3 386bf42a 2022-08-18 mischa // OpenSMTPD Admin
4 386bf42a 2022-08-18 mischa // by Mischa Peters <mischa at high5 dot nl>
5 386bf42a 2022-08-18 mischa // Copyright (c) 2022 High5!
6 386bf42a 2022-08-18 mischa // License Info: LICENSE.TXT
8 386bf42a 2022-08-18 mischa // File: password.php
10 386bf42a 2022-08-18 mischa // Template File: password.tpl
12 386bf42a 2022-08-18 mischa // Template Variables:
14 6322a7e7 2022-09-04 mischa // message
16 ff6266ff 2022-09-05 mischa // POST / GET Variables:
18 6322a7e7 2022-09-04 mischa // password_current
19 6322a7e7 2022-09-04 mischa // password1
20 6322a7e7 2022-09-04 mischa // password2
22 6322a7e7 2022-09-04 mischa require_once './functions.inc.php';
23 6322a7e7 2022-09-04 mischa include './languages/' . check_language() . '.lang';
25 386bf42a 2022-08-18 mischa $SESSID_USERNAME = check_session();
26 1575a178 2022-09-06 mischa $ROLE = check_role($SESSID_USERNAME);
28 080e0cc0 2022-09-05 mischa if ($ROLE == ADMIN_ROLE) {
29 ff6266ff 2022-09-05 mischa $list_domains = list_domains();
30 ff6266ff 2022-09-05 mischa $list_admins = list_admins();
32 ff6266ff 2022-09-05 mischa $list_domains = list_domains($SESSID_USERNAME);
35 386bf42a 2022-08-18 mischa if ($_SERVER['REQUEST_METHOD'] == "POST") {
36 386bf42a 2022-08-18 mischa $username = $SESSID_USERNAME;
37 6322a7e7 2022-09-04 mischa $password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
38 6322a7e7 2022-09-04 mischa $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
39 6322a7e7 2022-09-04 mischa $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
41 6322a7e7 2022-09-04 mischa if (empty($password_current) || empty($password1) || $password1 != $password2) {
42 6322a7e7 2022-09-04 mischa $message = $LANG['Password_password_text_error'];
45 6322a7e7 2022-09-04 mischa if (empty($message) && !empty($password_current)) {
46 759223e7 2022-09-04 mischa $dbh = pdo_connect();
47 bbe1f756 2022-09-06 mischa if (count($list_domains) == 0) {
48 bbe1f756 2022-09-06 mischa $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
50 bbe1f756 2022-09-06 mischa $sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
52 6322a7e7 2022-09-04 mischa $sth->bindParam(1, $username, PDO::PARAM_STR);
53 6322a7e7 2022-09-04 mischa $sth->execute();
54 6322a7e7 2022-09-04 mischa $row = $sth->fetch(PDO::FETCH_COLUMN);
55 6322a7e7 2022-09-04 mischa if (!password_verify($password_current, $row)) {
56 6322a7e7 2022-09-04 mischa $message = $LANG['Password_password_current_text_error'];
60 6322a7e7 2022-09-04 mischa if (empty($message) && !empty($password1)) {
61 6322a7e7 2022-09-04 mischa $hashed = bcrypt($password1);
63 759223e7 2022-09-04 mischa $dbh = pdo_connect();
64 bbe1f756 2022-09-06 mischa if (count($list_domains) == 0) {
65 bbe1f756 2022-09-06 mischa $sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?");
67 bbe1f756 2022-09-06 mischa $sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
69 6322a7e7 2022-09-04 mischa $sth->bindParam(1, $hashed, PDO::PARAM_STR);
70 6322a7e7 2022-09-04 mischa $sth->bindParam(2, $username, PDO::PARAM_STR);
71 6322a7e7 2022-09-04 mischa $sth->execute();
72 191805fa 2022-09-06 mischa logging($SESSID_USERNAME, substr(strrchr($SESSID_USERNAME, "@"), 1), $LANG['Logging_password_change'], $username);
73 6322a7e7 2022-09-04 mischa $message = $LANG['Password_result_succes'];
74 6322a7e7 2022-09-04 mischa } catch(PDOException $e) {
75 6322a7e7 2022-09-04 mischa $message = $LANG['Password_result_error'];
79 6322a7e7 2022-09-04 mischa include './templates/header.tpl';
80 6322a7e7 2022-09-04 mischa include './templates/menu.tpl';
81 6322a7e7 2022-09-04 mischa include './templates/password.tpl';
82 6322a7e7 2022-09-04 mischa include './templates/footer.tpl';