Improve hostname detection (#3494)

* Remove HTTP_HOST check but depend on hostname received from function

* Improve port detection

Incase cp.tpl is used. Bu by default it should also default to hostname.domain.com

web/reset/index.php

@@ -49,17 +49,29 @@ if (!empty($_POST["user"]) && empty($_POST["code"])) {
 				$to = $data[$user]["CONTACT"];
 				$subject = sprintf(_("MAIL_RESET_SUBJECT"), date("Y-m-d H:i:s"));
 				$hostname = get_hostname();
-				if ($hostname . ":" . $_SERVER["SERVER_PORT"] == $_SERVER["HTTP_HOST"]) {
-					$check = true;
-					$hostname_email = $hostname;
-				} elseif ($hostname_full . ":" . $_SERVER["SERVER_PORT"] == $_SERVER["HTTP_HOST"]) {
-					$check = true;
-					$hostname_email = $hostname_full;
-				} else {
-					$check = false;
-					$ERROR = "<p class=\"error\">" . _("Invalid host domain") . "</p>";
-				}
-				if ($check == true) {
+				if ($hostname) {
+					$host = preg_replace(
+						"/(\[?[^]]*\]?):([0-9]{1,5})$/",
+						"$1",
+						$_SERVER["HTTP_HOST"],
+					);
+					if ($host == $hostname) {
+						$port_is_defined = preg_match(
+							"/\[?[^]]*\]?:[0-9]{1,5}$/",
+							$_SERVER["HTTP_HOST"],
+						);
+						if ($port_is_defined) {
+							$port = preg_replace(
+								"/(\[?[^]]*\]?):([0-9]{1,5})$/",
+								"$2",
+								$_SERVER["HTTP_HOST"],
+							);
+						} else {
+							$port = "";
+						}
+					} else {
+						$port = ":" . $_SERVER["SERVER_PORT"];
+					}
 					$from = "noreply@" . $hostname;
 					$from_name = _("Hestia Control Panel");
 					if (!empty($name)) {
@@ -69,10 +81,10 @@ if (!empty($_POST["user"]) && empty($_POST["code"])) {
 					}
 					$mailtext .= sprintf(
 						_("PASSWORD_RESET_REQUEST"),
-						$_SERVER["HTTP_HOST"],
+						$hostname . $port,
 						$user,
 						$rkey,
-						$_SERVER["HTTP_HOST"],
+						$hostname . $port,
 						$user,
 						$rkey,
 					);
@@ -86,13 +98,13 @@ if (!empty($_POST["user"]) && empty($_POST["code"])) {
 							$data[$user]["NAME"],
 						);
 					}
-					$ERROR =
-						"<p class=\"error\">" .
-						_(
-							"Password reset instructions have been sent to the email address associated with this account.",
-						) .
-						"</p>";
 				}
+				$ERROR =
+					"<p class=\"error\">" .
+					_(
+						"Password reset instructions have been sent to the email address associated with this account.",
+					) .
+					"</p>";
 			} else {
 				# Prevent user enumeration and let hackers guess username and working email
 				$ERROR =