0) { $mailValue = $mailValues[0]; if (strcasecmp($mail_attribute, "proxyAddresses") == 0) { $mailValue = str_ireplace("smtp:", "", $mailValue); } $mail = $mailValue; $match = true; } } if (!$match) { if (!$mail_address_use_ldap) { $result = "mailnomatch"; error_log("Mail $mail does not match for user $login"); } else { $result = "mailnomatch"; error_log("Mail not found for user $login"); } } if ( $use_ratelimit ) { if ( ! allowed_rate($login,$_SERVER[$client_ip_header],$rrl_config) ) { $result = "throttle"; error_log("Mail - User $login too fast"); } } }}}}} #============================================================================== # Build and store token #============================================================================== if ( $result === "" ) { # Use PHP session to register token # We do not generate cookie ini_set("session.use_cookies",0); ini_set("session.use_only_cookies",1); session_name("token"); session_start(); $_SESSION['login'] = $login; $_SESSION['time'] = time(); if ( $crypt_tokens ) { $token = encrypt(session_id(), $keyphrase); } else { $token = session_id(); } } #============================================================================== # Send token by mail #============================================================================== if ( $result === "" ) { if ( empty($reset_url) ) { # Build reset by token URL $method = "http"; if ( !empty($_SERVER['HTTPS']) ) { $method .= "s"; } $server_name = $_SERVER['SERVER_NAME']; $server_port = $_SERVER['SERVER_PORT']; $script_name = $_SERVER['SCRIPT_NAME']; # Force server port if non standard port if ( ( $method === "http" and $server_port != "80" ) or ( $method === "https" and $server_port != "443" ) ) { $server_name .= ":".$server_port; } $reset_url = $method."://".$server_name.$script_name; } $reset_url .= "?action=resetbytoken&token=".urlencode($token); if ( !empty($reset_request_log) ) { error_log("Send reset URL " . ( $debug ? "$reset_url" : "HIDDEN") . "\n\n", 3, $reset_request_log); } else { error_log("Send reset URL " . ( $debug ? "$reset_url" : "HIDDEN")); } $data = array( "login" => $login, "mail" => $mail, "url" => $reset_url ) ; # Send message if ( send_mail($mailer, $mail, $mail_from, $mail_from_name, $messages["resetsubject"], $messages["resetmessage"].$mail_signature, $data) ) { $result = "tokensent"; } else { $result = "tokennotsent"; error_log("Error while sending token to $mail (user $login)"); } }