openstamanager/reset.php

158 lines
5.5 KiB
PHP
Raw Normal View History

2019-07-16 15:43:15 +02:00
<?php
2020-09-07 15:04:06 +02:00
/*
* OpenSTAManager: il software gestionale open source per l'assistenza tecnica e la fatturazione
2021-01-20 15:08:51 +01:00
* Copyright (C) DevCode s.r.l.
2020-09-07 15:04:06 +02:00
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
2019-07-16 15:43:15 +02:00
$skip_permissions = true;
include_once __DIR__.'/core.php';
use Models\User;
2019-08-29 10:25:14 +02:00
use Modules\Emails\Mail;
use Modules\Emails\Template;
2019-08-27 15:42:13 +02:00
use Notifications\EmailNotification;
2019-07-16 15:43:15 +02:00
$token = get('reset_token');
switch (post('op')) {
case 'reset':
$username = post('username');
$email = post('email');
$database->insert('zz_logs', [
'username' => $username,
'ip' => get_client_ip(),
'stato' => Auth::getStatus()['failed']['code'],
]);
try {
$utente = User::where('username', $username)->where('email', $email)->first();
if (!empty($utente)) {
$utente->reset_token = secure_random_string();
$utente->save();
2019-07-16 15:43:15 +02:00
2024-07-31 11:33:02 +02:00
$template = Template::where('name', 'Reset password')->first();
2019-07-16 15:43:15 +02:00
$mail = Mail::build($utente, $template, $utente->id);
$mail->addReceiver($utente->email);
$mail->save();
2019-07-16 15:43:15 +02:00
$email = EmailNotification::build($mail);
$email->send();
}
2019-07-16 15:43:15 +02:00
flash()->info(tr("Se le informazioni inserite corrispondono ai dati di un utente, riceverai a breve un'email all'indirizzo collegato").'.');
} catch (Exception $e) {
flash()->error(tr("Errore durante la gestione della richiesta: si prega di contattare l'amministratore").'.');
}
2019-07-16 15:43:15 +02:00
redirect(base_path().'/index.php');
2024-01-15 15:30:45 +01:00
exit;
2019-07-16 15:43:15 +02:00
case 'update':
$password = post('password');
$utente = User::where('reset_token', $token)->first();
if (!empty($utente)) {
$utente->password = $password;
$utente->reset_token = null;
$utente->save();
}
flash()->info(tr('Password cambiata!'));
redirect(base_path().'/index.php');
2024-01-15 15:30:45 +01:00
exit;
2019-07-16 15:43:15 +02:00
}
$pageTitle = tr('Reimpostazione password');
include_once App::filepath('include|custom|', 'top.php');
// Controllo se è una beta e in caso mostro un warning
if (Auth::isBrute()) {
echo '
2024-05-16 18:02:50 +02:00
<div class="card card-danger card-center" id="brute">
<div class="card-header with-border text-center">
<h3 class="card-title">'.tr('Attenzione').'</h3>
2019-07-16 15:43:15 +02:00
</div>
2024-05-16 18:02:50 +02:00
<div class="card-body text-center">
2019-07-16 15:43:15 +02:00
<p>'.tr('Sono stati effettuati troppi tentativi di accesso consecutivi!').'</p>
<p>'.tr('Tempo rimanente (in secondi)').': <span id="brute-timeout">'.(Auth::getBruteTimeout() + 1).'</span></p>
</div>
</div>
<script>
$(document).ready(function(){
$("#reset").fadeOut();
brute();
});
function brute() {
var value = parseFloat($("#brute-timeout").html()) - 1;
$("#brute-timeout").html(value);
if(value > 0){
setTimeout("brute()", 1000);
} else{
$("#brute").fadeOut();
$("#reset").fadeIn();
}
}
</script>';
}
echo '
2024-05-16 18:02:50 +02:00
<form action="" method="post" class="card card-center-large card-warning" id="reset">
<div class="card-header with-border text-center">
<a href="'.base_path().'/index.php"><i class="fa fa-arrow-left btn btn-xs btn-warning pull-left tip" title="'.tr('Torna indietro').'" ></i></a>
2024-05-16 18:02:50 +02:00
<h3 class="card-title">'.$pageTitle.'</h3>
2019-07-16 15:43:15 +02:00
</div>
2024-05-16 18:02:50 +02:00
<div class="card-body">';
2019-07-16 15:43:15 +02:00
if (empty($token)) {
echo '
<input type="hidden" name="op" value="reset">
2019-10-03 12:09:14 +02:00
<p>'.tr("Per reimpostare password, inserisci l'username con cui hai accesso al gestionale e l'indirizzo email associato all'utente").'.<br>
'.tr("Se i dati inseriti risulteranno corretti riceverai un'email dove sarà indicato il link da cui potrai reimpostare la tua password").'.</p>
2019-07-16 15:43:15 +02:00
{[ "type": "text", "label": "'.tr('Username').'", "placeholder": "'.tr('Username').'", "name": "username", "icon-before": "<i class=\"fa fa-user\"></i>", "required": 1 ]}
2024-10-30 12:16:43 +01:00
{[ "type": "text", "class": "email-mask", "label": "'.tr('Email').'", "placeholder": "'.tr('Email').'", "name": "email", "icon-before": "<i class=\"fa fa-envelope\"></i>", "required": 1 ]}';
2019-07-16 15:43:15 +02:00
} else {
echo '
<input type="hidden" name="op" value="update">
<p>'.tr('Inserisci la nuova password per il tuo account').':</p>
{[ "type": "password", "label": "'.tr('Password').'", "name": "password", "required": 1, "strength": "#submit-button", "icon-before": "<i class=\"fa fa-lock\"></i>" ]}';
2019-07-16 15:43:15 +02:00
}
echo '
</div>
2024-05-16 18:02:50 +02:00
<div class="card-footer">
<button type="submit" id="submit-button" class="btn btn-success btn-block">
2019-10-03 12:09:14 +02:00
<i class="fa fa-arrow-right"></i> '.tr('Invia richiesta').'
2019-07-16 15:43:15 +02:00
</button>
</div>
</form>';
include_once App::filepath('include|custom|', 'bottom.php');