// Sanitize post $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); // Is email in database ? if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { // Get associated userid $sql = "SELECT userid,username FROM users WHERE email = :email"; $result = $pdo->prepare($sql); $result->execute(array('email' => $email)); $data = $result->fetch(); $numrows = $result->rowCount(); // Check email exists if ($numrows === 1) { // Get info to build the URL // the key is the encrypted user's mail address // so you need to have access to the secretkey and iv in config.php to get the key. $key = $crypto->encrypt($email); $protocol = 'https://'; $reset_url = $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI']; $reset_link = $protocol . str_replace('app/reset', 'change-pass', $reset_url) . '?key=' . $key . '&userid=' . $data['userid']; // Send an email with the reset link // Create the message $footer = "\n\n~~~\nSent from eLabFTW http://www.elabftw.net\n"; $message = Swift_Message::newInstance()->setSubject('[eLabFTW] Password reset for ' . $data['username'])->setFrom(array(get_config('mail_from') => 'eLabFTW'))->setTo(array($email => $data['username']))->setBody(sprintf(_('Hi. Someone (probably you) with the IP address: %s and user agent %s requested a new password on eLabFTW. Please follow this link to reset your password : %s'), $ip, $u_agent, $reset_link) . $footer); // generate Swift_Mailer instance $mailer = getMailer(); // now we try to send the email try { $mailer->send($message); } catch (Exception $e) { // log the error dblog('Error', $_SERVER['REMOTE_ADDR'], $e->getMessage());
/** * Validate POST variables containing login/validation data for the TSP; * Substitute missing values with empty strings and return as array * * @return array */ function processTimestampPost() { $crypto = new \Elabftw\Elabftw\CryptoWrapper(); if (isset($_POST['stampprovider'])) { $stampprovider = filter_var($_POST['stampprovider'], FILTER_VALIDATE_URL); } else { $stampprovider = ''; } if (isset($_POST['stampcert'])) { $cert_chain = filter_var($_POST['stampcert'], FILTER_SANITIZE_STRING); if (is_readable(realpath(ELAB_ROOT . $cert_chain)) || realpath($cert_chain)) { $stampcert = $cert_chain; } else { $stampcert = ''; } } else { $stampcert = ''; } if (isset($_POST['stampshare'])) { $stampshare = $_POST['stampshare']; } else { $stampshare = 0; } if (isset($_POST['stamplogin'])) { $stamplogin = filter_var($_POST['stamplogin'], FILTER_SANITIZE_STRING); } else { $stamplogin = ''; } if (isset($_POST['stamppass'])) { try { $stamppass = $crypto->encrypt($_POST['stamppass']); } catch (Exception $e) { $stamppass = ''; } } else { $stamppass = ''; } return array('stampprovider' => $stampprovider, 'stampcert' => $stampcert, 'stampshare' => $stampshare, 'stamplogin' => $stamplogin, 'stamppass' => $stamppass); }
} else { $smtp_encryption = ''; } if (isset($_POST['smtp_port']) && is_pos_int($_POST['smtp_port'])) { $smtp_port = $_POST['smtp_port']; } else { $smtp_port = ''; } if (isset($_POST['smtp_username'])) { $smtp_username = filter_var($_POST['smtp_username'], FILTER_SANITIZE_STRING); } else { $smtp_username = ''; } if (isset($_POST['smtp_password'])) { // the password is stored encrypted in the database $smtp_password = $crypto->encrypt($_POST['smtp_password']); } else { $smtp_password = ''; } $updates = array('smtp_address' => $smtp_address, 'smtp_encryption' => $smtp_encryption, 'smtp_port' => $smtp_port, 'smtp_username' => $smtp_username, 'smtp_password' => $smtp_password, 'mail_method' => $mail_method, 'mail_from' => $mail_from, 'sendmail_path' => $sendmail_path); if (!update_config($updates)) { $errflag = true; $error = '9'; } } // END EMAIL // REDIRECT USER if ($errflag) { $msg_arr[] = sprintf(_("There was an unexpected problem! Please %sopen an issue on GitHub%s if you think this is a bug.") . "<br>E#" . $error, "<a href='https://github.com/elabftw/elabftw/issues/'>", "</a>"); $_SESSION['errors'] = $msg_arr; header('Location: ../sysconfig.php?tab=' . $tab);