webmin/forgot.cgi

#!/usr/local/bin/perl
# Linked to from the forgotten password email

BEGIN { push(@INC, "."); };
use WebminCore;
$no_acl_check++;
$trust_unknown_referers = 1;
&init_config();
&ReadParse();
&load_theme_library();

&theme_forgot_handler($0) if (defined(&theme_forgot_handler));
&error_setup($text{'forgot_err'});
$gconfig{'forgot_pass'} || &error($text{'forgot_ecannot'});
my $timeout = $gconfig{'passreset_timeout'} || 15;
$remote_user && &error($text{'forgot_elogin'});

# Check that the random ID is valid
$in{'id'} =~ /^[a-f0-9]+$/i || &error($text{'forgot_eid'});
my %link;
my $linkfile = $main::forgot_password_link_dir."/".$in{'id'};
&read_file($linkfile, \%link) || &error($text{'forgot_eid2'});
time() - $link{'time'} > 60*$timeout &&
	&error(&text('forgot_etime', $timeout));

# Get the Webmin user
&foreign_require("acl");
my ($wuser) = grep { $_->{'name'} eq $link{'user'} } &acl::list_users();

# Get the Virtualmin mail Unix user if Webmin user is not found
my ($muser, $muserdom);
if (!$wuser && $link{'muser'}) {
	# Probably Virtualmin mail user, so try to find it
	&foreign_require("virtual-server");
	my $d = &virtual_server::get_user_domain(lc($link{'muser'}));
	if ($d) {
		my @u = &virtual_server::list_domain_users($d, 0, 0, 1, 1, 0);
		($muser) = grep { $_->{'user'} eq lc($link{'muser'}) } @u;
		}
	}

# Show an error if neither user was found
!$muser && $link{'muser'} && &error(&text('forgot_euser3',
		"<tt>".&html_escape($link{'muser'})."</tt>"));
$wuser || $muser || &error(&text('forgot_euser2',
		"<tt>".&html_escape($link{'user'})."</tt>"));

# Set the username whichever is available
my $username = $link{'muser'} || $link{'uuser'} || $link{'user'};
my $email = $wuser ? $wuser->{'email'} : 
	    $muser ? $muser->{'recovery'} || $muser->{'email'} : undef;

&ui_print_header(undef, $text{'forgot_title'}, "", undef, undef, 1, 1);

if (defined($in{'newpass'})) {
	# Validate the password
	$in{'newpass'} =~ /\S/ || &error($text{'forgot_enewpass'});
	$in{'newpass'} eq $in{'newpass2'} ||
		&error($text{'forgot_enewpass2'});
	my $perr = &acl::check_password_restrictions(
			$wuser->{'name'}, $in{'newpass'});
	$perr && &error(&text('forgot_equality', $perr));

	# Actually update the password
	my $d;
	if (&foreign_check("virtual-server")) {
		# Is this a Virtualmin domain owner?
		&foreign_require("virtual-server");
		$d = &virtual_server::get_domain_by("user", $link{'user'},
						    "parent", "");
		$d && $d->{'disabled'} && &error($text{'forgot_edisabled'});
		}
	if ($d) {
		# Update in Virtualmin
		print &text('forgot_vdoing',
			&virtual_server::show_domain_name($d)),"<br>\n";
		&virtual_server::push_all_print();
		&virtual_server::set_all_null_print();
		foreach my $d (&virtual_server::get_domain_by("user", $link{'user'})) {
			&virtual_server::lock_domain($d);
			my $oldd = { %$d };
			$d->{'pass'} = $in{'newpass'};
			$d->{'pass_set'} = 1;
			&virtual_server::generate_domain_password_hashes($d, 0);

			# Update all features
			foreach my $f (&virtual_server::domain_features($d)) {
				if ($virtual_server::config{$f} && $d->{$f}) {
					my $mfunc = "virtual_server::modify_$f";
					&$mfunc($d, $oldd);
					}
				}

			# Update all plugins
			foreach my $f (&virtual_server::list_feature_plugins()) {
				if ($d->{$f}) {
					&virtual_server::plugin_call(
					    $f, "feature_modify", $d, $oldd);
					}
				}

			&virtual_server::save_domain($d);
			&virtual_server::unlock_domain($d);
			}
		&virtual_server::run_post_actions();
		&virtual_server::pop_all_print();
		print $text{'forgot_done'},"<p>\n";
		}
	elsif ($muser) {
		# Update in Virtualmin if this is a mail user
		my %oldmuser = %$muser;
		$muser->{'plainpass'} = $in{'newpass'};
		$muser->{'pass'} =
			&virtual_server::encrypt_user_password(
				$muser, $muser->{'plainpass'});
		$muser->{'passmode'} = 3;
		&virtual_server::set_pass_change($muser);
		&virtual_server::modify_user($muser, \%oldmuser, $muserdom);
		}
	elsif ($link{'uuser'} || $wuser->{'pass'} eq 'x') {
		# Update in Users and Groups
		print &text('forgot_udoing',
			"<tt>".&html_escape($username)."</tt>"),"<br>\n";
		&foreign_require("useradmin");
		my ($user) = grep { $_->{'user'} eq $username }
				  &useradmin::list_users();
		$user || &error($text{'forgot_eunix'});
		$user->{'pass'} eq $useradmin::config{'lock_string'} &&
			&error($text{'forgot_eunixlock'});
		my $olduser = { %$user };
		$user->{'passmode'} = 3;
		$user->{'plainpass'} = $in{'newpass'};
		$user->{'pass'} = &useradmin::encrypt_password($in{'newpass'},
							       undef, 1);
		&useradmin::modify_user($olduser, $user);
		&useradmin::other_modules("useradmin_modify_user", $user,
					  $olduser);
		&reload_miniserv();
		print $text{'forgot_done'},"<p>\n";
		}
	else {
		# Update in Webmin
		print &text('forgot_wdoing',
			"<tt>".&html_escape($link{'user'})."</tt>"),"<br>\n";
		$wuser->{'pass'} = &acl::encrypt_password($in{'newpass'});
		&acl::modify_user($wuser->{'name'}, $wuser);
		&reload_miniserv();
		print $text{'forgot_done'},"<p>\n";
		}
	
	# Print link to login for Webmin user
	if (!$muser) {
		print &text('forgot_retry', &get_webprefix()."/",
			    "<tt>".$username."</tt>"),"<p>\n";
		}
	else {
		print &text('forgot_retry2', "<tt>".$username."</tt>"),"<p>\n";
		}

	&webmin_log("forgot", "reset", undef,
		    { 'user' => $username,
		      'unix' => $link{'uuser'} ? 1 : 0,
		      'email' => $email }, "acl");

	&unlink_logged($linkfile);
	}
else {
	# Show password selection form
	print "<center>\n";
	print &ui_form_start("forgot.cgi", "post");
	print &ui_hidden("id", $in{'id'});
	print &ui_table_start(undef, undef, 2);
	print &ui_table_row(
		&text('forgot_newpass',
		      "<tt>".&html_escape($username)."</tt>"),
		&ui_password("newpass", undef, 30));
	print &ui_table_row(
		$text{'forgot_newpass2'},
		&ui_password("newpass2", undef, 30));
	print &ui_table_end();
	print &ui_form_end([ [ undef, $text{'forgot_passok'} ] ]);
	print "</center>\n";
	}

&ui_print_footer();
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`#!/usr/local/bin/perl`
			`# Linked to from the forgotten password email`

			`BEGIN { push(@INC, "."); };`
			`use WebminCore;`
			`$no_acl_check++;`
Fix password change for regular webmin users 2025-04-15 21:23:10 -07:00			`$trust_unknown_referers = 1;`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`&init_config();`
			`&ReadParse();`
Add ability for themes to handle each "forgot_*" page 2025-04-25 20:01:30 +03:00			`&load_theme_library();`

Fix to load theme handle first 2025-05-21 22:02:02 +03:00			`&theme_forgot_handler($0) if (defined(&theme_forgot_handler));`
Add ability for themes to handle each "forgot_*" page 2025-04-25 20:01:30 +03:00			`&error_setup($text{'forgot_err'});`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`$gconfig{'forgot_pass'} \|\| &error($text{'forgot_ecannot'});`
Cleaner to use temporary variables rather than modifying gconfig 2025-05-03 20:49:04 -07:00			`my $timeout = $gconfig{'passreset_timeout'} \|\| 15;`
Cannot reset password if you're logged in 2025-04-20 10:30:14 -07:00			`$remote_user && &error($text{'forgot_elogin'});`
More work on forgotten password support 2025-04-14 22:44:55 -07:00
			`# Check that the random ID is valid`
			`$in{'id'} =~ /^[a-f0-9]+$/i \|\| &error($text{'forgot_eid'});`
			`my %link;`
Lock link tracking files 2025-05-05 20:08:12 -07:00			`my $linkfile = $main::forgot_password_link_dir."/".$in{'id'};`
			`&read_file($linkfile, \%link) \|\| &error($text{'forgot_eid2'});`
Cleaner to use temporary variables rather than modifying gconfig 2025-05-03 20:49:04 -07:00			`time() - $link{'time'} > 60*$timeout &&`
			`&error(&text('forgot_etime', $timeout));`
More work on forgotten password support 2025-04-14 22:44:55 -07:00
			`# Get the Webmin user`
			`&foreign_require("acl");`
			`my ($wuser) = grep { $_->{'name'} eq $link{'user'} } &acl::list_users();`
Add support to reset password for Virtualmin mail users 2025-05-31 23:40:39 +03:00
			`# Get the Virtualmin mail Unix user if Webmin user is not found`
			`my ($muser, $muserdom);`
			`if (!$wuser && $link{'muser'}) {`
			`# Probably Virtualmin mail user, so try to find it`
			`&foreign_require("virtual-server");`
Fix to speed up checking domains and users 2025-06-01 10:24:05 +03:00			`my $d = &virtual_server::get_user_domain(lc($link{'muser'}));`
			`if ($d) {`
			`my @u = &virtual_server::list_domain_users($d, 0, 0, 1, 1, 0);`
			`($muser) = grep { $_->{'user'} eq lc($link{'muser'}) } @u;`
Add support to reset password for Virtualmin mail users 2025-05-31 23:40:39 +03:00			`}`
			`}`

			`# Show an error if neither user was found`
			`!$muser && $link{'muser'} && &error(&text('forgot_euser3',`
			`"<tt>".&html_escape($link{'muser'})."</tt>"));`
			`$wuser \|\| $muser \|\| &error(&text('forgot_euser2',`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`"<tt>".&html_escape($link{'user'})."</tt>"));`
Add support to reset password for Virtualmin mail users 2025-05-31 23:40:39 +03:00
			`# Set the username whichever is available`
			`my $username = $link{'muser'} \|\| $link{'uuser'} \|\| $link{'user'};`
			`my $email = $wuser ? $wuser->{'email'} :`
			`$muser ? $muser->{'recovery'} \|\| $muser->{'email'} : undef;`
More work on forgotten password support 2025-04-14 22:44:55 -07:00
			`&ui_print_header(undef, $text{'forgot_title'}, "", undef, undef, 1, 1);`

			`if (defined($in{'newpass'})) {`
			`# Validate the password`
			`$in{'newpass'} =~ /\S/ \|\| &error($text{'forgot_enewpass'});`
Ask for password twice 2025-04-21 19:56:20 -07:00			`$in{'newpass'} eq $in{'newpass2'} \|\|`
			`&error($text{'forgot_enewpass2'});`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`my $perr = &acl::check_password_restrictions(`
			`$wuser->{'name'}, $in{'newpass'});`
			`$perr && &error(&text('forgot_equality', $perr));`

			`# Actually update the password`
Properly declare $d 2025-04-22 22:01:21 -07:00			`my $d;`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`if (&foreign_check("virtual-server")) {`
			`# Is this a Virtualmin domain owner?`
			`&foreign_require("virtual-server");`
			`$d = &virtual_server::get_domain_by("user", $link{'user'},`
			`"parent", "");`
Check for the d variable properly 2025-04-23 20:51:59 -07:00			`$d && $d->{'disabled'} && &error($text{'forgot_edisabled'});`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`}`
Check for the d variable properly 2025-04-23 20:51:59 -07:00			`if ($d) {`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`# Update in Virtualmin`
Implement forgotted password reset for Virtualmin users 2025-04-17 22:11:39 -07:00			`print &text('forgot_vdoing',`
			`&virtual_server::show_domain_name($d)),"<br>\n";`
Don't show Virtualmin output when resetting a password 2025-04-21 16:55:35 -07:00			`&virtual_server::push_all_print();`
			`&virtual_server::set_all_null_print();`
Implement forgotted password reset for Virtualmin users 2025-04-17 22:11:39 -07:00			`foreach my $d (&virtual_server::get_domain_by("user", $link{'user'})) {`
			`&virtual_server::lock_domain($d);`
			`my $oldd = { %$d };`
			`$d->{'pass'} = $in{'newpass'};`
			`$d->{'pass_set'} = 1;`
			`&virtual_server::generate_domain_password_hashes($d, 0);`

			`# Update all features`
			`foreach my $f (&virtual_server::domain_features($d)) {`
			`if ($virtual_server::config{$f} && $d->{$f}) {`
Line length cleanup 2025-05-19 21:56:11 -07:00			`my $mfunc = "virtual_server::modify_$f";`
Implement forgotted password reset for Virtualmin users 2025-04-17 22:11:39 -07:00			`&$mfunc($d, $oldd);`
			`}`
			`}`

			`# Update all plugins`
			`foreach my $f (&virtual_server::list_feature_plugins()) {`
			`if ($d->{$f}) {`
			`&virtual_server::plugin_call(`
			`$f, "feature_modify", $d, $oldd);`
			`}`
			`}`

			`&virtual_server::save_domain($d);`
			`&virtual_server::unlock_domain($d);`
			`}`
Don't show Virtualmin output when resetting a password 2025-04-21 16:55:35 -07:00			`&virtual_server::run_post_actions();`
			`&virtual_server::pop_all_print();`
Implement forgotted password reset for Virtualmin users 2025-04-17 22:11:39 -07:00			`print $text{'forgot_done'},"<p>\n";`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`}`
Add support to reset password for Virtualmin mail users 2025-05-31 23:40:39 +03:00			`elsif ($muser) {`
			`# Update in Virtualmin if this is a mail user`
			`my %oldmuser = %$muser;`
			`$muser->{'plainpass'} = $in{'newpass'};`
			`$muser->{'pass'} =`
			`&virtual_server::encrypt_user_password(`
			`$muser, $muser->{'plainpass'});`
			`$muser->{'passmode'} = 3;`
			`&virtual_server::set_pass_change($muser);`
			`&virtual_server::modify_user($muser, \%oldmuser, $muserdom);`
			`}`
Work on password reset for sudo-capable users 2025-05-03 22:05:46 -07:00			`elsif ($link{'uuser'} \|\| $wuser->{'pass'} eq 'x') {`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`# Update in Users and Groups`
support unix user password changes 2025-04-18 22:01:56 -07:00			`print &text('forgot_udoing',`
Fixes to get password changes for sudo users working 2025-05-04 11:40:58 -07:00			`"<tt>".&html_escape($username)."</tt>"),"<br>\n";`
support unix user password changes 2025-04-18 22:01:56 -07:00			`&foreign_require("useradmin");`
Fixes to get password changes for sudo users working 2025-05-04 11:40:58 -07:00			`my ($user) = grep { $_->{'user'} eq $username }`
No need to create extra variables 2025-04-23 20:56:21 -07:00			`&useradmin::list_users();`
			`$user \|\| &error($text{'forgot_eunix'});`
			`$user->{'pass'} eq $useradmin::config{'lock_string'} &&`
support unix user password changes 2025-04-18 22:01:56 -07:00			`&error($text{'forgot_eunixlock'});`
No need to create extra variables 2025-04-23 20:56:21 -07:00			`my $olduser = { %$user };`
support unix user password changes 2025-04-18 22:01:56 -07:00			`$user->{'passmode'} = 3;`
			`$user->{'plainpass'} = $in{'newpass'};`
Fix critical issues when resetting the password 1. If changing password in `/etc/shadow` clone user correctly 2. Restart miniserv after changing password in `/etc/shadow` 3. Use correct hashing format when changing Webmin and Unix password 2025-04-23 15:18:09 +03:00			`$user->{'pass'} = &useradmin::encrypt_password($in{'newpass'},`
			`undef, 1);`
support unix user password changes 2025-04-18 22:01:56 -07:00			`&useradmin::modify_user($olduser, $user);`
Fix critical issues when resetting the password 1. If changing password in `/etc/shadow` clone user correctly 2. Restart miniserv after changing password in `/etc/shadow` 3. Use correct hashing format when changing Webmin and Unix password 2025-04-23 15:18:09 +03:00			`&useradmin::other_modules("useradmin_modify_user", $user,`
			`$olduser);`
			`&reload_miniserv();`
support unix user password changes 2025-04-18 22:01:56 -07:00			`print $text{'forgot_done'},"<p>\n";`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`}`
			`else {`
			`# Update in Webmin`
Fix password change for regular webmin users 2025-04-15 21:23:10 -07:00			`print &text('forgot_wdoing',`
			`"<tt>".&html_escape($link{'user'})."</tt>"),"<br>\n";`
Use correct password hashing function 2025-04-23 20:58:48 -07:00			`$wuser->{'pass'} = &acl::encrypt_password($in{'newpass'});`
Fix password change for regular webmin users 2025-04-15 21:23:10 -07:00			`&acl::modify_user($wuser->{'name'}, $wuser);`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`&reload_miniserv();`
Fix password change for regular webmin users 2025-04-15 21:23:10 -07:00			`print $text{'forgot_done'},"<p>\n";`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`}`
Fix to print message depending on the user 2025-06-01 02:07:41 +03:00
			`# Print link to login for Webmin user`
			`if (!$muser) {`
			`print &text('forgot_retry', &get_webprefix()."/",`
			`"<tt>".$username."</tt>"),"<p>\n";`
			`}`
			`else {`
			`print &text('forgot_retry2', "<tt>".$username."</tt>"),"<p>\n";`
			`}`
Fix password change for regular webmin users 2025-04-15 21:23:10 -07:00
Add logging for password resets 2025-04-26 10:04:43 -07:00			`&webmin_log("forgot", "reset", undef,`
Fixes to get password changes for sudo users working 2025-05-04 11:40:58 -07:00			`{ 'user' => $username,`
			`'unix' => $link{'uuser'} ? 1 : 0,`
Add support to reset password for Virtualmin mail users 2025-05-31 23:40:39 +03:00			`'email' => $email }, "acl");`
Add logging for password resets 2025-04-26 10:04:43 -07:00
Lock link tracking files 2025-05-05 20:08:12 -07:00			`&unlink_logged($linkfile);`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`}`
			`else {`
			`# Show password selection form`
Fix password change for regular webmin users 2025-04-15 21:23:10 -07:00			`print "<center>\n";`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`print &ui_form_start("forgot.cgi", "post");`
			`print &ui_hidden("id", $in{'id'});`
Ask for password twice 2025-04-21 19:56:20 -07:00			`print &ui_table_start(undef, undef, 2);`
			`print &ui_table_row(`
			`&text('forgot_newpass',`
Fixes to get password changes for sudo users working 2025-05-04 11:40:58 -07:00			`"<tt>".&html_escape($username)."</tt>"),`
Ask for password twice 2025-04-21 19:56:20 -07:00			`&ui_password("newpass", undef, 30));`
			`print &ui_table_row(`
			`$text{'forgot_newpass2'},`
			`&ui_password("newpass2", undef, 30));`
			`print &ui_table_end();`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`print &ui_form_end([ [ undef, $text{'forgot_passok'} ] ]);`
Fix password change for regular webmin users 2025-04-15 21:23:10 -07:00			`print "</center>\n";`
More work on forgotten password support 2025-04-14 22:44:55 -07:00			`}`

			`&ui_print_footer();`