, `name`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_ADMINS . "`
WHERE `loginname`= :loginname
AND `email`= :email");
Database::pexecute($result_stmt, array(
Database::pexecute($result_stmt, [
"loginname" => $loginname,
"email" => $email
));
]);
if (Database::num_rows() > 0) {
$adminchecked = true;
@@ -425,9 +441,9 @@ if ($action == 'forgotpwd') {
/* Check whether user is banned */
if ($user['deactivated']) {
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '8'
));
]);
exit();
}
@@ -435,36 +451,36 @@ if ($action == 'forgotpwd') {
if ($user !== false) {
// build a activation code
$timestamp = time();
$first = substr(md5($user['loginname'] . $timestamp . \Froxlor\PhpHelper::randomStr(16)), 0, 15);
$third = substr(md5($user['email'] . $timestamp . \Froxlor\PhpHelper::randomStr(16)), -15);
$first = substr(md5($user['loginname'] . $timestamp . PhpHelper::randomStr(16)), 0, 15);
$third = substr(md5($user['email'] . $timestamp . PhpHelper::randomStr(16)), -15);
$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
// Drop all existing activation codes for this user
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE `userid` = :userid
AND `admin` = :admin");
$params = array(
$params = [
"userid" => $adminchecked ? $user['adminid'] : $user['customerid'],
"admin" => $adminchecked ? 1 : 0
);
];
Database::pexecute($stmt, $params);
// Add new activation code to database
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_ACTIVATION . "`
(userid, admin, creation, activationcode)
VALUES (:userid, :admin, :creation, :activationcode)");
$params = array(
$params = [
"userid" => $adminchecked ? $user['adminid'] : $user['customerid'],
"admin" => $adminchecked ? 1 : 0,
"creation" => $timestamp,
"activationcode" => $activationcode
);
];
Database::pexecute($stmt, $params);
$rstlog = FroxlorLogger::getInstanceOf(array(
$rstlog = FroxlorLogger::getInstanceOf([
'loginname' => 'password_reset'
));
$rstlog->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password.");
]);
$rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password.");
// Set together our activation link
$protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https';
@@ -478,19 +494,19 @@ if ($action == 'forgotpwd') {
// there can be only one script to handle this so we can use a fixed value here
$script = "/index.php"; // $_SERVER['SCRIPT_NAME'];
if (Settings::Get('system.froxlordirectlyviahostname') == 0) {
$script = \Froxlor\FileDir::makeCorrectFile("/" . basename(__DIR__) . "/" . $script);
$script = FileDir::makeCorrectFile("/" . basename(__DIR__) . "/" . $script);
}
$activationlink = $protocol . '://' . $host . $port . $script . '?action=resetpwd&resetcode=' . $activationcode;
$replace_arr = array(
'SALUTATION' => \Froxlor\User::getCorrectUserSalutation($user),
$replace_arr = [
'SALUTATION' => User::getCorrectUserSalutation($user),
'NAME' => $user['name'],
'FIRSTNAME' => $user['firstname'] ?? "",
'COMPANY' => $user['company'] ?? "",
'CUSTOMER_NO' => $user['customernumber'] ?? 0,
'USERNAME' => $loginname,
'LINK' => $activationlink
);
];
$def_language = ($user['def_language'] != '') ? $user['def_language'] : Settings::Get('panel.standardlanguage');
$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
@@ -498,24 +514,24 @@ if ($action == 'forgotpwd') {
AND `language`= :lang
AND `templategroup`=\'mails\'
AND `varname`=\'password_reset_subject\'');
Database::pexecute($result_stmt, array(
Database::pexecute($result_stmt, [
"adminid" => $user['adminid'],
"lang" => $def_language
));
]);
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$mail_subject = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : $lng['mails']['password_reset']['subject']), $replace_arr));
$mail_subject = html_entity_decode(PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : lng('mails.password_reset.subject')), $replace_arr));
$result_stmt = Database::prepare('SELECT `value` FROM `' . TABLE_PANEL_TEMPLATES . '`
WHERE `adminid`= :adminid
AND `language`= :lang
AND `templategroup`=\'mails\'
AND `varname`=\'password_reset_mailbody\'');
Database::pexecute($result_stmt, array(
Database::pexecute($result_stmt, [
"adminid" => $user['adminid'],
"lang" => $def_language
));
]);
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$mail_body = html_entity_decode(\Froxlor\PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : $lng['mails']['password_reset']['mailbody']), $replace_arr));
$mail_body = html_entity_decode(PhpHelper::replaceVariables((($result['value'] != '') ? $result['value'] : lng('mails.password_reset.mailbody')), $replace_arr));
$_mailerror = false;
$mailerr_msg = "";
@@ -523,7 +539,7 @@ if ($action == 'forgotpwd') {
$mail->Subject = $mail_subject;
$mail->AltBody = $mail_body;
$mail->MsgHTML(str_replace("\n", "<br />", $mail_body));
$mail->AddAddress($user['email'], \Froxlor\User::getCorrectUserSalutation($user));
$mail->AddAddress($user['email'], User::getCorrectUserSalutation($user));
$mail->Send();
} catch (\PHPMailer\PHPMailer\Exception $e) {
$mailerr_msg = $e->errorMessage();
@@ -534,50 +550,50 @@ if ($action == 'forgotpwd') {
}
if ($_mailerror) {
$rstlog = FroxlorLogger::getInstanceOf(array(
$rstlog = FroxlorLogger::getInstanceOf([
'loginname' => 'password_reset'
));
$rstlog->logAction(\Froxlor\FroxlorLogger::ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
\Froxlor\UI\Response::redirectTo('index.php', array(
]);
$rstlog->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, "Error sending mail: " . $mailerr_msg);
Response::redirectTo('index.php', [
'showmessage' => '4',
'customermail' => $user['email']
));
]);
exit();
}
$mail->ClearAddresses();
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
'showmessage' => '1'
));
]);
exit();
} else {
$rstlog = FroxlorLogger::getInstanceOf(array(
$rstlog = FroxlorLogger::getInstanceOf([
'loginname' => 'password_reset'
));
$rstlog->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $loginname . "' requested to set a new password, but was not found in database!");
$message = $lng['login']['combination_not_found'];
]);
$rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $loginname . "' requested to set a new password, but was not found in database!");
$message = lng('login.combination_not_found');
}
unset($user);
}
} else {
$message = $lng['login']['usernotfound'];
$message = lng('login.usernotfound');
}
}
if ($adminchecked) {
if (Settings::Get('panel.allow_preset_admin') != '1') {
$message = $lng['pwdreminder']['notallowed'];
$message = lng('pwdreminder.notallowed');
unset($adminchecked);
}
} else {
if (Settings::Get('panel.allow_preset') != '1') {
$message = $lng['pwdreminder']['notallowed'];
$message = lng('pwdreminder.notallowed');
}
}
UI::view('login/fpwd.html.twig', [
'pagetitle' => $lng['login']['presend'],
'pagetitle' => lng('login.presend'),
'action' => $action,
'message' => $message,
]);
@@ -589,9 +605,9 @@ if ($action == 'resetpwd') {
// Remove old activation codes
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE creation < :oldest");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"oldest" => time() - 86400
));
]);
if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) {
// Check if activation code is valid
@@ -604,20 +620,20 @@ if ($action == 'resetpwd') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$stmt = Database::prepare("SELECT `userid`, `admin` FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE `activationcode` = :activationcode");
$result = Database::pexecute_first($stmt, array(
$result = Database::pexecute_first($stmt, [
"activationcode" => $activationcode
));
]);
if ($result !== false) {
try {
$new_password = \Froxlor\System\Crypt::validatePassword($_POST['new_password'], true);
$new_password_confirm = \Froxlor\System\Crypt::validatePassword($_POST['new_password_confirm'], true);
$new_password = Crypt::validatePassword($_POST['new_password'], true);
$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], true);
} catch (Exception $e) {
$message = $e->getMessage();
}
if (empty($message) && (empty($new_password) || $new_password != $new_password_confirm)) {
$message = $lng['error']['newpasswordconfirmerror'];
$message = lng('error.newpasswordconfirmerror');
}
if (empty($message)) {
@@ -631,47 +647,47 @@ if ($action == 'resetpwd') {
SET `password` = :newpassword
WHERE `customerid` = :userid");
}
Database::pexecute($stmt, array(
"newpassword" => \Froxlor\System\Crypt::makeCryptPassword($new_password),
Database::pexecute($stmt, [
"newpassword" => Crypt::makeCryptPassword($new_password),
"userid" => $result['userid']
));
]);
$rstlog = FroxlorLogger::getInstanceOf(array(
$rstlog = FroxlorLogger::getInstanceOf([
'loginname' => 'password_reset'
));
$rstlog->logAction(\Froxlor\FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed password using password reset.");
]);
$rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed password using password reset.");
// Remove activation code from DB
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`
WHERE `activationcode` = :activationcode
AND `userid` = :userid");
Database::pexecute($stmt, array(
Database::pexecute($stmt, [
"activationcode" => $activationcode,
"userid" => $result['userid']
));
\Froxlor\UI\Response::redirectTo('index.php', array(
]);
Response::redirectTo('index.php', [
"showmessage" => '6'
));
]);
}
} else {
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
"showmessage" => '7'
));
]);
}
}
UI::view('login/rpwd.html.twig', [
'pagetitle' => $lng['pwdreminder']['choosenew'],
'pagetitle' => lng('pwdreminder.choosenew'),
'formaction' => 'index.php?action=resetpwd&resetcode=' . $activationcode,
'message' => $message,
]);
} else {
\Froxlor\UI\Response::redirectTo('index.php', array(
Response::redirectTo('index.php', [
"showmessage" => '7'
));
]);
}
} else {
\Froxlor\UI\Response::redirectTo('index.php');
Response::redirectTo('index.php');
}
}
@@ -680,11 +696,10 @@ function finishLogin($userinfo)
global $languages;
if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
\Froxlor\CurrentUser::setData($userinfo);
CurrentUser::setData($userinfo);
if (isset($_POST['language'])) {
$language = \Froxlor\Validate\Validate::validate($_POST['language'], 'language');
$language = Validate::validate($_POST['language'], 'language');
if ($language == 'profile') {
$language = $userinfo['def_language'];
} elseif (!isset($languages[$language])) {
@@ -693,41 +708,41 @@ function finishLogin($userinfo)
} else {
$language = Settings::Get('panel.standardlanguage');
}
\Froxlor\CurrentUser::setField('language', $language);
CurrentUser::setField('language', $language);
if (isset($userinfo['theme']) && $userinfo['theme'] != '') {
$theme = $userinfo['theme'];
} else {
$theme = Settings::Get('panel.default_theme');
\Froxlor\CurrentUser::setField('theme', $theme);
CurrentUser::setField('theme', $theme);
}
$qryparams = array();
$qryparams = [];
if (isset($_POST['qrystr']) && $_POST['qrystr'] != "") {
parse_str(urldecode($_POST['qrystr']), $qryparams);
}
if ($userinfo['adminsession'] == '1') {
if (\Froxlor\Froxlor::hasUpdates() || \Froxlor\Froxlor::hasDbUpdates()) {
\Froxlor\UI\Response::redirectTo('admin_updates.php?page=overview');
if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
Response::redirectTo('admin_updates.php?page=overview');
} else {
if (isset($_POST['script']) && $_POST['script'] != "") {
if (preg_match("/customer\_/", $_POST['script']) === 1) {
\Froxlor\UI\Response::redirectTo('admin_customers.php', array(
Response::redirectTo('admin_customers.php', [
"page" => "customers"
));
]);
} else {
\Froxlor\UI\Response::redirectTo($_POST['script'], $qryparams);
Response::redirectTo($_POST['script'], $qryparams);
}
} else {
\Froxlor\UI\Response::redirectTo('admin_index.php', $qryparams);
Response::redirectTo('admin_index.php', $qryparams);
}
}
} else {
if (isset($_POST['script']) && $_POST['script'] != "") {
\Froxlor\UI\Response::redirectTo($_POST['script'], $qryparams);
Response::redirectTo($_POST['script'], $qryparams);
} else {
\Froxlor\UI\Response::redirectTo('customer_index.php', $qryparams);
Response::redirectTo('customer_index.php', $qryparams);
}
}
}