From 76ab0f5c7e51741374e64b7e76051655359ab3e2 Mon Sep 17 00:00:00 2001
From: Danny Terweij <d.terweij@lxcenter.org>
Date: Sun, 23 Feb 2014 21:27:24 +0100
Subject: [PATCH] Project issue #941. - Forgot Password in Kloxo doesn't work.

---
 kloxo/file/indexcontent.php                 |   6 +-
 kloxo/httpdocs/htmllib/lib/indexcontent.php | 265 ++++++++++----------
 2 files changed, 135 insertions(+), 136 deletions(-)

diff --git a/kloxo/file/indexcontent.php b/kloxo/file/indexcontent.php
index dc4621d4c6..16df26f8c6 100644
--- a/kloxo/file/indexcontent.php
+++ b/kloxo/file/indexcontent.php
@@ -1,4 +1,8 @@
-<?php 
+<?php
+
+// TODO: This file is not in use
+// See: lib/indexcontent.php (loaded from [login.]inc.php)
+
 $accountlist = array('client' => "Kloxo Account",'domain' => 'Domain Owner', 'mailaccount' => "Mail Account");
 $progname = $sgbl->__var_program_name;
 
diff --git a/kloxo/httpdocs/htmllib/lib/indexcontent.php b/kloxo/httpdocs/htmllib/lib/indexcontent.php
index 073b325d63..9587a82738 100644
--- a/kloxo/httpdocs/htmllib/lib/indexcontent.php
+++ b/kloxo/httpdocs/htmllib/lib/indexcontent.php
@@ -1,168 +1,163 @@
-<?php 
+<?php
+
 $accountlist = array('client' => "Kloxo Account",'domain' => 'Domain Owner', 'mailaccount' => "Mail Account");
 $progname = $sgbl->__var_program_name;
 
-/*
-if (lxfile_exists("__path_program_htmlbase/lib/indexheader_vendor.html")) {
-	lreadfile("__path_program_htmlbase/lib/indexheader_vendor.html");
-} else {
-	lreadfile("__path_program_htmlbase/lib/indexheader.html");
-}
-*/
-
 $ghtml->print_jscript_source("/htmllib/js/lxa.js");
 if ($sgbl->is_this_slave()) { print("Slave Server\n"); exit; }
 
 $logfo = db_get_value("general",  "admin", "login_pre");
 $logfo = str_replace("<%programname%>", $sgbl->__var_program_name, $logfo);
 
-   if(!$cgi_forgotpwd ){
-	$ghtml->print_message();
-
-
-	if (if_demo()) {
-		include_once "lib/demologins.php";
-	} else {
-?>
-
-<style type="text/css">
-	@import url("/htmllib/lib/admin_login.css");
-</style>
-
-<div id="ctr" align="center">
-	<div class="login">
-		<div class="login-form">
-			<div align="center"><font size="5" color="red"><b> Login </b></font></div>
-			<br />
-			<form name="loginform" action="/htmllib/phplib/" onsubmit="encode_url(loginform) ; return fieldcheck(this);" method="post">
-				<div class="form-block">
-					<div class="inputlabel">Username</div>
-					<input name="frm_clientname" type="text" class="inputbox" size="30" />
-					<div class="inputlabel">Password</div>
-					<input name="frm_password" type="password" class="passbox" size="30" />
-					<br />
-					<input type="hidden" name="id" value="<?php echo mt_rand() ?>" />
-					<div align="left"><input type="submit" class="button" name="login" value="Login" /></div>
-				</div>
-			</form>
-		</div>
-		<div class="login-text">
-			<div class="ctr"><img src="/img/login/icon.gif" width="64" height="64" alt="security" /></div>
-			<?=$logfo?> 
-			<a class="forgotpwd" href="javascript:document.forgotpassword.submit()"><font color="black"><u>Forgot Password?</u></a>
-			<form name="forgotpassword" method="post" action="/login/">
-				<input type="hidden" name="frm_forgotpwd" value="1" />
-			</form>
-			<script> document.loginform.frm_clientname.focus(); </script>
-		</div>
-		<div class="clr"></div>
-	</div>
-</div>
-<div id="break"></div>
-	
-<?php
+if(!$cgi_forgotpwd ){
+    $ghtml->print_message();
+
+
+    if (if_demo()) {
+        include_once "lib/demologins.php";
+    } else {
+        ?>
+
+        <style type="text/css">
+            @import url("/htmllib/lib/admin_login.css");
+        </style>
+
+        <div id="ctr" align="center">
+            <div class="login">
+                <div class="login-form">
+                    <div align="center"><font size="5" color="red"><b> Login </b></font></div>
+                    <br />
+                    <form name="loginform" action="/htmllib/phplib/" onsubmit="encode_url(loginform) ; return fieldcheck(this);" method="post">
+                        <div class="form-block">
+                            <div class="inputlabel">Username</div>
+                            <input name="frm_clientname" type="text" class="inputbox" size="30" />
+                            <div class="inputlabel">Password</div>
+                            <input name="frm_password" type="password" class="passbox" size="30" />
+                            <br />
+                            <input type="hidden" name="id" value="<?php echo mt_rand() ?>" />
+                            <div align="left"><input type="submit" class="button" name="login" value="Login" /></div>
+                        </div>
+                    </form>
+                </div>
+                <div class="login-text">
+                    <div class="ctr"><img src="/img/login/icon.gif" width="64" height="64" alt="security" /></div>
+                    <?=$logfo?>
+                    <a class="forgotpwd" href="javascript:document.forgotpassword.submit()"><font color="black"><u>Forgot Password?</u></a>
+                    <form name="forgotpassword" method="post" action="/login/">
+                        <input type="hidden" name="frm_forgotpwd" value="1" />
+                    </form>
+                    <script> document.loginform.frm_clientname.focus(); </script>
+                </div>
+                <div class="clr"></div>
+            </div>
+        </div>
+        <div id="break"></div>
+
+    <?php
+
+    }
 
-	}
-		
 
 }
 elseif ($cgi_forgotpwd == 1) {
-?>
-
-<style type="text/css">
-	@import url(/htmllib/lib/admin_login.css);
-</style>
-
-<div id="ctr" align="center">
-	<div class="login">
-		<div class="login-form">
-			<div align="center"><font name=Verdana size=5 color=red ><b> Forgot Password </b></font></div>
-			<br />
-			<form name="sendmail" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
-				<div class="form-block">
-					<div class="inputlabel">Username</div>
-					<input name="frm_clientname" type="text" class="inputbox" size="30" />
-					<div class="inputlabel">Email Id</div>
-					<input name="frm_email" type="text" class="passbox" size="30" />
-					<br />	  	
-					<div align="left"><input type="submit" class="button" name="forgot" value="Send" /></div>
-				</div>	
-			</form>
-		</div>
-		<div class="login-text">
-			<div class="ctr"><img src="/img/login/icon1.gif" width="64" height="64" alt="security" /></div>
-			<p>Welcome to <?php echo  $sgbl->__var_program_name; ?></p>
-			<p>Use a valid username and email-id to get password.</p>
-			<br />
-			<a class=forgotpwd href="javascript:history.go(-1);"><font color="black"><u>Back to login</u></a>
-			<form name="forgotpassword" method="post" action="/login/">
-				<input type="hidden" name="frm_forgotpwd" value="2" />
-			</form>
-		</div>
-
-		<script> document.sendmail.frm_clientname.focus(); </script>
-
-		<div class="clr"></div>
-	</div>
-</div>
-<div id="break"></div>
+    ?>
+
+    <style type="text/css">
+        @import url(/htmllib/lib/admin_login.css);
+    </style>
+
+    <div id="ctr" align="center">
+        <div class="login">
+            <div class="login-form">
+                <div align="center"><font name=Verdana size=5 color=red ><b> Forgot Password </b></font></div>
+                <br />
+                <form name="sendmail" action="/login/" method="post">
+                    <div class="form-block">
+                        <div class="inputlabel">Username</div>
+                        <input name="frm_clientname" type="text" class="inputbox" size="30" />
+                        <div class="inputlabel">Email Id</div>
+                        <input name="frm_email" type="text" class="passbox" size="30" />
+                        <br />
+                        <div align="left"><input type="submit" class="button" name="forgot" value="Send" /></div>
+                    </div>
+                    <input type="hidden" name="frm_forgotpwd" value="2" />
+                </form>
+            </div>
+            <div class="login-text">
+                <div class="ctr"><img src="/img/login/icon1.gif" width="64" height="64" alt="security" /></div>
+                <p>Welcome to <?php echo  $sgbl->__var_program_name; ?></p>
+                <p>Use a valid username and email-id to get password.</p>
+                <br />
+                <a class=forgotpwd href="javascript:history.go(-1);"><font color="black"><u>Back to login</u></a>
+            </div>
+
+            <script> document.sendmail.frm_clientname.focus(); </script>
+
+            <div class="clr"></div>
+        </div>
+    </div>
+    <div id="break"></div>
 
 <?php
 } elseif ($cgi_forgotpwd==2) {
 
+    $progname = $sgbl->__var_program_name;
+    $cprogname = ucfirst($progname);
 
-	$progname = $sgbl->__var_program_name;
-	$cprogname = ucfirst($progname);
-
-	$cgi_clientname = $ghtml->frm_clientname;
-	$cgi_email = $ghtml->frm_email;
+    $cgi_clientname = $ghtml->frm_clientname;
+    $cgi_email = $ghtml->frm_email;
 
 
-	htmllib::checkForScript($cgi_clientname);
-	$classname = $ghtml->frm_class;
+    htmllib::checkForScript($cgi_clientname);
+    $classname = $ghtml->frm_class;
 
-	if (!$classname) {
-		$classname = getClassFromName($cgi_clientname);
-	}
+    if (!$classname) {
+        $classname = getClassFromName($cgi_clientname);
+    }
 
+    if (!empty($cgi_clientname) && !empty($cgi_email)) {
+        $tablename = $classname;
+        $database = new Sqlite(null, $tablename);
 
-	/*
-	if ($cgi_clientname == 'admin') {
-		$ghtml->print_redirect("/?frm_emessage=cannot_reset_admin");
-	}
-*/
+        $data = $database->rawQuery("select contactemail from $tablename where nname = '$cgi_clientname';");
 
-	if ($cgi_clientname != "" && $cgi_email != "") { 
-		$tablename = $classname;
-		$rawdb = new Sqlite(null, $tablename);
-		$email = $rawdb->rawQuery("select contactemail from $tablename where nname = '$cgi_clientname';");
+        if(empty($data)) {
+            $ghtml->print_redirect("/login/?frm_emessage=nouser_email");
+            //throw lxException('Contact email is not set on Kloxo, it could not be send to a empty address.');
+        }
+        elseif(!isset($data[0]['contactemail'])) {
+            $ghtml->print_redirect("/login/?frm_emessage=nouser_email");
+            //throw lxException('Contact email is not set on Kloxo, it could not be send to a empty address.');
+        }
+        else {
+            $contact_email = $data[0]['contactemail'];
 
+            if(empty($contact_email)) {
+                //throw lxException('Contact email is not set on Kloxo, it could not be send to a empty address.');
+                $ghtml->print_redirect("/login/?frm_emessage=nouser_email");
+            }
+        }
 
-		if($email && $cgi_email == $email[0]['contactemail']) {
-			$rndstring =  randomString(8);
-			$pass = crypt($rndstring);
+        if($cgi_email == $contact_email) {
+            $rndstring =  randomString(8);
+            $pass = crypt($rndstring);
 
-			$rawdb->rawQuery("update $tablename set password = '$pass' where nname = '$cgi_clientname'");
-			$mailto = $email[0]['contactemail'];
-			$name = "$cprogname";
-			$email = "Admin";
+            $database->rawQuery("update $tablename set password = '$pass' where nname = '$cgi_clientname'");
 
-			$cc = "";
-			$subject = "$cprogname Password Reset Request";
-			$message = "\n\n\nYour password has been reset to the one below for your $cprogname login.\n";
-			$message .= "The Client IP address which requested the Reset: {$_SERVER['REMOTE_ADDR']}\n";
-			$message .= 'Username: '. $cgi_clientname."\n";
-			$message .= 'New Password: '. $rndstring.'';
+            $subject = "$cprogname Password Reset Request";
 
-			//$message = nl2br($message);
+            $message = "\n\n\nYour password has been reset to the one below for your $cprogname login.\n" .
+                "The Client IP address which requested the Reset: {$_SERVER['REMOTE_ADDR']}\n" .
+                'Username: '. $cgi_clientname."\n" .
+                'New Password: '. $rndstring;
 
-			lx_mail(null, $mailto, $subject, $message);
+            $from = NULL; //Setting NULL gets the program@hostname.com
+            lx_mail($from, $contact_email, $subject, $message);
 
-			$ghtml->print_redirect("/login/?frm_smessage=password_sent");
+            $ghtml->print_redirect("/login/?frm_smessage=password_sent");
 
-		} else {
-			$ghtml->print_redirect("/login/?frm_emessage=nouser_email");
-		}
-	}
+        } else {
+            $ghtml->print_redirect("/login/?frm_emessage=nouser_email");
+        }
+    }
 }
-?>