From fd75a63570cab52414382688f14ed8fbfb54e5c8 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Sun, 1 Jun 2025 22:24:07 -0700 Subject: [PATCH] Add forgotten password support to the usermin login page --- forgot_form.cgi | 1 + session_login.cgi | 28 +++++++++++++++++++++++++--- usermin/change_session.cgi | 1 + usermin/edit_session.cgi | 4 ++++ usermin/lang/en | 1 + 5 files changed, 32 insertions(+), 3 deletions(-) diff --git a/forgot_form.cgi b/forgot_form.cgi index 783baea5e..27f272f39 100755 --- a/forgot_form.cgi +++ b/forgot_form.cgi @@ -4,6 +4,7 @@ BEGIN { push(@INC, "."); }; use WebminCore; $no_acl_check++; +$trust_unknown_referers = 1; &init_config(); &ReadParse(); &load_theme_library(); diff --git a/session_login.cgi b/session_login.cgi index 27c8ca9f3..532559e9b 100755 --- a/session_login.cgi +++ b/session_login.cgi @@ -127,9 +127,31 @@ print &ui_form_end(); if ($gconfig{'forgot_pass'}) { # Show forgotten password link - print &ui_form_start("forgot_form.cgi", "post"); - print &ui_hidden("failed", $in{'failed'}); - print &ui_form_end([ [ undef, $text{'session_forgot'} ] ]); + if (&get_product_name() eq 'webmin') { + # Webmin has password changes built in + print &ui_form_start("forgot_form.cgi", "post"); + print &ui_hidden("failed", $in{'failed'}); + print &ui_form_end([ [ undef, $text{'session_forgot'} ] ]); + } + elsif (&get_product_name() eq 'usermin') { + # Usermin depends on Webmin + my $wdir = $config_directory; + $wdir =~ s/\/usermin$/\/webmin/; + my $wconfig = "$wdir/config"; + my $wminiserv = "$wdir/miniserv.conf"; + my (%wconfig, %wminiserv); + if (&read_env_file($wconfig, \%wconfig) && + &read_env_file($wminiserv, \%wminiserv) && + $wconfig{'forgot_pass'}) { + my ($whost) = split(/:/, $ENV{'HTTP_HOST'}); + my $wurl = ($wminiserv{'ssl'} ? 'https' : 'http').'://'. + $whost.':'. + $wminiserv{'port'}; + print &ui_form_start("$wurl/forgot_form.cgi", "post"); + print &ui_hidden("failed", $in{'failed'}); + print &ui_form_end([ [ undef, $text{'session_forgot'} ] ]); + } + } } print "\n"; diff --git a/usermin/change_session.cgi b/usermin/change_session.cgi index 2127b5acc..59fd30da3 100755 --- a/usermin/change_session.cgi +++ b/usermin/change_session.cgi @@ -140,6 +140,7 @@ $miniserv{'utmp'} = $in{'utmp'}; #$uconfig{'locking'} = $in{'locking'}; $uconfig{'noremember'} = !$in{'remember'}; $uconfig{'realname'} = $in{'realname'}; +$uconfig{'forgot_pass'} = $in{'forgot'}; if ($in{'passwd_file'}) { $uconfig{'passwd_file'} = $in{'passwd_file'}; $uconfig{'passwd_uindex'} = $in{'passwd_uindex'}; diff --git a/usermin/edit_session.cgi b/usermin/edit_session.cgi index 11bcb79f5..19a740664 100755 --- a/usermin/edit_session.cgi +++ b/usermin/edit_session.cgi @@ -38,6 +38,10 @@ print &ui_table_row("", ui_textbox("blockuser_time", $miniserv{'blockuser_time'}, 2)), $miniserv{'blockuser_failures'} ? 1 : 0)); +# Enable forgotten password recovery +print &ui_table_row($text{'session_forgot'}, + &ui_yesno_radio("forgot", $uconfig{'forgot_pass'})); + # Log to syslog eval "use Sys::Syslog qw(:DEFAULT setlogsock)"; if (!$@) { diff --git a/usermin/lang/en b/usermin/lang/en index fa9a02775..f5025cc07 100644 --- a/usermin/lang/en +++ b/usermin/lang/en @@ -79,6 +79,7 @@ session_blank=Prompt users with empty password to choose one at first login? session_homedir=Create missing home directories after login? session_homedir_perms=Permissions for new directory session_ehomedir_perms=Missing or invalid octal home directory permissions +session_forgot=Allow forgotten password recovery? themes_title=Usermin Themes themes_desc=Themes control the appearance of the Usermin user interface, including icons, colours, backgrounds and possibly the layout of pages. The selection box below can be used to choose one of the themes installed on your system that will be the default for Usermin users.