#!/usr/local/bin/php-cgi -f
<?php
/*
 * rc.initial.password
 *
 * part of pfSense (https://www.pfsense.org)
 * Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
 * All rights reserved.
 *
 * originally part of m0n0wall (http://m0n0.ch/wall)
 * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

	/* parse the configuration and include all functions used below */

	require_once("config.inc");
	require_once("auth.inc");
	require_once("functions.inc");
	require_once("shaper.inc");

	$fp = fopen('php://stdin', 'r');

	echo "\n" . gettext('
The webConfigurator admin password and privileges will be reset to the default (which is "' . strtolower($g['product_name']) . '").') . "\n" .
	gettext('Do you want to proceed [y|n]?') . " ";

	if (strcasecmp(chop(fgets($fp)), "y") == 0) {
		if (isset($config['system']['webgui']['authmode']) &&
		    $config['system']['webgui']['authmode'] != "Local Database") {
			echo "\n" . gettext('
The User manager authentication server is set to "' . $config['system']['webgui']['authmode'] . '".') . "\n" .
			gettext('Do you want to set it back to Local Database [y|n]?') . " ";
			if (strcasecmp(chop(fgets($fp)), "y") == 0) {
				$config['system']['webgui']['authmode'] = "Local Database";
			}
		}
		$admin_user =& getUserEntryByUID(0);
		if (!$admin_user) {
			echo "Failed to locate the admin user account! Attempting to restore access.\n";
			$admin_user = array();
			$admin_user['uid'] = 0;
			if (!is_array($config['system']['user'])) {
				$config['system']['user'] = array();
			}
			$config['system']['user'][] = $admin_user;
			$admin_user =& getUserEntryByUID(0);
		}

		$admin_user['name'] = "admin";
		$admin_user['scope'] = "system";
		$admin_user['priv'] = array("user-shell-access");

		if (isset($admin_user['disabled'])) {
			unset($admin_user['disabled']);
		}

		if (isset($admin_user['expires'])) {
			unset($admin_user['expires']);
		}

		local_user_set_password($admin_user, strtolower($g['product_name']));
		local_user_set($admin_user);
		write_config(gettext("password changed from console menu"));

		echo "\n" . gettext('
The password for the webConfigurator has been reset and
the default username has been set to "admin".') . "\n" .
		gettext('
Remember to set the password to something else than
the default as soon as you have logged into the webConfigurator.') . "\n" .
		gettext("Press ENTER to continue.");

		fgets($fp);
	}
?>