* SPDX-License-Identifier: AGPL-3.0-only ************************************/ /* crmv@192078 */ // crmv@171581 class RecoverPwd { public $user_auth_token_type = 'password_recovery'; public $user_auth_seconds_to_expire = 86400; // 1 day in seconds public function process(&$request, &$post) { global $default_charset; $action = $request['action']; $smarty = $this->initSmarty(); header('Content-Type: text/html; charset=' . $default_charset); if ($action == 'change_password') { $body = $this->displayChangePwd($smarty, $post['key'], $post['confirm_new_password']); } elseif ($action == 'recover') { $body = $this->displayRecover($smarty, $request['key']); } elseif ($action == 'send') { $body = $this->displaySend($smarty, $post['user_name']); } elseif ($action == 'change_old_pwd') { $body = $this->displayChangeOldPwd($smarty, $request['key']); } elseif ($action == 'change_old_pwd_send') { $body = $this->displayChangeOldPwdSend($smarty, $post['key'], $post['old_password'], $post['new_password']); } else { $body = $this->displayMainForm($smarty); } $smarty->assign('BODY', $body); $smarty->display('Recover.tpl'); } public function initSmarty() { global $current_language, $default_language, $theme, $enterprise_website; $current_language = $default_language; $smarty = new VteSmarty(); $smarty->assign('PATH','../'); $smarty->assign('THEME', $theme); $smarty->assign('CURRENT_LANGUAGE', $current_language); $smarty->assign('ENTERPRISE_WEBSITE', $enterprise_website); $smarty->assign('TITLE', getTranslatedString('LBL_RECOVER_EMAIL_SUBJECT', 'Users')); return $smarty; } public function displayMainForm($smarty) { global $site_URL; $description = '
'.getTranslatedString('LBL_RECOVER_INTRO','Users').'
'; return $description; } public function displaySend($smarty, $username) { global $adb, $table_prefix; global $site_URL, $current_user; if (empty($username)) return $this->displayError($smarty); // by default show the success message, to avoid users enumeration $description = '
'.getTranslatedString('LBL_RECOVER_MAIL_SENT','Users').'
'; $current_user = CRMEntity::getInstance('Users'); $current_user->id = $current_user->retrieve_user_id($username); $current_user->retrieve_entity_info($current_user->id, 'Users'); $current_language = $current_user->column_fields['default_language']; if ($current_user->column_fields['email1'] != '') { require_once('modules/Emails/mail.php'); global $HELPDESK_SUPPORT_NAME, $HELPDESK_SUPPORT_EMAIL_ID; if (empty($HELPDESK_SUPPORT_EMAIL_ID) || $HELPDESK_SUPPORT_EMAIL_ID == 'admin@vte123abc987.com') { $result = $adb->query("select email1 from {$table_prefix}_users where id = 1"); $HELPDESK_SUPPORT_EMAIL_ID = $adb->query_result($result,0,'email1'); } $subject = getTranslatedString('LBL_RECOVER_EMAIL_SUBJECT','Users'); $key = getUserAuthtokenKey($this->user_auth_token_type,$current_user->id,$this->user_auth_seconds_to_expire); $mail_error = true; if ($key !== false) { $mail_error = false; $link = "".getTranslatedString('LBL_HERE','APP_STRINGS').""; $body = getTranslatedString('Dear','HelpDesk').' '.$_POST['user_name'].',

'; $body .= sprintf(getTranslatedString('LBL_RECOVER_EMAIL_BODY1','Users'),getIP()).' '.$link.' '.getTranslatedString('LBL_RECOVER_EMAIL_BODY2','Users'); // crmv@193845 $body .= '

'.getTranslatedString("LBL_REGARDS",'HelpDesk').',
'.getTranslatedString("LBL_TEAM",'HelpDesk'); //crmv@157490 $serverConfigUtils = ServerConfigUtils::getInstance(); $server = $serverConfigUtils->getConfiguration('email',array('server'),'server_type',true); //crmv@157490e if ($server == '') { $domains = array( //$_SERVER['SERVER_NAME'], substr($current_user->column_fields['email1'],strpos($current_user->column_fields['email1'],'@')+1) ); $focusMessages = CRMEntity::getInstance('Messages'); $userAccounts = $focusMessages->getUserAccounts(); if (!empty($userAccounts)) { foreach($userAccounts as $account) { if (!empty($account['server'])) { $domains[] = $account['server']; } if (!empty($account['domain'])) { $domains[] = $account['domain']; } if (!empty($account['username'])) { $domains[] = substr($account['username'],strpos($account['username'],'@')+1); } } } $domains = array_filter($domains); if(!empty($domains)) { $exit = false; foreach ($domains as $domain) { $mxhosts = array(); getmxrr($domain, $mxhosts); foreach($mxhosts as $mxhost) { $servers = array_filter(array($mxhost, gethostbyname($mxhost))); foreach ($servers as $server) { $_REQUEST['server'] = $server; $_REQUEST['server_username'] = ''; $_REQUEST['server_password'] = ''; $_REQUEST['smtp_auth'] = ''; $mail_status = send_mail('Users',$current_user->column_fields['email1'],$HELPDESK_SUPPORT_NAME,$HELPDESK_SUPPORT_EMAIL_ID,$subject,$body); if($mail_status != 1) { $mail_error = true; } else { $exit = true; break; } } if ($exit) { break; } } if ($exit) { break; } } } } else { $mail_status = send_mail('Users',$current_user->column_fields['email1'],$HELPDESK_SUPPORT_NAME,$HELPDESK_SUPPORT_EMAIL_ID,$subject,$body); if($mail_status != 1) { $mail_error = true; } } } if ($mail_error) { $description = '
'.getTranslatedString('LBL_RECOVER_MAIL_ERROR','Users').'
'; } } return $description; } public function displayRecover($smarty, $key) { global $current_user, $site_URL; $user_id = validateUserAuthtokenKey($this->user_auth_token_type,$key); if ($user_id === false) { $description = '
'.getTranslatedString('LBL_RECOVERY_SESSION_EXPIRED','Users').'
'; return $description; } $current_user = CRMEntity::getInstance('Users'); $current_user->id = $user_id; $current_user->retrieve_entity_info($current_user->id, 'Users'); $login_link = "" . getTranslatedString('LBL_HERE', 'Calendar') . ""; $description = '
'.getTranslatedString('LBL_RECOVERY_SYSTEM1','Users').' '.$current_user->column_fields['user_name'].' '.getTranslatedString('LBL_RECOVERY_SYSTEM2','Users').' '.$login_link.' '.getTranslatedString('LBL_RECOVERY_SYSTEM3','Users').'
'; return $description; } public function displayChangePwd($smarty, $key, $newpwd) { global $site_URL, $current_user; global $adb, $table_prefix; $user_id = validateUserAuthtokenKey($this->user_auth_token_type,$key); if ($user_id === false) { $description = '
'.getTranslatedString('LBL_RECOVERY_SESSION_EXPIRED','Users').'
'; return $description; } $current_user = CRMEntity::getInstance('Users'); $current_user->id = $user_id; $current_user->retrieve_entity_info($current_user->id,'Users'); //crmv@28327 if (!$current_user->checkPasswordCriteria($newpwd,$current_user->column_fields)) { $description = '
'.sprintf(getTranslatedString('LBL_NOT_SAFETY_PASSWORD','Users'),$current_user->password_length_min).'
'; //crmv@35153 } elseif ($current_user->id == 1 && isFreeVersion()) { $result = $adb->query("SELECT hash_version FROM ".$table_prefix."_version"); VteSession::set('vte_hash_version', Users::m_encryption(Users::de_cryption($adb->query_result_no_html($result, 0, 'hash_version')))); // crmv@208111 $focusMorphsuit = CRMEntity::getInstance("Morphsuit"); $description = '
'; emptyUserAuthtokenKey($this->user_auth_token_type,$user_id); //crmv@35153e } else { $current_user->change_password('oldpwd', $_POST['confirm_new_password'], true, true); emptyUserAuthtokenKey($this->user_auth_token_type,$user_id); $description = '
'.getTranslatedString('LBL_RECOVERY_PASSWORD_SAVED','Users').'
'; } //crmv@28327e return $description; } public function displayChangeOldPwd($smarty, $key) { global $site_URL, $current_user; global $adb, $table_prefix; $user_id = validateUserAuthtokenKey($this->user_auth_token_type,$key); if (!$user_id) { $description = '
'.getTranslatedString('LBL_RECOVERY_SESSION_EXPIRED','Users').'
'; return $description; } $current_user = CRMEntity::getInstance('Users'); $current_user->id = $user_id; $description = '
'.sprintf(getTranslatedString('LBL_PASSWORD_TO_BE_CHANGED','Users'), $current_user->time_to_change_password).'
'.getTranslatedString('LBL_USE_FIELDS_TO_CHANGE_PWD', 'Users').'.
'; return $description; } public function displayChangeOldPwdSend($smarty, $key, $oldPassword, $newPassword) { global $site_URL, $current_user; global $adb, $table_prefix; $user_id = validateUserAuthtokenKey($this->user_auth_token_type,$key); if (!$user_id) { $description = '
'.getTranslatedString('LBL_RECOVERY_SESSION_EXPIRED','Users').'
'; return $description; } $current_user = CRMEntity::getInstance('Users'); $current_user->id = $user_id; $current_user->retrieve_entity_info($current_user->id, 'Users'); // first check the old password if (!$current_user->doLogin($oldPassword)) { $description = getTranslatedString('ERR_PASSWORD_INCORRECT_OLD', 'Users'); $description .= '
'.getTranslatedString('LBL_BACK').''; } elseif (!$current_user->checkPasswordCriteria($newPassword,$current_user->column_fields)) { $description = sprintf(getTranslatedString('LBL_NOT_SAFETY_PASSWORD','Users'),$current_user->password_length_min); $description .= '
'.getTranslatedString('LBL_BACK').''; } else { $r = $current_user->change_password($oldPassword, $newPassword); if ($r === false) { $description = 'Unknown error while updating password'; $description .= '
'.getTranslatedString('LBL_BACK').''; } else { // authenticate and redirect $description = '

'.getTranslatedString('LBL_PASSWORD_CHANGED', 'Users').'

'.getTranslatedString('LBL_WAIT_FOR_LOGIN', 'Users').'

'; } } return $description; } public function displayError($smarty, $msg = '') { if (!$msg) $msg = 'Internal error'; return $msg; } }