mirror of
https://github.com/myvesta/vesta
synced 2025-08-19 13:01:52 -07:00
password transmission via tmp files
This commit is contained in:
Serghey Rodin
parent
1021bd4ab2
commit
1a7612cc66
14 changed files with 172 additions and 87 deletions
|
|
@ -43,7 +43,6 @@ if (!empty($_POST['ok'])) {
|
|||
// Protect input
|
||||
$v_database = escapeshellarg($_POST['v_database']);
|
||||
$v_dbuser = escapeshellarg($_POST['v_dbuser']);
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
$v_type = $_POST['v_type'];
|
||||
$v_charset = $_POST['v_charset'];
|
||||
$v_host = $_POST['v_host'];
|
||||
|
|
@ -54,9 +53,15 @@ if (!empty($_POST['ok'])) {
|
|||
$v_type = escapeshellarg($_POST['v_type']);
|
||||
$v_charset = escapeshellarg($_POST['v_charset']);
|
||||
$v_host = escapeshellarg($_POST['v_host']);
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['v_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-database ".$user." ".$v_database." ".$v_dbuser." ".$v_password." ".$v_type." ".$v_host." ".$v_charset, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_password);
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
$v_type = $_POST['v_type'];
|
||||
$v_host = $_POST['v_host'];
|
||||
$v_charset = $_POST['v_charset'];
|
||||
|
|
|
|||
|
|
@ -87,7 +87,6 @@ if (!empty($_POST['ok_acc'])) {
|
|||
$v_domain = escapeshellarg($_POST['v_domain']);
|
||||
$v_domain = strtolower($v_domain);
|
||||
$v_account = escapeshellarg($_POST['v_account']);
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
$v_quota = escapeshellarg($_POST['v_quota']);
|
||||
$v_aliases = $_POST['v_aliases'];
|
||||
$v_fwd = $_POST['v_fwd'];
|
||||
|
|
@ -96,9 +95,15 @@ if (!empty($_POST['ok_acc'])) {
|
|||
|
||||
// Add Mail Account
|
||||
if (empty($_SESSION['error_msg'])) {
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['v_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-mail-account ".$user." ".$v_domain." ".$v_account." ".$v_password." ".$v_quota, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_password);
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
}
|
||||
|
||||
// Add Aliases
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ if (!empty($_POST['ok'])) {
|
|||
|
||||
// Protect input
|
||||
$v_username = escapeshellarg($_POST['v_username']);
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
$v_email = escapeshellarg($_POST['v_email']);
|
||||
$v_package = escapeshellarg($_POST['v_package']);
|
||||
$v_language = escapeshellarg($_POST['v_language']);
|
||||
|
|
@ -58,9 +57,15 @@ if (!empty($_POST['ok'])) {
|
|||
|
||||
// Add user
|
||||
if (empty($_SESSION['error_msg'])) {
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['v_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_fname." ".$v_lname, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_password);
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
}
|
||||
|
||||
// Set language
|
||||
|
|
|
|||
|
|
@ -196,10 +196,15 @@ if (!empty($_POST['ok'])) {
|
|||
// Add web stats password
|
||||
if ((!empty($_POST['v_stats_user'])) && (empty($_SESSION['error_msg']))) {
|
||||
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
|
||||
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
|
||||
$v_stats_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_stats_password, "w");
|
||||
fwrite($fp, $_POST['v_stats_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-web-domain-stats-user ".$user." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_stats_password);
|
||||
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
|
||||
}
|
||||
|
||||
// Restart DNS server
|
||||
|
|
@ -259,13 +264,16 @@ if (!empty($_POST['ok'])) {
|
|||
$v_ftp_username = $v_ftp_user_data['v_ftp_user'];
|
||||
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
|
||||
$v_ftp_user = escapeshellarg($v_ftp_user_data['v_ftp_user']);
|
||||
$v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
|
||||
|
||||
if ($domain_added) {
|
||||
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
|
||||
$v_ftp_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_ftp_password, "w");
|
||||
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-web-domain-ftp ".$user." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_ftp_password);
|
||||
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
|
||||
$to = $v_ftp_user_data['v_ftp_email'];
|
||||
$subject = __("FTP login credentials");
|
||||
|
|
|
|||
|
|
@ -13,9 +13,13 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|||
}
|
||||
|
||||
$v_user = escapeshellarg($_POST['user']);
|
||||
$v_password = escapeshellarg($_POST['password']);
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['password']."\n");
|
||||
fclose($fp);
|
||||
$v_ip_addr = escapeshellarg($_SERVER["REMOTE_ADDR"]);
|
||||
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$v_ip_addr."'", $output, $auth_code);
|
||||
unlink($v_password);
|
||||
} else {
|
||||
$key = '/usr/local/vesta/data/keys/' . basename($_POST['hash']);
|
||||
if (file_exists($key) && is_file($key)) {
|
||||
|
|
@ -42,7 +46,6 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
|
|||
|
||||
// Build query
|
||||
$cmdquery = VESTA_CMD.$cmd." ";
|
||||
|
||||
if(!empty($arg1)){
|
||||
$cmdquery = $cmdquery.$arg1." "; }
|
||||
if(!empty($arg2)){
|
||||
|
|
|
|||
|
|
@ -64,11 +64,15 @@ if (!empty($_POST['save'])) {
|
|||
|
||||
// Change database password
|
||||
if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['v_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
$v_password = "••••••••";
|
||||
unset($output);
|
||||
unlink($v_password);
|
||||
$v_password = "••••••••";
|
||||
}
|
||||
|
||||
// Set success message
|
||||
|
|
|
|||
|
|
@ -178,11 +178,15 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
|
|||
|
||||
// Change password
|
||||
if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['v_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
$v_password = "••••••••";
|
||||
unset($output);
|
||||
unlink($v_password);
|
||||
$v_password = "••••••••";
|
||||
}
|
||||
|
||||
// Change quota
|
||||
|
|
|
|||
|
|
@ -76,11 +76,15 @@ if (!empty($_POST['save'])) {
|
|||
|
||||
// Change password
|
||||
if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
|
||||
$v_password = escapeshellarg($_POST['v_password']);
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['v_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-change-user-password ".$v_username." ".$v_password, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
$v_password = "••••••••";
|
||||
unset($output);
|
||||
unlink($v_password);
|
||||
$v_password = "••••••••";
|
||||
}
|
||||
|
||||
// Change package (admin only)
|
||||
|
|
|
|||
|
|
@ -426,10 +426,14 @@ if (!empty($_POST['save'])) {
|
|||
$_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
|
||||
} else {
|
||||
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
|
||||
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
|
||||
$v_stats_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_stats_password, "w");
|
||||
fwrite($fp, $_POST['v_stats_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_stats_password);
|
||||
$v_stats_password = "••••••••";
|
||||
}
|
||||
}
|
||||
|
|
@ -450,10 +454,14 @@ if (!empty($_POST['save'])) {
|
|||
}
|
||||
if (($v_stats_user != $_POST['v_stats_user']) || ($_POST['v_stats_password'] != "••••••••" ) && (empty($_SESSION['error_msg']))) {
|
||||
$v_stats_user = escapeshellarg($_POST['v_stats_user']);
|
||||
$v_stats_password = escapeshellarg($_POST['v_stats_password']);
|
||||
$v_stats_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_stats_password, "w");
|
||||
fwrite($fp, $_POST['v_stats_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-web-domain-stats-user ".$v_username." ".$v_domain." ".$v_stats_user." ".$v_stats_password, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
unset($output);
|
||||
unlink($v_stats_password);
|
||||
$v_stats_password = "••••••••";
|
||||
}
|
||||
}
|
||||
|
|
@ -484,9 +492,12 @@ if (!empty($_POST['save'])) {
|
|||
$v_ftp_username = $v_ftp_user_data['v_ftp_user'];
|
||||
$v_ftp_username_full = $user . '_' . $v_ftp_user_data['v_ftp_user'];
|
||||
$v_ftp_user = escapeshellarg($v_ftp_username);
|
||||
$v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
|
||||
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
|
||||
if (empty($_SESSION['error_msg'])) {
|
||||
$v_ftp_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_ftp_password, "w");
|
||||
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-add-web-domain-ftp ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_password . " " . $v_ftp_path, $output, $return_var);
|
||||
check_return_code($return_var,$output);
|
||||
if ((!empty($v_ftp_user_data['v_ftp_email'])) && (empty($_SESSION['error_msg']))) {
|
||||
|
|
@ -499,6 +510,8 @@ if (!empty($_POST['save'])) {
|
|||
unset($v_ftp_email);
|
||||
}
|
||||
unset($output);
|
||||
unlink($v_ftp_password);
|
||||
$v_ftp_password = escapeshellarg($v_ftp_user_data['v_ftp_password']);
|
||||
}
|
||||
|
||||
if ($return_var == 0) {
|
||||
|
|
@ -552,7 +565,13 @@ if (!empty($_POST['save'])) {
|
|||
$v_ftp_path = escapeshellarg(trim($v_ftp_user_data['v_ftp_path']));
|
||||
exec (VESTA_CMD."v-change-web-domain-ftp-path ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_path, $output, $return_var);
|
||||
if ($v_ftp_user_data['v_ftp_password'] != "'••••••••'" && $v_ftp_user_data['v_ftp_password'] != "••••••••" && !empty($v_ftp_user_data['v_ftp_password'])) {
|
||||
$v_ftp_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_ftp_password, "w");
|
||||
fwrite($fp, $v_ftp_user_data['v_ftp_password']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-change-web-domain-ftp-password ".$v_username." ".$v_domain." ".$v_ftp_username." ".$v_ftp_user_data['v_ftp_password'], $output, $return_var);
|
||||
unlink($v_ftp_password);
|
||||
$v_ftp_user_data['v_ftp_password'] = escapeshellarg(trim($v_ftp_user_data['v_ftp_password']));
|
||||
$to = $v_ftp_user_data['v_ftp_email'];
|
||||
$subject = __("FTP login credentials");
|
||||
$hostname = exec('hostname');
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ if (empty($_GET['domain'])){
|
|||
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_dns.html');
|
||||
}
|
||||
} else {
|
||||
exec (VESTA_CMD."v-list-dns-records '".$user."' '".$_GET['domain']."' 'json'", $output, $return_var);
|
||||
exec (VESTA_CMD."v-list-dns-records '".$user."' '".escapeshellarg($_GET['domain'])."' 'json'", $output, $return_var);
|
||||
$data = json_decode(implode('', $output), true);
|
||||
$data = array_reverse($data, true);
|
||||
unset($output);
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ if (empty($_GET['domain'])){
|
|||
include($_SERVER['DOCUMENT_ROOT'].'/templates/user/list_mail.html');
|
||||
}
|
||||
} else {
|
||||
exec (VESTA_CMD."v-list-mail-accounts '".$user."' '".$_GET['domain']."' json", $output, $return_var);
|
||||
exec (VESTA_CMD."v-list-mail-accounts '".$user."' '".escapeshellarg($_GET['domain'])."' json", $output, $return_var);
|
||||
$data = json_decode(implode('', $output), true);
|
||||
$data = array_reverse($data, true);
|
||||
unset($output);
|
||||
|
|
|
|||
|
|
@ -9,23 +9,73 @@ if (isset($_GET['logout'])) {
|
|||
session_destroy();
|
||||
}
|
||||
|
||||
// Main include
|
||||
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
|
||||
|
||||
|
||||
// Login as someone else
|
||||
if (isset($_SESSION['user'])) {
|
||||
if ($_SESSION['user'] == 'admin' && !empty($_GET['loginas'])) {
|
||||
if ($_GET['loginas'] == 'admin') {
|
||||
unset($_SESSION['look']);
|
||||
} else {
|
||||
$_SESSION['look'] = $_GET['loginas'];
|
||||
$_SESSION['look_alert'] = $_GET['loginas'];
|
||||
exec (VESTA_CMD . "v-list-user ".escapeshellarg($_GET['loginas'])." json", $output, $return_var);
|
||||
if ( $return_var == 0 ) {
|
||||
$data = json_decode(implode('', $output), true);
|
||||
reset($data);
|
||||
$_SESSION['look'] = key($data);
|
||||
$_SESSION['look_alert'] = 'yes';
|
||||
}
|
||||
}
|
||||
header("Location: /");
|
||||
exit;
|
||||
}
|
||||
|
||||
// Basic auth
|
||||
if (isset($_POST['user']) && isset($_POST['password'])) {
|
||||
$v_user = escapeshellarg($_POST['user']);
|
||||
|
||||
// Send password via tmp file
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['password']."\n");
|
||||
fclose($fp);
|
||||
|
||||
// Check user & password
|
||||
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'", $output, $return_var);
|
||||
unset($output);
|
||||
|
||||
// Remove tmp file
|
||||
unlink($v_password);
|
||||
|
||||
// Check API answer
|
||||
if ( $return_var > 0 ) {
|
||||
$ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
|
||||
|
||||
} else {
|
||||
|
||||
// Make root admin user
|
||||
if ($_POST['user'] == 'root') $v_user = 'admin';
|
||||
|
||||
// Get user speciefic parameters
|
||||
exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
|
||||
$data = json_decode(implode('', $output), true);
|
||||
|
||||
// Define language
|
||||
if (!empty($data[$v_user]['LANGUAGE'])) $_SESSION['language'] = $data[$v_user]['LANGUAGE'];
|
||||
|
||||
// Define session user
|
||||
reset($data);
|
||||
$_SESSION['user'] = key($data);
|
||||
|
||||
// Redirect request to control panel interface
|
||||
if (!empty($_SESSION['request_uri'])) {
|
||||
header("Location: ".$_SESSION['request_uri']);
|
||||
unset($_SESSION['request_uri']);
|
||||
exit;
|
||||
} else {
|
||||
header("Location: /");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check system configuration
|
||||
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
|
||||
$data = json_decode(implode('', $output), true);
|
||||
|
|
@ -35,39 +85,10 @@ foreach ($sys_arr as $key => $value) {
|
|||
}
|
||||
|
||||
// Set default language
|
||||
if (empty($_SESSION['language'])) $_SESSION['language']=$_SESSION['LANGUAGE'];
|
||||
if (empty($_SESSION['language'])) $_SESSION['language']='en';
|
||||
|
||||
// Auth
|
||||
if (isset($_POST['user']) && isset($_POST['password'])) {
|
||||
$v_user = escapeshellarg($_POST['user']);
|
||||
$v_password = escapeshellarg($_POST['password']);
|
||||
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'", $output, $return_var);
|
||||
if ( $return_var > 0 ) {
|
||||
$ERROR = "<a class=\"error\">".__('Invalid username or password')."</a>";
|
||||
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
|
||||
require_once('../templates/header.html');
|
||||
require_once('../templates/login.html');
|
||||
} else {
|
||||
unset($output);
|
||||
exec (VESTA_CMD . "v-list-user ".$v_user." json", $output, $return_var);
|
||||
$data = json_decode(implode('', $output), true);
|
||||
$_SESSION['language'] = $data[$_POST['user']]['LANGUAGE'];
|
||||
if (empty($_SESSION['language'])) $_SESSION['language'] = 'en';
|
||||
$_SESSION['user'] = $_POST['user'];
|
||||
if ($_POST['user'] == 'root') $_SESSION['user'] = 'admin';
|
||||
if (!empty($_SESSION['request_uri'])) {
|
||||
header("Location: ".$_SESSION['request_uri']);
|
||||
unset($_SESSION['request_uri']);
|
||||
exit;
|
||||
} else {
|
||||
header("Location: /");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/i18n/'.$_SESSION['language'].'.php');
|
||||
require_once('../templates/header.html');
|
||||
require_once('../templates/login.html');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -43,15 +43,19 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass
|
|||
if ( $_POST['password'] == $_POST['password_confirm'] ) {
|
||||
$v_user = escapeshellarg($_POST['user']);
|
||||
$user = $_POST['user'];
|
||||
$v_password = escapeshellarg($_POST['password']);
|
||||
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user";
|
||||
exec ($cmd." ".$v_user." json", $output, $return_var);
|
||||
if ( $return_var == 0 ) {
|
||||
$data = json_decode(implode('', $output), true);
|
||||
$rkey = $data[$user]['RKEY'];
|
||||
if ($rkey == $_POST['code']) {
|
||||
$v_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_password, "w");
|
||||
fwrite($fp, $_POST['password']."\n");
|
||||
fclose($fp);
|
||||
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-change-user-password";
|
||||
exec ($cmd." ".$v_user." ".$v_password, $output, $return_var);
|
||||
unlink($v_password);
|
||||
if ( $return_var > 0 ) {
|
||||
$ERROR = "<a class=\"error\">".__('An internal error occurred')."</a>";
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -104,8 +104,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
|
|||
list($v_account, $v_domain) = explode('@', $_POST['email']);
|
||||
$v_domain = escapeshellarg($v_domain);
|
||||
$v_account = escapeshellarg($v_account);
|
||||
$password = $_POST['password'];
|
||||
$new = escapeshellarg($_POST['new']);
|
||||
$v_password = $_POST['password'];
|
||||
|
||||
// Get domain owner
|
||||
exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var);
|
||||
|
|
@ -126,12 +125,16 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
|
|||
// Compare hashes
|
||||
if (!empty($v_hash)) {
|
||||
$salt = explode('$', $v_hash);
|
||||
$n_hash = md5crypt($password, $salt[2]);
|
||||
$n_hash = md5crypt($v_password, $salt[2]);
|
||||
$n_hash = '{MD5}'.$n_hash;
|
||||
|
||||
// Change password
|
||||
if ( $v_hash == $n_hash ) {
|
||||
exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$new, $output, $return_var);
|
||||
$v_new_password = tempnam("/tmp","vst");
|
||||
$fp = fopen($v_new_password, "w");
|
||||
fwrite($fp, $_POST['new']."\n");
|
||||
fclose($fp);
|
||||
exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var);
|
||||
if ($return_var == 0) {
|
||||
echo "ok";
|
||||
exit;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue