diff --git a/images/de39ed37-a629-4306-ba39-b538ecdd04d3.webp b/images/de39ed37-a629-4306-ba39-b538ecdd04d3.webp new file mode 100644 index 0000000..2c99a4e Binary files /dev/null and b/images/de39ed37-a629-4306-ba39-b538ecdd04d3.webp differ diff --git a/login/forgot/index.html b/login/forgot/index.html index 0ee3ee2..974142f 100644 --- a/login/forgot/index.html +++ b/login/forgot/index.html @@ -41,7 +41,7 @@
- + diff --git a/login/register/index.html b/login/register/index.html index 2ae3922..612af03 100644 --- a/login/register/index.html +++ b/login/register/index.html @@ -47,7 +47,7 @@
- + diff --git a/scripts/forgot_password.cgi b/scripts/forgot_password.cgi new file mode 100644 index 0000000..b8033e9 --- /dev/null +++ b/scripts/forgot_password.cgi @@ -0,0 +1,96 @@ +#!/bin/bash + +echo "Content-type: text/html" +echo "" + +# Log the raw POST data for debugging +read POST_DATA +echo "POST Data: $POST_DATA" >> /tmp/forgot_password.log + +# URL decoding function +urldecode() { + local url_encoded="${1//+/ }" + printf '%b' "${url_encoded//%/\\x}" +} + +# Parse the form data using IFS +USERNAME="" +EMAIL="" + +IFS='&' # Split fields by "&" +for param in $POST_DATA; do + IFS='=' read -r key value <<< "$param" + key=$(urldecode "$key") + value=$(urldecode "$value") + + case $key in + username) USERNAME="$value" ;; + email) EMAIL="$value" ;; + esac +done + +# Check if the user exists in the database +DB_PATH="/path/to/your/database.db" +USER_EXISTS=$(sqlite3 $DB_PATH "SELECT COUNT(*) FROM users WHERE username='$USERNAME' AND email='$EMAIL';") + +if [ "$USER_EXISTS" -eq 0 ]; then + cat < +Reset Failed + +

User not found!

+Try again + + +EOF + exit 1 +fi + +# Generate a unique token for resetting the password +TOKEN=$(openssl rand -hex 16) + +# Set token expiration to 1 hour from now (Unix timestamp) +EXPIRATION=$(($(date +%s) + 3600)) + +# Store the reset token and expiration in the database +sqlite3 $DB_PATH "UPDATE users SET reset_token='$TOKEN', reset_expires=$EXPIRATION WHERE username='$USERNAME';" + +# Send reset link email +RESET_LINK="https://monotreme.org/cgi-bin/reset_password.cgi?token=$TOKEN" +EMAIL_BODY=$(cat <> /tmp/forgot_password.log + +# Send the email +echo "$EMAIL_BODY" | msmtp --account=monotreme "$EMAIL" + +# Response back to the browser +cat < +Password Reset Sent + +

Reset link sent!

+

A reset link has been sent to $EMAIL. Please check your email.

+Go to login page + + +EOF diff --git a/scripts/register.cgi b/scripts/register.cgi index b16edae..b4a0c27 100644 --- a/scripts/register.cgi +++ b/scripts/register.cgi @@ -77,7 +77,7 @@ echo "Email Body: $EMAIL_BODY" >> /tmp/register_form.log # Send the email using msmtp (or your protonmail-bridge setup) - echo "$EMAIL_BODY" | msmtp --from=default "$EMAIL" + echo "$EMAIL_BODY" | msmtp --account=monotreme "$EMAIL" # Response back to the browser cat < strftime('%s','now');") + +if [ "$VALID_TOKEN" -eq 0 ]; then + cat < +Invalid Token + +

Invalid or expired token!

+Request a new reset link + + +EOF + exit 1 +fi + +# Display reset form +cat < +Reset Your Password + +

Reset Your Password

+
+ + + +
+ + +
+ +
+ + +EOF diff --git a/scripts/reset_password_confirm.cgi b/scripts/reset_password_confirm.cgi new file mode 100644 index 0000000..1387013 --- /dev/null +++ b/scripts/reset_password_confirm.cgi @@ -0,0 +1,57 @@ +#!/bin/bash + +echo "Content-type: text/html" +echo "" + +# Log the raw POST data for debugging +read POST_DATA + +# Parse the form data +TOKEN="" +PASSWORD="" +CONFIRM_PASSWORD="" + +IFS='&' # Split fields by "&" +for param in $POST_DATA; do + IFS='=' read -r key value <<< "$param" + key=$(urldecode "$key") + value=$(urldecode "$value") + + case $key in + token) TOKEN="$value" ;; + password) PASSWORD="$value" ;; + confirm_password) CONFIRM_PASSWORD="$value" ;; + esac +done + +# Check if passwords match +if [ "$PASSWORD" != "$CONFIRM_PASSWORD" ]; then + cat < +Password Reset Failed + +

Passwords do not match!

+Try again + + +EOF + exit 1 +fi + +# Hash the password +PASSWORD_HASH=$(echo -n "$PASSWORD" | sha256sum | awk '{print $1}') + +# Update the user's password and remove the reset token +DB_PATH="/var/lib/monotreme/data/monotreme.db" +sqlite3 $DB_PATH "UPDATE users SET password_hash='$PASSWORD_HASH', reset_token=NULL, reset_expires=NULL WHERE reset_token='$TOKEN';" + +# Confirmation +cat < +Password Reset Successful + +

Your password has been reset!

+Go to login page + + +EOF