github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-14 10:37:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

password transmission via tmp files

Browse source
This commit is contained in:
Serghey Rodin 2015-03-31 00:01:44 +03:00
commit 1a7612cc66
14 changed files with 172 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

6
web/reset/index.php
View file

@ -43,15 +43,19 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass
if ( $_POST['password'] == $_POST['password_confirm'] ) {
$v_user = escapeshellarg($_POST['user']);
$user = $_POST['user'];
$v_password = escapeshellarg($_POST['password']);
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-list-user";
exec ($cmd." ".$v_user." json", $output, $return_var);
if ( $return_var == 0 ) {
$data = json_decode(implode('', $output), true);
$rkey = $data[$user]['RKEY'];
if ($rkey == $_POST['code']) {
$v_password = tempnam("/tmp","vst");
$fp = fopen($v_password, "w");
fwrite($fp, $_POST['password']."\n");
fclose($fp);
$cmd="/usr/bin/sudo /usr/local/vesta/bin/v-change-user-password";
exec ($cmd." ".$v_user." ".$v_password, $output, $return_var);
unlink($v_password);
if ( $return_var > 0 ) {
$ERROR = "<a class=\"error\">".__('An internal error occurred')."</a>";
} else {

11
web/reset/mail/index.php
View file

@ -104,8 +104,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
list($v_account, $v_domain) = explode('@', $_POST['email']);
$v_domain = escapeshellarg($v_domain);
$v_account = escapeshellarg($v_account);
$password = $_POST['password'];
$new = escapeshellarg($_POST['new']);
$v_password = $_POST['password'];
// Get domain owner
exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var);
@ -126,12 +125,16 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[
// Compare hashes
if (!empty($v_hash)) {
$salt = explode('$', $v_hash);
$n_hash = md5crypt($password, $salt[2]);
$n_hash = md5crypt($v_password, $salt[2]);
$n_hash = '{MD5}'.$n_hash;
// Change password
if ( $v_hash == $n_hash ) {
exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$new, $output, $return_var);
$v_new_password = tempnam("/tmp","vst");
$fp = fopen($v_new_password, "w");
fwrite($fp, $_POST['new']."\n");
fclose($fp);
exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var);
if ($return_var == 0) {
echo "ok";
exit;