password reset function

web/inc/main.php

@@ -97,4 +97,21 @@ function get_percentage($used,$total) {
     return $percent;
 }
 
+function send_email($to,$subject,$mailtext,$from) {
+    $charset = "utf-8";
+    $to = '<'.$to.'>';
+    $boundary='--' . md5( uniqid("myboundary") );
+    $priorities = array( '1 (Highest)', '2 (High)', '3 (Normal)', '4 (Low)', '5 (Lowest)' );
+    $priority = $priorities[2];
+    $ctencoding = "8bit";
+    $sep = chr(13) . chr(10);
+    $disposition = "inline";
+    $subject = "=?$charset?B?".base64_encode($subject)."?=";
+    $header.="From: $from \nX-Priority: $priority\nCC: $cc\n";
+    $header.="Mime-Version: 1.0\nContent-Type: text/plain; charset=$charset \n";
+    $header.="Content-Transfer-Encoding: $ctencoding\nX-Mailer: Php/libMailv1.3\n";
+    $message .= $mailtext;
+    mail($to, $subject, $message, $header);
+}
+
 ?>

web/login/index.php

@@ -19,7 +19,9 @@ if (isset($_SESSION['user'])) {
 } else {
     if (isset($_POST['user']) && isset($_POST['password'])) {
         $cmd="/usr/bin/sudo /usr/local/vesta/bin/";
-        $command="$cmd"."v_check_user_password '".$_POST['user']."' '".$_POST['password']."' '".$_SERVER["REMOTE_ADDR"]."'";
+        $v_user = escapeshellarg($_POST['user']);
+        $v_password = escapeshellarg($_POST['password']);
+        $command="$cmd"."v_check_user_password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'";
         exec ($command, $output, $return_var);
         if ( $return_var > 0 ) {
             $ERROR = "<a class=\"error\">ERROR: Invalid username or password</a>";

web/reset/index.php

@@ -0,0 +1,99 @@
+<?php
+session_start();
+
+// 
+function send_email($to,$subject,$mailtext,$from) {
+    $charset = "utf-8";
+    $to = '<'.$to.'>';
+    $boundary='--' . md5( uniqid("myboundary") );
+    $priorities = array( '1 (Highest)', '2 (High)', '3 (Normal)', '4 (Low)', '5 (Lowest)' );
+    $priority = $priorities[2];
+    $ctencoding = "8bit";
+    $sep = chr(13) . chr(10);
+    $disposition = "inline";
+    $subject = "=?$charset?B?".base64_encode($subject)."?=";
+    $header.="From: $from \nX-Priority: $priority\nCC: $cc\n";
+    $header.="Mime-Version: 1.0\nContent-Type: text/plain; charset=$charset \n";
+    $header.="Content-Transfer-Encoding: $ctencoding\nX-Mailer: Php/libMailv1.3\n";
+    $message .= $mailtext;
+    mail($to, $subject, $message, $header);
+}
+
+if ((!empty($_POST['user'])) && (empty($_POST['code']))) {
+    $v_user = escapeshellarg($_POST['user']);
+    $user = $_POST['user'];
+    $cmd="/usr/bin/sudo /usr/local/vesta/bin/v_list_user";
+    exec ($cmd." ".$v_user." json", $output, $return_var);
+    if ( $return_var == 0 ) {
+        $data = json_decode(implode('', $output), true);
+        $rkey = $data[$user]['RKEY'];
+        $fname = $data[$user]['FNAME'];
+        $lname = $data[$user]['LNAME'];
+        $contact = $data[$user]['CONTACT'];
+        $to = $data[$user]['CONTACT'];
+        $subject = 'Password Reset '.date("Y-m-d H:i:s");
+        $hostname = exec('hostname');
+        $from = "Vesta Control Panel <noreply@".$hostname.">";
+        if (!empty($fname)) {
+            $mailtext = "Hello ".$fname." ".$lname.",\n";
+        } else {
+            $mailtext = "Hello,\n";
+        }
+        $mailtext .= "You recently asked to reset your control panel password. ";
+        $mailtext .= "To complete your request, please follow this link:\n";
+        $mailtext .= "https://".$_SERVER['HTTP_HOST']."/reset/?action=confirm&user=".$user."&code=".$rkey."\n\n";
+        $mailtext .= "Alternately, you may go to https://".$_SERVER['HTTP_HOST']."/reset/?action=code&user=".$user." and enter the following password reset code:\n";
+        $mailtext .= $rkey."\n\n";
+        $mailtext .= "If you did not request a new password please ignore this letter and accept our apologies — we didn't intend to disturb you.\n";
+        $mailtext .= "Thanks,\nThe VestaCP Team\n";
+        if (!empty($rkey)) send_email($to, $subject, $mailtext, $from);
+        unset($output);
+    }
+
+    header("Location: /reset/?action=code&user=".$_POST['user']);
+    exit;
+}
+
+if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['password'])) ) {
+    if ( $_POST['password'] == $_POST['password_confirm'] ) {
+        $v_user = escapeshellarg($_POST['user']);
+        $user = $_POST['user'];
+        $v_password = escapeshellarg($_POST['password']);
+        $cmd="/usr/bin/sudo /usr/local/vesta/bin/v_list_user";
+        exec ($cmd." ".$v_user." json", $output, $return_var);
+        if ( $return_var == 0 ) {
+            $data = json_decode(implode('', $output), true);
+            $rkey = $data[$user]['RKEY'];
+            if ($rkey == $_POST['code']) {
+                $cmd="/usr/bin/sudo /usr/local/vesta/bin/v_change_user_password";
+                exec ($cmd." ".$v_user." ".$v_password, $output, $return_var);
+                if ( $return_var > 0 ) {
+                    $ERROR = "<a class=\"error\">ERROR: Internal error</a>";
+                } else {
+                    $_SESSION['user'] = $_POST['user'];
+                    header("Location: /");
+                    exit;
+                }
+            } else {
+                $ERROR = "<a class=\"error\">ERROR: Invalid username or code</a>";
+            }
+        } else {
+            $ERROR = "<a class=\"error\">ERROR: Invalid username or code</a>";
+        }
+    } else {
+        $ERROR = "<a class=\"error\">ERROR: Passwords not match</a>";
+    }
+}
+
+if (empty($_GET['action'])) {
+    require_once '../templates/reset_1.html';
+} else {
+    if ($_GET['action'] == 'code' ) {
+        require_once '../templates/reset_2.html';
+    }
+    if (($_GET['action'] == 'confirm' ) && (!empty($_GET['code']))) {
+        require_once '../templates/reset_3.html';
+    }
+}
+
+?>

web/templates/login.html

@@ -114,7 +114,7 @@
     <table>
     <tr>
         <td style="padding: 0 10 0 42;">
-            <img src="/images/logo.png" width="124px" height="46px" alt="Vesta Control Panel" />
+            <a href="/"><img border=0 src="/images/logo.png" width="124px" height="46px" alt="Vesta Control Panel" /></a>
         </td>
         <td style="padding: 20px 0 0 0;"><form method="post" action="/login/" >
             <table class="login-box">
@@ -123,7 +123,7 @@
             </tr><tr>
                 <td><input tabindex="1" type="text" size="20px" style="width:200px;" name="user" class="loggin-input"></td>
             </tr><tr>
-                <td><p class="login-text1">Password <a tabindex="5" class="forgot" href="#" >(forgot password)</a></p></td>
+                <td><p class="login-text1">Password <a tabindex="5" class="forgot" href="/reset/" >(forgot password)</a></p></td>
             </tr><tr>
                 <td><input tabindex="2" type="password" size="20px"  style="width:200px;" name="password" class="loggin-input"></td>
             </tr><tr>

web/templates/reset_1.html

@@ -0,0 +1,145 @@
+    <link rel="icon" href="/images/favicon.ico" type="image/x-icon">
+    <title> VestaCP - Reset Password </title>
+    <style type="text/css">
+    body {
+        padding: 0;
+        margin: 0;
+        margin-left: auto;
+        margin-right: auto;
+        background-image: url(/images/b.png);
+        font-family: Arial, sans-serif;
+    }
+
+    .forgot {
+        color: #484243;
+        font-family: Arial, sans-serif;
+        font-size: 8pt;
+        padding: 0 10px 0 0;
+    }
+
+    .login {
+        margin: 80px 0 80px 0;
+        padding: 0;
+        border-top: 1px solid #cccccc;
+        border-left: 1px solid #cccccc;
+        border-right: 1px solid #cccccc;
+        background: #ebe9dc;
+        text-align: left;
+        vertical-align:top;
+        width: 500px;
+        box-shadow: 0 0 8px 8px #d7d7d7;
+    }
+
+    .login-box {
+        width: 260px;
+        text-align: left;
+        vertical-align:top;
+        padding: 0 0 10px 40px;
+    }
+
+    .login-text1 {
+        padding: 10px 0 0 2px;
+        color: #433832;
+        font-family: Arial, sans-serif;
+        font-size: 12pt;
+    }
+    .login-text1 a {
+        padding: 0 6px;
+        font-family: Arial, sans-serif;
+        font-size: 10pt;
+        text-shadow: none;
+    }
+    .login-text2 {
+        padding: 12px 0 10px 0;
+        color: #484243;
+    }
+
+    .login-bottom {
+        color: #574F51;
+        text-align: right;
+        width: 500px;
+        height: 50px;
+        background: #484243;
+        padding: 0 8px 0 0;
+        margin: 0;
+    }
+    .vestacp{
+        font-size: 8pt;
+        color: #CCCCB4;
+        text-align: right;
+        padding: 20px 0 0 0;
+    }
+    .error {
+        font-size: 10pt;
+        color: #DE6C5D;
+    }
+    .loggin-input {
+        color: #555;
+        background-color: #FFFFFF;
+        border: 1px solid #999999;
+        border-radius: 3px 3px 3px 3px;
+        color: #555555;
+        font-family: Arial,sans-serif;
+        font-size: 14pt;
+        padding: 4px;
+        width: 360px;
+    }
+
+    .loggin-button {
+        padding: 4px;
+        margin: 0 6px 0 0;
+        cursor: pointer;
+        color: #333333;
+        background-color: #f6f6f6;
+        border: 1px solid #ACACAC;
+        border-radius: 3px 3px 3px 3px;
+        font-size: 12px;
+        padding: 3px 16px;
+        width: 105px;
+    }
+
+    .loggin-button:hover {
+        background-color: #f0f0f0;
+    }
+
+    .loggin-button:active {
+        background-color: #EBE9DC;
+    }
+    </style>
+</head>
+<body>
+<center>
+<table class="login">
+<tr>
+    <td>
+    <table>
+    <tr>
+        <td style="padding: 0 10px 0 42px;">
+            <a href="/"><img border=0 src="/images/logo.png" width="124px" height="46px" alt="Vesta Control Panel" /></a>
+        </td>
+        <td style="padding: 20px 0 0 0;"><form method="post" action="/reset/" >
+            <table class="login-box">
+            <tr>
+                <td style="padding: 6px 0 10px 0;">To reset your password, enter your username and we'll send you instructions on how to create a new password.</td>
+            </tr><tr>
+                <td><p class="login-text1">Username</p></td>
+            </tr><tr>
+                <td><input tabindex="1" type="text" size="20px" style="width:200px" name="user" class="loggin-input"></td>
+            </tr><tr>
+                <td style="padding: 20px 0 0 0;"><input tabindex="2" type="submit" value="Submit" class="loggin-button"></td>
+            </tr>
+            </table>
+            </form>
+        </td>
+    </tr><tr>
+    <td colspan=2>
+        <table class="login-bottom">
+            <tr><td>.<?php if (isset($ERROR)) echo $ERROR ?></td></tr>
+            <tr><td><a tabindex="6" class="vestacp" href="http://vestacp.com" >vestacp.com</a></td></tr>
+        </table>
+    </tr>
+    </table>
+</tr></table>
+</center>
+</body>
+</html>

web/templates/reset_2.html

@@ -0,0 +1,150 @@
+    <link rel="icon" href="/images/favicon.ico" type="image/x-icon">
+    <title> VestaCP - Reset Password </title>
+    <style type="text/css">
+    body {
+        padding: 0;
+        margin: 0;
+        margin-left: auto;
+        margin-right: auto;
+        background-image: url(/images/b.png);
+        font-family: Arial, sans-serif;
+    }
+
+    .forgot {
+        color: #484243;
+        font-family: Arial, sans-serif;
+        font-size: 8pt;
+        padding: 0 10px 0 0;
+    }
+
+    .login {
+        margin: 80px 0 80px 0;
+        padding: 0;
+        border-top: 1px solid #cccccc;
+        border-left: 1px solid #cccccc;
+        border-right: 1px solid #cccccc;
+        background: #ebe9dc;
+        text-align: left;
+        vertical-align:top;
+        width: 500px;
+        box-shadow: 0 0 8px 8px #d7d7d7;
+    }
+
+    .login-box {
+        width: 260px;
+        text-align: left;
+        vertical-align:top;
+        padding: 0 0 10px 40px;
+    }
+
+    .login-text1 {
+        padding: 10px 0 0 2px;
+        color: #433832;
+        font-family: Arial, sans-serif;
+        font-size: 12pt;
+    }
+    .login-text1 a {
+        padding: 0 6px;
+        font-family: Arial, sans-serif;
+        font-size: 10pt;
+        text-shadow: none;
+    }
+    .login-text2 {
+        padding: 12px 0 10px 0;
+        color: #484243;
+    }
+
+    .login-bottom {
+        color: #574F51;
+        text-align: right;
+        width: 500px;
+        height: 50px;
+        background: #484243;
+        padding: 0 8px 0 0;
+        margin: 0;
+    }
+    .vestacp{
+        font-size: 8pt;
+        color: #CCCCB4;
+        text-align: right;
+        padding: 20px 0 0 0;
+    }
+    .error {
+        font-size: 10pt;
+        color: #DE6C5D;
+    }
+    .loggin-input {
+        color: #555;
+        background-color: #FFFFFF;
+        border: 1px solid #999999;
+        border-radius: 3px 3px 3px 3px;
+        color: #555555;
+        font-family: Arial,sans-serif;
+        font-size: 14pt;
+        padding: 4px;
+        width: 360px;
+    }
+
+    .loggin-button {
+        padding: 4px;
+        margin: 0 6px 0 0;
+        cursor: pointer;
+        color: #333333;
+        background-color: #f6f6f6;
+        border: 1px solid #ACACAC;
+        border-radius: 3px 3px 3px 3px;
+        font-size: 12px;
+        padding: 3px 16px;
+        width: 105px;
+    }
+
+    .loggin-button:hover {
+        background-color: #f0f0f0;
+    }
+
+    .loggin-button:active {
+        background-color: #EBE9DC;
+    }
+    </style>
+</head>
+<body>
+<center>
+<table class="login">
+<tr>
+    <td>
+    <table>
+    <tr>
+        <td style="padding: 0 10px 0 42px;">
+            <a href="/"><img border=0 src="/images/logo.png" width="124px" height="46px" alt="Vesta Control Panel" /></a>
+        </td>
+        <td style="padding: 20px 0 0 0;"><form method="get" action="/reset/" >
+            <table class="login-box">
+            <tr>
+                <td style="padding: 6px 0 10px 0;">Reset code has been sent to your email address. Please copy and paste that code in the verification box below</td>
+            </tr><tr>
+                <td><p class="login-text1">Reset Code</p></td>
+            </tr><tr>
+                <td>
+                    <input type="hidden" name="action" value="confirm">
+                    <input type="hidden" name="user" value="<?php echo $_GET['user'];?>">
+                    <input tabindex="1" type="text" size="20px" style="width:200px" name="code" class="loggin-input">
+
+                </td>
+            </tr><tr>
+                <td style="padding: 20px 0 0 0;"><input tabindex="2" type="submit" value="Confirm" class="loggin-button"></td>
+            </tr>
+            </table>
+            </form>
+        </td>
+    </tr><tr>
+    <td colspan=2>
+        <table class="login-bottom">
+            <tr><td>.<?php if (isset($ERROR)) echo $ERROR ?></td></tr>
+            <tr><td><a tabindex="6" class="vestacp" href="http://vestacp.com" >vestacp.com</a></td></tr>
+        </table>
+    </tr>
+    </table>
+</tr></table>
+</center>
+</body>
+</html>

web/templates/reset_3.html

@@ -0,0 +1,151 @@
+    <link rel="icon" href="/images/favicon.ico" type="image/x-icon">
+    <title> VestaCP - Reset Password </title>
+    <style type="text/css">
+    body {
+        padding: 0;
+        margin: 0;
+        margin-left: auto;
+        margin-right: auto;
+        background-image: url(/images/b.png);
+        font-family: Arial, sans-serif;
+    }
+
+    .forgot {
+        color: #484243;
+        font-family: Arial, sans-serif;
+        font-size: 8pt;
+        padding: 0 10px 0 0;
+    }
+
+    .login {
+        margin: 80px 0 80px 0;
+        padding: 0;
+        border-top: 1px solid #cccccc;
+        border-left: 1px solid #cccccc;
+        border-right: 1px solid #cccccc;
+        background: #ebe9dc;
+        text-align: left;
+        vertical-align:top;
+        width: 500px;
+        box-shadow: 0 0 8px 8px #d7d7d7;
+    }
+
+    .login-box {
+        text-align: left;
+        vertical-align:top;
+        padding: 0 0 10px 40px;
+    }
+
+    .login-text1 {
+        padding: 10px 0 0 2px;
+        color: #433832;
+        font-family: Arial, sans-serif;
+        font-size: 12pt;
+    }
+    .login-text1 a {
+        padding: 0 6px;
+        font-family: Arial, sans-serif;
+        font-size: 10pt;
+        text-shadow: none;
+    }
+    .login-text2 {
+        padding: 12px 0 10px 0;
+        color: #484243;
+    }
+
+    .login-bottom {
+        color: #574F51;
+        text-align: right;
+        width: 500px;
+        height: 50px;
+        background: #484243;
+        padding: 0 8px 0 0;
+        margin: 0;
+    }
+    .vestacp{
+        font-size: 8pt;
+        color: #CCCCB4;
+        text-align: right;
+        padding: 20px 0 0 0;
+    }
+    .error {
+        font-size: 10pt;
+        color: #DE6C5D;
+    }
+    .loggin-input {
+        color: #555;
+        background-color: #FFFFFF;
+        border: 1px solid #999999;
+        border-radius: 3px 3px 3px 3px;
+        color: #555555;
+        font-family: Arial,sans-serif;
+        font-size: 14pt;
+        padding: 4px;
+        width: 360px;
+    }
+
+    .loggin-button {
+        padding: 4px;
+        margin: 0 6px 0 0;
+        cursor: pointer;
+        color: #333333;
+        background-color: #f6f6f6;
+        border: 1px solid #ACACAC;
+        border-radius: 3px 3px 3px 3px;
+        font-size: 12px;
+        padding: 3px 16px;
+        width: 105px;
+    }
+
+    .loggin-button:hover {
+        background-color: #f0f0f0;
+    }
+
+    .loggin-button:active {
+        background-color: #EBE9DC;
+    }
+    </style>
+</head>
+<body>
+<center>
+<table class="login">
+<tr>
+    <td>
+    <table>
+    <tr>
+        <td style="padding: 0 10 0 42;">
+            <a href="/"><img border=0 src="/images/logo.png" width="124px" height="46px" alt="Vesta Control Panel" /></a>
+        </td>
+        <td style="padding: 20px 0 0 0;"><form method="post">
+            <table class="login-box">
+            <tr>
+                <td>
+                    <input type="hidden" name="action" value="confirm">
+                    <input type="hidden" name="user" value="<?php echo $_GET['user'];?>">
+                    <input type="hidden" name="code" value="<?php echo $_GET['code'];?>">
+                    <p class="login-text1">New Password</p>
+                    </td>
+            </tr><tr>
+                <td><input tabindex="1" type="password" size="20px" style="width:200px;" name="password" class="loggin-input"></td>
+            </tr><tr>
+                <td><p class="login-text1">Confirm Password <a tabindex="5" class="forgot" href="/reset/" ></a></p></td>
+            </tr><tr>
+                <td><input tabindex="2" type="password" size="20px"  style="width:200px;" name="password_confirm" class="loggin-input"></td>
+            </tr><tr>
+                <td style="padding: 20px 0 28px 0;"><input tabindex="3" type="submit" value="Reset" class="loggin-button"></td>
+            </tr>
+            </table>
+            </form>
+        </td>
+    </tr><tr>
+    <td colspan=2>
+        <table class="login-bottom">
+            <tr><td>.<?php if (isset($ERROR)) echo $ERROR ?></td></tr>
+            <tr><td> <a tabindex="6" class="vestacp" href="http://vestacp.com" >vestacp.com</a></td></tr>
+        </table>
+    </tr>
+    </table>
+</tr></table>
+</center>
+</body>
+</html>