requested = str_replace(' ','_',$title); $this->title = $title; $this->lang = $config['language']; $this->language = $languages[$this->lang]; $this->get_theme_css = false; $_REQUEST['gpreq'] = 'admin'; $this->head .= "\n".''; @header( 'X-Frame-Options: SAMEORIGIN' ); } public function RunScript(){} public function GetGpxContent(){ $this->head_js[] = '/include/js/login.js'; $this->head_js[] = '/include/js/md5_sha.js'; $this->head_js[] = '/include/thirdparty/js/jsSHA.js'; $this->css_admin[] = '/include/css/login.css'; $_POST += array('username'=>''); $this->admin_js = true; \gp\tool\Session::HasCookies(); $this->BrowserWarning(); $this->JavascriptWarning(); echo '

'; echo '

'; $cmd = \gp\tool::GetCommand(); switch($cmd){ case 'send_password'; if( $this->SendPassword() ){ $this->LoginForm(); }else{ $this->FogottenPassword(); } break; case 'forgotten': $this->FogottenPassword(); break; default: $this->LoginForm(); break; } echo '

'; echo '

'; } public function FogottenPassword(){ global $langmessage; $_POST += array('username'=>''); $this->css_admin[] = '/include/css/login.css'; echo '

'; echo ''; echo '

'; } public function LoginForm(){ global $langmessage; $_REQUEST += array('file'=>''); echo '

'; echo '

'; echo ''; echo '

'; } public function BrowserWarning(){ global $langmessage; echo '

'; echo '

'.$langmessage['Browser Warning'].'

'; echo '

'.$langmessage['Browser !Supported'].'

'; echo ' Mozilla Firefox'; echo ' Google Chrome'; echo ' Opera'; echo ' Apple Safari'; echo ' Microsoft Edge'; echo '

'; } public function JavascriptWarning(){ global $langmessage; echo '

'; echo '

'.$langmessage['JAVASCRIPT_REQ'].'

'; echo '

'; echo $langmessage['INCOMPAT_BROWSER']; echo ' '; echo $langmessage['MODERN_BROWSER']; echo '

'; echo '

'; } public function Checked($name){ if( strtoupper($_SERVER['REQUEST_METHOD']) !== 'POST' ) return ' checked="checked" '; if( !isset($_POST[$name]) ) return ''; return ' checked="checked" '; } public function SendPassword(){ global $langmessage, $config; $users = \gp\tool\Files::Get('_site/users'); $username = $_POST['username']; if( !isset($users[$username]) ){ msg($langmessage['OOPS']); return false; } $userinfo = $users[$username]; if( empty($userinfo['email']) ){ msg($langmessage['no_email_provided']); return false; } $passwordChars = str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', 3); $newpass = str_shuffle($passwordChars); $newpass = substr($newpass, 0, 8); $pass_hash = \gp\tool\Session::PassAlgo($userinfo); $former_pass_hash = false; if( $pass_hash == 'password_hash' && !function_exists('password_hash') ){ // this unlikely but possible case may only occur if a former PHP 5.5+ site was moved to a PHP < 5.5 host // the password algorithm will then be changed to sha512. the old password will not be usable anymore $former_pass_hash = $pass_hash; $pass_hash = 'sha512'; $users[$username]['passhash'] = $pass_hash; } $users[$username]['newpass'] = \gp\tool::hash($newpass, $pass_hash); if( !\gp\tool\Files::SaveData('_site/users', 'users', $users) ){ msg($langmessage['OOPS'] . ' (User data not saved. Check file permissions)'); return false; } $server = \gp\tool::ServerName(); $link = \gp\tool::AbsoluteLink('Admin', $langmessage['login']); $message = sprintf($langmessage['passwordremindertext'], $server, $link, $username, $newpass); // send email $mailer = new \gp\tool\Emailer(); if( $mailer->SendEmail($userinfo['email'], $langmessage['new_password'], $message) ){ list($namepart, $sitepart) = explode('@', $userinfo['email']); $showemail = substr($namepart, 0, 3) . '...@' . $sitepart; msg(sprintf($langmessage['password_sent'], $username, $showemail)); return true; } // sending the new password failed msg($langmessage['OOPS'].' (Email not sent)'); if( $former_pass_hash ){ // although this will only help in the *very special* case, where the // PHP version < 5.5 was changed to 5.5+ AFTER the (now failed) new password request // we will restore the former password hash algorithm, so the old password (if recalled) will work again $users[$username]['passhash'] = $former_pass_hash; \gp\tool\Files::SaveData('_site/users', 'users', $users); } return false; } }