" . _( "Password reset instructions have been sent to the email address associated with this account.", ) . "
"; } } else { $ERROR = "" . _("Please wait 15 minutes before sending a new request") . "
"; } } else { # Prevent user enumeration and let hackers guess username and working email $ERROR = "" . _( "Password reset instructions have been sent to the email address associated with this account.", ) . "
"; } unset($output); } if (!empty($_POST["user"]) && !empty($_POST["code"]) && !empty($_POST["password"])) { // Check token verify_csrf($_POST); if ($_POST["password"] == $_POST["password_confirm"]) { $v_user = quoteshellarg($_POST["user"]); $user = $_POST["user"]; exec(HESTIA_CMD . "v-list-user " . $v_user . " json", $output, $return_var); if ($return_var == 0) { $data = json_decode(implode("", $output), true); $rkey = $data[$user]["RKEY"]; if (password_verify($_POST["code"], $rkey)) { unset($output); exec(HESTIA_CMD . "v-get-user-value " . $v_user . " RKEYEXP", $output, $return_var); if ($output[0] > time() - 900) { $v_password = tempnam("/tmp", "vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST["password"] . "\n"); fclose($fp); exec( HESTIA_CMD . "v-change-user-password " . $v_user . " " . $v_password, $output, $return_var, ); unlink($v_password); if ($return_var > 0) { sleep(5); $ERROR = "" . _("An internal error occurred") . "
"; } else { $_SESSION["user"] = $_POST["user"]; header("Location: /"); exit(); } } else { sleep(5); $ERROR = "" . _("Code has been expired") . "
"; exec( HESTIA_CMD . "v-log-user-login " . $v_user . " " . $v_ip . " failed " . $v_session_id . " " . $v_user_agent . ' yes "Reset code has been expired"', $output, $return_var, ); } } else { sleep(5); $ERROR = "" . _("Invalid username or code") . "
"; exec( HESTIA_CMD . "v-log-user-login " . $v_user . " " . $v_ip . " failed " . $v_session_id . " " . $v_user_agent . ' yes "Invalid Username or Code"', $output, $return_var, ); } } else { sleep(5); $ERROR = "" . _("Invalid username or code") . "
"; } } else { $ERROR = "" . _("Passwords not match") . "
"; } } if (empty($_GET["action"])) { require_once "../templates/header.php"; require_once "../templates/pages/login/reset_1.php"; } else { require_once "../templates/header.php"; if ($_GET["action"] == "code") { require_once "../templates/pages/login/reset_2.php"; } if ($_GET["action"] == "confirm" && !empty($_GET["code"])) { require_once "../templates/pages/login/reset_3.php"; } }