194 lines
6.0 KiB
PHP
194 lines
6.0 KiB
PHP
<?php
|
|
|
|
include './assets/functions.php';
|
|
include './settings/settings_redirector.php';
|
|
include './settings/config_redirector.php';
|
|
include_once './settings/translations/translations_US.php';
|
|
|
|
// Check if the user is already logged in, if yes then redirect him to welcome page
|
|
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
|
|
header("location: index.php");
|
|
exit();
|
|
}
|
|
|
|
//=========================================
|
|
//GET DOMAIN FOR CORRECT STYLING AND SETTINGS
|
|
$domain = getDomainName($_SERVER['SERVER_NAME']);
|
|
$custom_css = (file_exists(dirname(__FILE__).'/style/'.$domain.'/'.$domain.'_reset.css') ? './style/'.$domain.'/'.$domain.'_reset.css' : './style/admin_reset.css');
|
|
|
|
// Define variables and initialize with empty values
|
|
$username = $password = '';
|
|
$username_err = $password_err = '';
|
|
|
|
// Process submitted form data
|
|
if ($_POST['submit'] === 'Reset' && $_POST['username'] !='EMP-updater') {
|
|
// Check if username is empty
|
|
if(empty(trim($_POST['username']))){
|
|
$username_err = 'Please enter username.';
|
|
} else{
|
|
$username = trim($_POST['username']);
|
|
}
|
|
// Validate credentials
|
|
if (empty($username_err)){
|
|
$data = json_encode(array("username" => $username, "resetkey" => ''), JSON_UNESCAPED_UNICODE);
|
|
//Secure data
|
|
$payload = generate_payload($data);
|
|
//API call
|
|
$responses = ioServer('/v1/authorization', $payload);
|
|
//Decode Payload
|
|
if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = '400';}
|
|
|
|
if ($responses === 'NOK'){
|
|
$usernameerr = 'Not authorized, please retry';
|
|
} else {
|
|
|
|
$username_err = $reset_message;
|
|
|
|
header("Refresh:5; url=index.php");
|
|
}
|
|
}
|
|
else {
|
|
// Display an error for passord mismatch
|
|
$username_err = 'Unknown error';
|
|
}
|
|
}
|
|
|
|
//IF POST RESETKEY & PASSWORD
|
|
if (isset($_POST['resetkey']) && $_POST['resetkey'] !='' && $_POST['password_update']) {
|
|
|
|
|
|
//check if resetkey is still valid
|
|
$is_resetkey_valid = is_jwt_valid($_POST['resetkey']);
|
|
|
|
if($is_resetkey_valid) {
|
|
$resetkey = $_POST['resetkey'];
|
|
|
|
//Clean up passwords
|
|
$password = htmlspecialchars(trim($_POST["password"]), ENT_QUOTES);
|
|
$confirm_password = htmlspecialchars(trim($_POST["password_update"]), ENT_QUOTES);
|
|
|
|
//Check if passwords are equal
|
|
if ($password == $confirm_password){
|
|
if (strlen(trim($password)) < 6){
|
|
$username_err = $reset_message3;
|
|
$reset_id_valid = 1;
|
|
}
|
|
else {
|
|
//UPDATE PASSWORD
|
|
$data = json_encode(array("password" => $password, "resetkey" => $resetkey), JSON_UNESCAPED_UNICODE);
|
|
//Secure data
|
|
$payload = generate_payload($data);
|
|
//API call
|
|
$responses = ioServer('/v1/authorization', $payload);
|
|
if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = '400';}
|
|
|
|
if ($responses === 'NOK'){
|
|
$usernameerr = 'Not authorized, please retry';
|
|
} else {
|
|
// success
|
|
$username_err = 'You will be redirected';
|
|
//redirect to login page
|
|
header("Refresh:2; url=index.php");
|
|
}
|
|
}
|
|
//$username_err = 'You will be redirected';
|
|
}
|
|
else {
|
|
$username_err = 'Passwords do not match';
|
|
$reset_id_valid = 1;
|
|
}
|
|
}
|
|
|
|
|
|
}
|
|
|
|
//CHECK IF RESETKEY IS SEND AND VALID
|
|
if (isset($_GET['resetkey']) && $_GET['resetkey'] !=''){
|
|
|
|
//Check if key is valid
|
|
$is_jwt_valid = is_jwt_valid($_GET['resetkey']);
|
|
if($is_jwt_valid) {
|
|
$resetkey = $_GET['resetkey'];
|
|
$reset_id_valid = 1;
|
|
}
|
|
else {
|
|
|
|
//Token not valid => display error and redirect to loginpage
|
|
$username_err = $reset_message2 ;
|
|
|
|
//redirect to login page
|
|
header("Refresh:5; url=index.php");
|
|
}
|
|
|
|
}
|
|
echo'
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-type" content="text/html; charset=UTF-8" />
|
|
<title>'.site_title.'</title>
|
|
<link rel="shortcut icon" href="'.icon_image.'" type="image/x-icon" />
|
|
<link href="'.$custom_css.'" rel="stylesheet" type="text/css">
|
|
</head>
|
|
<body>
|
|
';
|
|
|
|
//Maintenance mode notification message
|
|
if (maintenance_mode_communication){
|
|
echo'
|
|
<p style="text-align: center;">
|
|
<small>'.maintenance_mode_notification.'</small>
|
|
</p>';
|
|
}
|
|
|
|
//Logon view
|
|
echo'
|
|
<div class="logon">
|
|
<div class="logon_center" style="position: static;">
|
|
<div id="imagelogon"></div>
|
|
<div class="login-box">
|
|
<small style="color:#fff;">'.site_title.'</small>
|
|
<h1>'.site_name.'</h1>
|
|
';
|
|
|
|
if (maintenance_mode)
|
|
{
|
|
//Maintenance mode is on => Show maintenance mode text
|
|
echo '
|
|
<p style="margin-top: 10%;color: white;">'.maintenance_mode_text.'</p>
|
|
';
|
|
} else {
|
|
//Maintenance mode is off => Show login
|
|
echo '
|
|
<form style="margin-top:15px;" action="'.$_SERVER['PHP_SELF'].'" method="POST">
|
|
';
|
|
if ($reset_id_valid != 1){
|
|
echo'
|
|
<input type="text" id="username" name="username" placeholder="Username" value="'; echo $username; echo '" autofocus>
|
|
<div id="reset"><a href="index.php">Back to login</a></div>
|
|
<input type="hidden" name="submit" value="Reset">
|
|
<input type="submit" value="Request reset">
|
|
';
|
|
} else {
|
|
echo '
|
|
<input type="hidden" id="resetkey" name="resetkey" value="'.$resetkey.'">
|
|
<input type="password" id="password_new" name="password" min="8" max="20" placeholder="New Password" autofocus>
|
|
<input type="password" id="password_update" name="password_update" min="8" max="20" placeholder="Repeat password">
|
|
<input type="submit" name="submit" value="Update password">
|
|
';
|
|
}
|
|
|
|
echo' </form>
|
|
<div id="message"><p>'.$username_err.'<p></div>
|
|
';
|
|
}
|
|
echo '
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|
|
';
|
|
?>
|