github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-20 13:24:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

password reset support for rouncube webmail

Browse source
This commit is contained in:
Serghey Rodin 2012-12-28 11:39:01 +02:00
commit eb40d64132
5 changed files with 306 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

49
bin/v-get-mail-account-value Executable file
View file

@ -0,0 +1,49 @@
#!/bin/bash
# info: get mail account value
# options: user domain account key
#
# The function for getting a certain mail account parameter.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument defenition
user=$1
domain=$(idn -t --quiet -u "$2" )
domain_idn=$(idn -t --quiet -a "$domain")
account=$3
key=$(echo "$4"| tr '[:lower:]' '[:upper:]'|sed -e "s/^/$/")
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '3' "$#" 'user domain key'
validate_format 'user' 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'mail' 'DOMAIN' "$domain"
is_object_valid "mail/$domain" 'ACCOUNT' "$account"
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Print
get_object_value "mail/$domain" 'ACCOUNT' "$account" "$key"
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$EVENT"
exit

47
bin/v-get-mail-domain-value Executable file
View file

@ -0,0 +1,47 @@
#!/bin/bash
# info: get mail domain value
# options: user domain key
#
# The function for getting a certain mail domain parameter.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument defenition
user=$1
domain=$(idn -t --quiet -u "$2" )
domain_idn=$(idn -t --quiet -a "$domain")
key=$(echo "$3"| tr '[:lower:]' '[:upper:]'|sed -e "s/^/$/")
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '3' "$#" 'user domain key'
validate_format 'user' 'domain'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'mail' 'DOMAIN' "$domain"
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Print
get_object_value 'mail' 'DOMAIN' "$domain" "$key"
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$EVENT"
exit

55
bin/v-search-domain-owner Executable file
View file

@ -0,0 +1,55 @@
#!/bin/bash
# info: search domain owner
# options: domain [type]
#
# The function that allows to find user objects.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument defenition
domain=$(idn -t --quiet -u "$1" )
type=${2-any}
# Includes
source $VESTA/func/main.sh
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'domain [type]'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Define conf
case $type in
web) conf="$VESTA/data/users/*/web.conf" ;;
dns) conf="$VESTA/data/users/*/dns.conf" ;;
mail) conf="$VESTA/data/users/*/mail.conf" ;;
*) conf="$VESTA/data/users/*/*.conf"
esac
owner=$(grep "DOMAIN='$domain'" $conf | head -n 1 | cut -f7 -d '/')
if [ -z "$owner" ]; then
exit $E_NOTEXIST
fi
echo $owner
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
#log_event "$OK" "$EVENT"
exit

2
web/inc/main.php
View file

@ -1,6 +1,6 @@
<?php
// Check user session
if (!isset($_SESSION['user'])) {
if ((!isset($_SESSION['user'])) && (!isset($api_mode))) {
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
header("Location: /login/");
exit;

154
web/reset/mail/index.php Normal file
View file

@ -0,0 +1,154 @@
<?php
// Init
error_reporting(NULL);
$api_mode = true;
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
//
// sourceforge.net/projects/postfixadmin/
// md5crypt
// Action: Creates MD5 encrypted password
// Call: md5crypt (string cleartextpassword)
//
function md5crypt ($pw, $salt="", $magic="")
{
$MAGIC = "$1$";
if ($magic == "") $magic = $MAGIC;
if ($salt == "") $salt = create_salt ();
$slist = explode ("$", $salt);
if ($slist[0] == "1") $salt = $slist[1];
$salt = substr ($salt, 0, 8);
$ctx = $pw . $magic . $salt;
$final = hex2bin (md5 ($pw . $salt . $pw));
for ($i=strlen ($pw); $i>0; $i-=16)
{
if ($i > 16)
{
$ctx .= substr ($final,0,16);
}
else
{
$ctx .= substr ($final,0,$i);
}
}
$i = strlen ($pw);
while ($i > 0)
{
if ($i & 1) $ctx .= chr (0);
else $ctx .= $pw[0];
$i = $i >> 1;
}
$final = hex2bin (md5 ($ctx));
for ($i=0;$i<1000;$i++)
{
$ctx1 = "";
if ($i & 1)
{
$ctx1 .= $pw;
}
else
{
$ctx1 .= substr ($final,0,16);
}
if ($i % 3) $ctx1 .= $salt;
if ($i % 7) $ctx1 .= $pw;
if ($i & 1)
{
$ctx1 .= substr ($final,0,16);
}
else
{
$ctx1 .= $pw;
}
$final = hex2bin (md5 ($ctx1));
}
$passwd = "";
$passwd .= to64 (((ord ($final[0]) << 16) | (ord ($final[6]) << 8) | (ord ($final[12]))), 4);
$passwd .= to64 (((ord ($final[1]) << 16) | (ord ($final[7]) << 8) | (ord ($final[13]))), 4);
$passwd .= to64 (((ord ($final[2]) << 16) | (ord ($final[8]) << 8) | (ord ($final[14]))), 4);
$passwd .= to64 (((ord ($final[3]) << 16) | (ord ($final[9]) << 8) | (ord ($final[15]))), 4);
$passwd .= to64 (((ord ($final[4]) << 16) | (ord ($final[10]) << 8) | (ord ($final[5]))), 4);
$passwd .= to64 (ord ($final[11]), 2);
return "$magic$salt\$$passwd";
}
//
// sourceforge.net/projects/postfixadmin/
// to64
//
function to64 ($v, $n)
{
$ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
$ret = "";
while (($n - 1) >= 0)
{
$n--;
$ret .= $ITOA64[$v & 0x3f];
$v = $v >> 6;
}
return $ret;
}
// Check arguments
if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST['new']))) {
list($v_account, $v_domain) = explode('@', $_POST['email']);
$v_domain = escapeshellarg($v_domain);
$v_account = escapeshellarg($v_account);
$password = $_POST['password'];
$new = escapeshellarg($_POST['new']);
// Get domain owner
exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var);
if ($return_var == 0) {
$v_user = $output[0];
}
unset($output);
// Get current md5 hash
if (!empty($v_user)) {
exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var);
if ($return_var == 0) {
$v_hash = $output[0];
}
}
unset($output);
// Compare hashes
if (!empty($v_hash)) {
$salt = explode('$', $v_hash);
$n_hash = md5crypt($password, $salt[2]);
$n_hash = '{MD5}'.$n_hash;
// Change password
if ( $v_hash == $n_hash ) {
exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$new, $output, $return_var);
$fp = fopen('/tmp/vst.log', 'w');
fwrite($fp, "Owner: ".$v_user."\n");
fwrite($fp, "Hash: ".$v_hash."\n");
fwrite($fp, "New: ".$n_hash."\n");
fwrite($fp, "Salt : ".$salt[2]."\n");
fwrite($fp, "Password: ".$password."\n");
fwrite($fp, "Return: ".$return_var."\n");
fclose($fp);
if ($return_var == 0) {
echo "ok";
exit;
}
}
}
}
echo 'error';
exit;