Work on forgotten password page

forgot_form.cgi

@@ -0,0 +1,22 @@
+#!/usr/local/bin/perl
+# Display the forgotten password form
+
+BEGIN { push(@INC, "."); };
+use WebminCore;
+$no_acl_check++;
+&init_config();
+&ReadParse();
+$gconfig{'forgot_pass'} || &error($text{'forgot_ecannot'});
+
+&ui_print_header(undef, $text{'forgot_title'}, "", undef, undef, 1, 1);
+
+print "<center>\n";
+print $text{'forgot_desc'},"<p>\n";
+print &ui_form_start("forgot.cgi", "post");
+print "<b>$text{'forgot_user'}</b>\n",
+      &ui_textbox("forgot", $in{'failed'}, 40),"<br>\n";
+print &ui_form_end([ [ undef, $text{'forgot_ok'} ] ]);
+print "</center>\n";
+
+&ui_print_footer();
+

lang/en

@@ -144,6 +144,13 @@ session_twofailed=Two-factor authentication failed : $1
 session_logout=Logout successful. Use the form below to login again.
 session_timed_out=Session timed out after $1 minutes of inactivity.
 session_save=Remember login permanently?
+session_forgot=Forgot Password?
+
+forgot_title=Reset Forgotten Password
+forgot_user=Webmin username:
+forgot_desc=If your Webmin login has a recovery email address associated with it, you can use this page to send a link that can be used to reset the password.
+forgot_ok=Send Password Reset Link
+forgot_ecannot=Forgotten password recovery is not enabled!
 
 pam_header=Login to Webmin
 pam_mesg=You must respond to the question below to login to Webmin server on $1.

miniserv.pl

@@ -2052,13 +2052,16 @@ if (!$validated) {
 
 if (!$validated) {
 	# Check if this path allows unauthenticated access
-	local ($u, $unauth);
-	foreach $u (@unauth) {
-		$unauth++ if ($simple =~ /$u/);
+	my $unauth;
+	foreach my $u (@unauth) {
+		$unauth = 4 if ($simple =~ /$u/);
+		}
+	foreach my $u (@unauthcgi) {
+		$unauth = 3 if ($simple =~ /$u/);
 		}
 	if (!$bogus && $unauth) {
 		# Unauthenticated directory or file request - approve it
-		$validated = 4;
+		$validated = $unauth;
 		$baseauthuser = $authuser = undef;
 		}
 	}
@@ -4914,7 +4917,8 @@ my %vital = ("port", 80,
 	  "listen_delay", 5,
 	  "pam", "webmin",
 	  "sidname", "sid",
-	  "unauth", "^/unauthenticated/ ^/robots.txt\$ ^[A-Za-z0-9\\-/_]+\\.jar\$ ^[A-Za-z0-9\\-/_]+\\.class\$ ^[A-Za-z0-9\\-/_]+\\.gif\$ ^[A-Za-z0-9\\-/_]+\\.png\$ ^[A-Za-z0-9\\-/_]+\\.conf\$ ^[A-Za-z0-9\\-/_]+\\.ico\$ ^/robots.txt\$ ^/service-worker.js\$ ^/forgot_form.cgi\$ ^/forgot.cgi\$",
+	  "unauth", "^/unauthenticated/ ^/robots.txt\$ ^[A-Za-z0-9\\-/_]+\\.jar\$ ^[A-Za-z0-9\\-/_]+\\.class\$ ^[A-Za-z0-9\\-/_]+\\.gif\$ ^[A-Za-z0-9\\-/_]+\\.png\$ ^[A-Za-z0-9\\-/_]+\\.conf\$ ^[A-Za-z0-9\\-/_]+\\.ico\$ ^/robots.txt\$ ^/service-worker.js\$",
+	  "unauthcgi", "^/forgot_form.cgi\$ ^/forgot.cgi\$",
 	  "max_post", 10000,
 	  "expires", 7*24*60*60,
 	  "pam_test_user", "root",
@@ -5400,6 +5404,7 @@ foreach my $a (split(/\s+/, $config{'ipaccess'})) {
 
 # build unauthenticated URLs list
 @unauth = split(/\s+/, $config{'unauth'});
+@unauthcgi = split(/\s+/, $config{'unauthcgi'});
 
 # build redirect mapping
 undef(%redirect);

session_login.cgi

@@ -111,8 +111,15 @@ print &ui_table_end(),"\n";
 print &ui_submit($text{'session_login'});
 print &ui_reset($text{'session_clear'});
 print &ui_form_end();
-print "</center>\n";
 
+if ($in{'failed'} && $gconfig{'forgot_pass'}) {
+	# Show forgotten password link
+	print &ui_form_start("forgot_form.cgi", "post");
+	print &ui_hidden("failed", $in{'failed'});
+	print &ui_form_end([ [ undef, $text{'session_forgot'} ] ]);
+	}
+
+print "</center>\n";
 print "$text{'session_postfix'}\n";
 
 # Output frame-detection Javascript, if theme uses frames