Blob


1 <?php
2 //
3 // OpenSMTPD Admin
4 // by Mischa Peters <mischa at high5 dot nl>
5 // Copyright (c) 2022 High5!
6 // License Info: LICENSE.TXT
7 //
8 // File: password.php
9 //
10 // Template File: password.tpl
11 //
12 // Template Variables:
13 //
14 // message
15 //
16 // POST / GET Variables:
17 //
18 // password_current
19 // password1
20 // password2
21 //
22 require_once './functions.inc.php';
23 include './languages/' . check_language() . '.lang';
25 $SESSID_USERNAME = check_session();
26 $ROLE = check_role($SESSID_USERNAME);
28 if ($ROLE == ADMIN_ROLE) {
29 $list_domains = list_domains();
30 $list_admins = list_admins();
31 } else {
32 $list_domains = list_domains($SESSID_USERNAME);
33 }
35 if ($_SERVER['REQUEST_METHOD'] == "POST") {
36 $username = $SESSID_USERNAME;
37 $password_current = filter_input(INPUT_POST, 'password_current', FILTER_DEFAULT);
38 $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
39 $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
41 if (empty($password_current) || empty($password1) || $password1 != $password2) {
42 $message = $LANG['Password_password_text_error'];
43 }
45 if (empty($message) && !empty($password_current)) {
46 $dbh = pdo_connect();
47 if (count($list_domains) == 0) {
48 $sth = $dbh->prepare("SELECT password FROM mailbox WHERE username=?");
49 } else {
50 $sth = $dbh->prepare("SELECT password FROM admin WHERE username=?");
51 }
52 $sth->bindParam(1, $username, PDO::PARAM_STR);
53 $sth->execute();
54 $row = $sth->fetch(PDO::FETCH_COLUMN);
55 if (!password_verify($password_current, $row)) {
56 $message = $LANG['Password_password_current_text_error'];
57 }
58 }
60 if (empty($message) && !empty($password1)) {
61 $hashed = bcrypt($password1);
62 try {
63 $dbh = pdo_connect();
64 if (count($list_domains) == 0) {
65 $sth = $dbh->prepare("UPDATE mailbox SET password=?,modified=NOW() WHERE username=?");
66 } else {
67 $sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
68 }
69 $sth->bindParam(1, $hashed, PDO::PARAM_STR);
70 $sth->bindParam(2, $username, PDO::PARAM_STR);
71 $sth->execute();
72 logging($SESSID_USERNAME, substr(strrchr($SESSID_USERNAME, "@"), 1), $LANG['Logging_password_change'], $username);
73 $message = $LANG['Password_result_succes'];
74 } catch(PDOException $e) {
75 $message = $LANG['Password_result_error'];
76 }
77 }
78 }
79 include './templates/header.tpl';
80 include './templates/menu.tpl';
81 include './templates/password.tpl';
82 include './templates/footer.tpl';
83 ?>