From: Janusz Dobrowolski Date: Sat, 26 Apr 2014 07:14:55 +0000 (+0200) Subject: Added option to allow password reset (by Mithy). X-Git-Tag: 2.3-final~137 X-Git-Url: https://delta.frontaccounting.com/gitweb/?p=fa-stable.git;a=commitdiff_plain;h=aa7eb75a2b21809008113779e9b6c5fa7a869c9b Added option to allow password reset (by Mithy). --- diff --git a/access/login.php b/access/login.php index fbabe47e..799c91c1 100644 --- a/access/login.php +++ b/access/login.php @@ -29,6 +29,9 @@ function defaultCompany() else { $demo_text = _("Please login here"); + if (@$allow_password_reset) { + $demo_text .= " "._("or")." "._("request new password").""; + } } if (check_faillog()) @@ -154,4 +157,4 @@ function defaultCompany() echo "

\n"; echo "\n"; -?> \ No newline at end of file +?> diff --git a/access/password_reset.php b/access/password_reset.php new file mode 100644 index 00000000..4ed58a2f --- /dev/null +++ b/access/password_reset.php @@ -0,0 +1,116 @@ +. +***********************************************************************/ + if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root'])) + die(_("Restricted access")); + include_once($path_to_root . "/includes/ui.inc"); + include_once($path_to_root . "/includes/page/header.inc"); + + $js = ""; + add_js_file('login.js'); + + if (!isset($def_coy)) + $def_coy = 0; + $def_theme = "default"; + + $login_timeout = $_SESSION["wa_current_user"]->last_act; + + $title = $app_title." ".$version." - "._("Password reset"); + $encoding = isset($_SESSION['language']->encoding) ? $_SESSION['language']->encoding : "iso-8859-1"; + $rtl = isset($_SESSION['language']->dir) ? $_SESSION['language']->dir : "ltr"; + $onload = !$login_timeout ? "onload='defaultCompany()'" : ""; + + echo "\n"; + echo "\n"; + echo "$title\n"; + echo "\n"; + echo " \n"; + echo " \n"; + send_scripts(); + echo $js; + echo "\n"; + + echo "\n"; + + echo "
$title
\n"; + + div_start('_page_body'); + br();br(); + start_form(false, false, @$_SESSION['timeout']['uri'], "resetform"); + start_table(false, "class='login'"); + start_row(); + echo ""; + echo "FrontAccounting"; + echo "\n"; + end_row(); + + echo "\n"; + table_section_title(_("Version")." $version Build $build_version - "._("Password reset")); + + text_row(_("Email"), "email_entry_field", "", 20, 30); + + if (isset($_SESSION['wa_current_user']->company)) + $coy = $_SESSION['wa_current_user']->company; + else + $coy = $def_coy; + if (!@$text_company_selection) { + echo ""._("Company")."\n"; + echo ""; + } else { +// $coy = $def_coy; + text_row(_("Company"), "company_login_nickname", "", 20, 50); + } + start_row(); + label_cell("Please enter your e-mail", "colspan=2 align='center' id='log_msg'"); + end_row(); + end_table(1); + echo "
\n"; + + end_form(1); + $Ajax->addScript(true, "document.forms[0].password.focus();"); + + echo ""; + div_end(); + echo "\n"; + echo ""; + if (isset($_SESSION['wa_current_user'])) + $date = Today() . " | " . Now(); + else + $date = date("m/d/Y") . " | " . date("h.i am"); + echo "\n"; + echo "
$date
\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "
$app_title $version - " . _("Theme:") . " " . $def_theme . "
$power_by


\n"; + echo "\n"; + +?> diff --git a/admin/db/users_db.inc b/admin/db/users_db.inc index 767dad30..7dfd7256 100644 --- a/admin/db/users_db.inc +++ b/admin/db/users_db.inc @@ -101,6 +101,17 @@ function get_user_by_login($user_id) //----------------------------------------------------------------------------------------------- +function get_user_by_email($email) +{ + $sql = "SELECT * FROM ".TB_PREF."users WHERE email=".db_escape($email); + + $result = db_query($sql, "could not get user for email $email"); + + return db_fetch($result); +} + +//----------------------------------------------------------------------------------------------- + function delete_user($id) { $sql="DELETE FROM ".TB_PREF."users WHERE id=".db_escape($id); diff --git a/config.default.php b/config.default.php index 9bef6d92..e3c3a6cf 100644 --- a/config.default.php +++ b/config.default.php @@ -186,6 +186,9 @@ if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_ $allow_demo_mode = false; + /* Whether to allow sending new password by e-mail */ + $allow_password_reset = false; + /* for uploaded item pictures */ $pic_width = 80; $pic_height = 50; diff --git a/includes/current_user.inc b/includes/current_user.inc index 7c7592e8..31f53ae6 100644 --- a/includes/current_user.inc +++ b/includes/current_user.inc @@ -131,6 +131,32 @@ class current_user return $this->logged; } + function reset_password($company, $email) { + global $path_to_root, $app_title; + + $this->set_company($company); + $this->logged = false; + + set_global_connection(); + + $myrow = get_user_by_email($email); + + if ($myrow['id'] != "") { + + $bytes = openssl_random_pseudo_bytes(8, $cstrong); + $password = base64_encode($bytes); + + $hash = md5($password); + + update_user_password($myrow['id'], $myrow['user_id'], $hash); + + mail($myrow['email'], _("New password for")." ".$app_title, $password); + + return true; + } + return false; + } + function check_user_access() { global $security_groups; diff --git a/includes/session.inc b/includes/session.inc index 869ce9a8..1b9c5ce2 100644 --- a/includes/session.inc +++ b/includes/session.inc @@ -144,6 +144,35 @@ function login_fail() die(); } +function password_reset_fail() +{ + global $path_to_root; + + echo "


" . _("Incorrect Email") . "

"; + echo "" . _("The email address does not exist in the system.") . "

"; + + echo _("If you are not an authorized user, please contact your system administrator to obtain an account to enable you to use the system."); + echo "
" . _("Try again") . ""; + echo "
"; + + kill_login(); + die(); +} + +function password_reset_success() +{ + global $path_to_root; + + echo "


" . _("New password sent") . "

"; + echo "" . _("A new password has been sent to your mailbox.") . "

"; + + echo "
" . _("Login here") . ""; + echo "
"; + + kill_login(); + die(); +} + function check_faillog() { global $login_delay, $login_faillog, $login_max_attempts; @@ -423,6 +452,33 @@ if (!defined('FA_LOGOUT_PHP_FILE')){ if (!$_SESSION["wa_current_user"]->logged_in()) { + if (@$allow_password_reset && !$allow_demo_mode + && (isset($_GET['reset']) || isset($_POST['email_entry_field']))) { + if (!isset($_POST["email_entry_field"])) { + include($path_to_root . "/access/password_reset.php"); + exit(); + } + else { + if (isset($_POST["company_login_nickname"]) && !isset($_POST["company_login_name"])) { + for ($i = 0; $i < count($db_connections); $i++) { + if ($db_connections[$i]["name"] == $_POST["company_login_nickname"]) { + $_POST["company_login_name"] = $i; + unset($_POST["company_login_nickname"]); + break 1; // cannot pass variables to break from PHP v5.4 onwards + } + } + } + $_succeed = isset($db_connections[$_POST["company_login_name"]]) && + $_SESSION["wa_current_user"]->reset_password($_POST["company_login_name"], + $_POST["email_entry_field"]); + if ($_succeed) + { + password_reset_success(); + } + + password_reset_fail(); + } + } // Show login screen if (!isset($_POST["user_name_entry_field"]) or $_POST["user_name_entry_field"] == "") {