This module provides a nice interface for a user-based password reset against DirectAdmin
This module is created to provide a nice looking interface to the password reset option of DirectAdmin ( which does not always work correctly in the webmail packages ). Please customise the background and logo to whatever you want.
Before installation you should get your authentication in DirectAdmin setup correctly. It is not advised to use the admin password in this module. DirectAdmin however supports the use of so-called Login Keys. To start using Login Keys go to your DirectAdmin Admin Interface and follow these steps;
- Click Login Keys ( Advanced Features ).
- Click "Create new Login Key".
- Fill in a descriptive name for this login key.
- Generate a random key or choose your own key.
- Set the expiry and number of uses.
- Select ALL checkboxes under the "Deny" tab. We do not want strange things from happening.
- Fill in the server ip address where Password-Reset is running.
- Confirm with your DirectAdmin password and click continue.
- Store the API key on a safe location.
Please note, The DirectAdmin Password Reset needs no rights, because the reset will be performed with the user credentials. However for tracability we use a Login Key so we have some insight in the number of resets ( via DirectAdmin AdminPage ).
- Go to Google.com and register a new site.
- Choose the reCAPTCHA V2 option.
- Copy the resulting SITEKEY and SECRET to a safe location.
Combined with this repository you will find an config.inc.php.example file. In this file there are some settings which you can ( and possibly should ) change for your installation.
An overview of the settings;
The DirectAdmin server where the adminpanel is hosted. ( Preferable via HTTPS )
The DirectAdmin Port where the adminpanel is hosted.
The DirectAdmin user which you used to register the API token.
The DirectAdmin API token.
The organisation domain is used to create a link to the organisation in the footer.
The organisation name is used in the footer.
If you want, you can fill in a punchline about the organisation. This will show in the footer.
Refers to the image file for the logo which is used in the Password-Reset module.
The SITE_TOKEN is a token which is used to verify the frontend. You should choose a random string for this value.
This option is required by the Google ReCAPTCHA and should contain the SITEKEY which you received during setup.
This option is required by the Google ReCAPTCHA and should contain the SECRET which you received during setup.
In addition to the organisation logo a custom background can be set. This can be done by creating a background.png file under the img/ directory.
The Password-Reset page consists of nice frontend environment ( index.php ) and a backend environment ( reset_email_password.php ). If you really want it, you can split the frontend from the backend. Thats what the Site-Token is for. Please also change the server URL mentioned in the file js/password_reset.js ( Rule 9 to reflect the correct backend server )
Please inform me of any security issues regarding this module, as i strive to build secure stuff. Be aware that the intelligence for checking passwords and preventing injection is handled by DirectAdmin itself.