This file is indexed.

/usr/share/postfixadmin/users/password.php is in postfixadmin 3.0.2-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
/** 
 * Postfix Admin 
 * 
 * LICENSE 
 * This source file is subject to the GPL license that is bundled with  
 * this package in the file LICENSE.TXT. 
 * 
 * Further details on the project are available at http://postfixadmin.sf.net 
 * 
 * @version $Id: password.php 1842 2016-05-20 20:42:04Z christian_boltz $ 
 * @license GNU GPL v2 or later. 
 * 
 * File: password.php
 * Used by users to change their mailbox (and login) password.
 * Template File: password.tpl
 *
 * Template Variables:
 *
 * none
 *
 * Form POST \ GET Variables:
 *
 * fPassword_current
 * fPassword
 * fPassword2
 */

$rel_path = '../';
require_once('../common.php');

authentication_require_role('user');
$username = authentication_get_username();

$pPassword_password_text = "";
$pPassword_password_current_text = "";

if ($_SERVER['REQUEST_METHOD'] == "POST")
{
    if (safepost('token') != $_SESSION['PFA_token']) die('Invalid token!');

    if(isset($_POST['fCancel'])) {
        header("Location: main.php");
        exit(0);
    }

    $fPassword_current = $_POST['fPassword_current'];
    $fPassword = $_POST['fPassword'];
    $fPassword2 = $_POST['fPassword2'];

    $error = 0;

    $validpass = validate_password($fPassword);
    if(count($validpass) > 0) {
        flash_error($validpass[0]); # TODO: honor all error messages, not only the first one
        $error += 1;
    }
 
    $mh = new MailboxHandler;

    if(!$mh->login($username, $fPassword_current)) {
        $error += 1;
        $pPassword_password_current_text = $PALANG['pPassword_password_current_text_error'];
    }
    if (empty ($fPassword) or ($fPassword != $fPassword2))
    {
        $error += 1;
        $pPassword_password_text = $PALANG['pPassword_password_text_error'];
    }

    if ($error == 0)
    {
        $mh->init($username); # TODO: error handling
        if($mh->change_pw($fPassword, $fPassword_current) ) {
            flash_info(Config::Lang_f('pPassword_result_success', $username));
            header("Location: main.php");
            exit(0);
        }
        else
        {
            flash_error(Config::Lang_f('pPassword_result_error', $username));
        }
    }
}

$smarty->assign ('SESSID_USERNAME', $username);
$smarty->assign ('pPassword_password_current_text', $pPassword_password_current_text, false);
$smarty->assign ('pPassword_password_text', $pPassword_password_text, false);

$smarty->assign ('smarty_template', 'password');
$smarty->display ('index.tpl');

/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
?>