Skip to content

Commit f6eed6c

Browse files
FreddleSpl0itFreddleSpl0it
authored
Merge pull request mailcow#6836 from mailcow/fix/6802
[Web] Add password verification when setting recovery email
2 parents 653fc40 + b85837c commit f6eed6c

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

data/web/inc/functions.inc.php

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1006,7 +1006,7 @@ function edit_user_account($_data) {
10061006
update_sogo_static_view();
10071007
}
10081008
// edit password recovery email
1009-
elseif (isset($pw_recovery_email)) {
1009+
elseif (!empty($password_old) && isset($pw_recovery_email)) {
10101010
if (!isset($_SESSION['acl']['pw_reset']) || $_SESSION['acl']['pw_reset'] != "1" ) {
10111011
$_SESSION['return'][] = array(
10121012
'type' => 'danger',
@@ -1016,6 +1016,21 @@ function edit_user_account($_data) {
10161016
return false;
10171017
}
10181018

1019+
$stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
1020+
WHERE `kind` NOT REGEXP 'location|thing|group'
1021+
AND `username` = :user AND authsource = 'mailcow'");
1022+
$stmt->execute(array(':user' => $username));
1023+
$row = $stmt->fetch(PDO::FETCH_ASSOC);
1024+
1025+
if (!verify_hash($row['password'], $password_old)) {
1026+
$_SESSION['return'][] = array(
1027+
'type' => 'danger',
1028+
'log' => array(__FUNCTION__, $_data_log),
1029+
'msg' => 'access_denied'
1030+
);
1031+
return false;
1032+
}
1033+
10191034
$pw_recovery_email = (!filter_var($pw_recovery_email, FILTER_VALIDATE_EMAIL)) ? '' : $pw_recovery_email;
10201035
$stmt = $pdo->prepare("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.recovery_email', :recovery_email)
10211036
WHERE `username` = :username AND authsource = 'mailcow'");

data/web/templates/modals/user.twig

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -326,6 +326,12 @@
326326
<small class="text-muted">{{ lang.user.password_reset_info }}</small>
327327
</div>
328328
</div>
329+
<div class="row mb-4">
330+
<label class="control-label col-sm-3" for="user_old_pass">{{ lang.user.password_now }}</label>
331+
<div class="col-sm-9">
332+
<input type="password" class="form-control" name="user_old_pass" autocomplete="off" required>
333+
</div>
334+
</div>
329335
<div class="row">
330336
<div class="offset-sm-3 col-sm-9">
331337
<button class="btn btn-xs-lg d-block d-sm-inline btn-success" data-action="edit_selected" data-id="pw_recovery_change" data-item="null" data-api-url='edit/self' data-api-attr='{}' href="#">{{ lang.user.save }}</button>

0 commit comments

Comments
 (0)