4 жил өмнө · 4ef14fd6e4
--- a/core/default_settings/app_config.php
+++ b/core/default_settings/app_config.php
@@ -222,6 +222,14 @@
 
				 		$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false";
			
 
				 		$apps[$x]['default_settings'][$y]['default_setting_description'] = "Display a Reset Password link on the login box (requires smtp_host be defined).";
			
 
				 		$y++;
			
 
				+		$apps[$x]['default_settings'][$y]['default_setting_uuid'] = "a21a002c-c065-411c-ae56-3d33a09f64b4";
			
 
				+		$apps[$x]['default_settings'][$y]['default_setting_category'] = "login";
			
 
				+		$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "password_reset_domain";
			
 
				+		$apps[$x]['default_settings'][$y]['default_setting_name'] = "text";
			
 
				+		$apps[$x]['default_settings'][$y]['default_setting_value'] = "";
			
 
				+		$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false";
			
 
				+		$apps[$x]['default_settings'][$y]['default_setting_description'] = "Set the domain to use in the Password Reset link sent via email.";
			
 
				+		$y++;
			
 
				 		$apps[$x]['default_settings'][$y]['default_setting_uuid'] = "962ac32c-74ce-4cce-b1d9-89f4d921493d";
			
 
				 		$apps[$x]['default_settings'][$y]['default_setting_category'] = "login";
			
 
				 		$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "domain_name_visible";
			
--- a/resources/login.php
+++ b/resources/login.php
@@ -91,7 +91,18 @@
 
				 
			
 
				 							//generate reset link email and body variables
			
 
				 								$domain_uuid = $result['domain_uuid'];
			
 
				-								$domain_name = $_SESSION['domains'][$domain_uuid]['domain_name'];
			
 
				+								if ($_SESSION['login']['password_reset_domain']['text'] != '') {
			
 
				+									$domain_name = $_SESSION['login']['password_reset_domain']['text'];
			
 
				+								}
			
 
				+								else {
			
 
				+									foreach ($_SESSION['domains'] as $uuid => $domain) {
			
 
				+										if (strtolower($domain['domain_name']) == strtolower($_SERVER['HTTP_HOST'])) {
			
 
				+											$domain_name = $_SERVER['HTTP_HOST'];
			
 
				+											break;
			
 
				+										}
			
 
				+									}
			
 
				+									$domain_name = $domain_name ? $domain_name : $_SESSION['domains'][$domain_uuid]['domain_name'];
			
 
				+								}
			
 
				 								$key = encrypt($_SESSION['login']['password_reset_key']['text'], $result['username'].'|'.$result['domain_uuid'].'|'.$result['password']);
			
 
				 								$reset_link = "https://".$domain_name.PROJECT_PATH."/login.php?action=define&key=".urlencode($key);
			
 
				 								$reset_button = email_button(strtoupper($text['label-reset_password']), $reset_link, '#2e82d0', '#fff');
			
@@ -160,6 +171,9 @@
 
				 		$password_new = trim($_REQUEST['password_new']);
			
 
				 		$password_repeat = trim($_REQUEST['password_repeat']);
			
 
				 
			
 
				+		//strip off @domain if submitted with username, as the valid domain for the reset is already being provided in the where clause below
			
 
				+		$username = substr_count($username, '@') != 0 ? explode('@', $username)[0] : $username;
			
 
				+
			
 
				 		if ($username !== '' &&
			
 
				 			$username === $_SESSION['valid_username'] &&
			
 
				 			$password_new !== '' &&