From e9f1faa1b7bf05ae6d4233860619450a356125ae Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Fri, 27 Feb 2026 12:15:35 -0700
Subject: [PATCH] Add password changed email template (#7764)

* Add password changed email template

* Update user_profile.php

* Update app_defaults.php

* Update user_edit.php
---
 core/users/app_defaults.php | 43 +++++++++++++++++++++++++
 core/users/user_edit.php    | 55 ++++++++++++++++++++++++++++++++
 core/users/user_profile.php | 62 +++++++++++++++++++++++++++++++++++++
 3 files changed, 160 insertions(+)

diff --git a/core/users/app_defaults.php b/core/users/app_defaults.php
index 58874c8bf..c4ef50681 100644
--- a/core/users/app_defaults.php
+++ b/core/users/app_defaults.php
@@ -118,6 +118,49 @@ if ($domains_processed == 1) {
 			$p->delete("default_setting_edit", 'temp');
 		}
 
+	//insert default password changed email template
+		if (file_exists(dirname(__DIR__, 2).'/core/email_templates')) {
+
+			//add the email templates to the database
+			$sql = "select count(*) as num_rows from v_email_templates ";
+			$sql .= "where email_template_uuid = 'afca57c4-056c-45b5-be46-13f5522e47b7' ";
+			$num_rows = $database->select($sql, null, 'column');
+			if ($num_rows == 0) {
+				//build the array
+				$x = 0;
+				$array['email_templates'][$x]['email_template_uuid'] = 'afca57c4-056c-45b5-be46-13f5522e47b7';
+				$array['email_templates'][$x]['template_language'] = 'en-us';
+				$array['email_templates'][$x]['template_category'] = 'password_changed';
+				$array['email_templates'][$x]['template_subcategory'] = 'default';
+				$array['email_templates'][$x]['template_subject'] = 'Password Changed';
+				$array['email_templates'][$x]['template_body'] .= "<html>\n";
+				$array['email_templates'][$x]['template_body'] .= "<body>\n";
+				$array['email_templates'][$x]['template_body'] .= "A password was just changed on <a href='https://\${domain}'>\${domain}</a> for a user account associated with this email address.<br /><br />\n";
+				$array['email_templates'][$x]['template_body'] .= "If you made this change, you can ignore this message.<br /><br />";
+				$array['email_templates'][$x]['template_body'] .= "If you did not initiate this action, please contact your system administrator.";
+				$array['email_templates'][$x]['template_body'] .= "<br /><br /><br />\n";
+				$array['email_templates'][$x]['template_body'] .= "</body>\n";
+				$array['email_templates'][$x]['template_body'] .= "</html>\n";
+				$array['email_templates'][$x]['template_type'] = 'html';
+				$array['email_templates'][$x]['template_enabled'] = true;
+				$array['email_templates'][$x]['template_description'] = 'Default password changed email template.';
+				$x++;
+
+				//add the temporary permission
+				$p = permissions::new();
+				$p->add("email_template_add", 'temp');
+				$p->add("email_template_edit", 'temp');
+
+				//save to the data
+				$database->save($array, false);
+				unset($array);
+
+				//remove the temporary permission
+				$p->delete("email_template_add", 'temp');
+				$p->delete("email_template_edit", 'temp');
+			}
+		}
+
 	//insert default password reset email template
 		if (file_exists(dirname(__DIR__, 2).'/core/email_templates')) {
 
diff --git a/core/users/user_edit.php b/core/users/user_edit.php
index d41c16363..e26b5327c 100644
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@@ -547,6 +547,61 @@
 				$parameters['user_uuid'] = $user_uuid;
 				$database->execute($sql, $parameters);
 				unset($sql, $parameters);
+
+				//send the password changed email
+				if (valid_email($user_email)) {
+					//generate email and body variables
+					$domain_name = $_SESSION['domain_name'];
+					$domain_uuid = $_SESSION['domain_uuid'];
+
+					//get user language code, if exists
+					$sql = "select user_setting_value from v_user_settings ";
+					$sql .= "where user_uuid = :user_uuid ";
+					$sql .= "and domain_uuid = :domain_uuid ";
+					$sql .= "and user_setting_category = 'domain' ";
+					$sql .= "and user_setting_subcategory = 'language' ";
+					$sql .= "and user_setting_name = 'code' ";
+					$parameters['user_uuid'] = $user_uuid;
+					$parameters['domain_uuid'] = $domain_uuid;
+					$row = $database->select($sql, $parameters, 'row');
+					if (is_array($row) && @sizeof($row) != 0) {
+						$user_language_code = $row['user_setting_value'];
+					}
+					unset($sql, $parameters, $row);
+
+					//get the email template from database
+					$sql = "select template_subject, template_body from v_email_templates ";
+					$sql .= "where template_language = :template_language ";
+					$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
+					$sql .= "and template_category = 'password_changed' ";
+					$sql .= "and template_subcategory = 'default' ";
+					$sql .= "and template_type = 'html' ";
+					$sql .= "and template_enabled = true ";
+					$parameters['template_language'] = $user_language_code ? $user_language_code : $settings->get('domain', 'language', 'en-us');
+					$parameters['domain_uuid'] = $domain_uuid;
+					$row = $database->select($sql, $parameters, 'row');
+					if (is_array($row)) {
+						$email_subject = $row['template_subject'];
+						$email_body = $row['template_body'];
+					}
+					unset($sql, $parameters, $row);
+
+					//replace variables in email body
+					$email_body = str_replace('${domain}', $domain_name, $email_body);
+
+					//send the email
+					send_email($user_email, $email_subject, $email_body, $eml_error);
+
+					//build the user log array
+					$log_array['type'] = 'Password Changed';
+					$log_array['domain_uuid'] = $_SESSION['domain_uuid'];
+					$log_array['username'] = $username;
+					$log_array['user_uuid'] = $user_uuid;
+					$log_array['authorized'] = true;
+
+					//add the result to the user logs
+					user_logs::add($log_array);
+				}
 			}
 			$array['users'][$x]['user_email'] = $user_email;
 			$array['users'][$x]['user_status'] = $user_status;
diff --git a/core/users/user_profile.php b/core/users/user_profile.php
index f33116422..93133d725 100644
--- a/core/users/user_profile.php
+++ b/core/users/user_profile.php
@@ -414,6 +414,68 @@
 				$parameters['user_uuid'] = $user_uuid;
 				$database->execute($sql, $parameters);
 				unset($sql, $parameters);
+
+				//send the password changed email
+				if (valid_email($user_email)) {
+					//generate email and body variables
+					$domain_name = $_SESSION['domain_name'];
+					$domain_uuid = $_SESSION['domain_uuid'];
+
+					//get user language code, if exists
+					$sql = "select user_setting_value from v_user_settings ";
+					$sql .= "where user_uuid = :user_uuid ";
+					$sql .= "and domain_uuid = :domain_uuid ";
+					$sql .= "and user_setting_category = 'domain' ";
+					$sql .= "and user_setting_subcategory = 'language' ";
+					$sql .= "and user_setting_name = 'code' ";
+					$parameters['user_uuid'] = $user_uuid;
+					$parameters['domain_uuid'] = $domain_uuid;
+					$row = $database->select($sql, $parameters, 'row');
+					if (is_array($row) && @sizeof($row) != 0) {
+						$user_language_code = $row['user_setting_value'];
+					}
+					unset($sql, $parameters, $row);
+
+					//get the email template from database
+					$sql = "select template_subject, template_body from v_email_templates ";
+					$sql .= "where template_language = :template_language ";
+					$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
+					$sql .= "and template_category = 'password_changed' ";
+					$sql .= "and template_subcategory = 'default' ";
+					$sql .= "and template_type = 'html' ";
+					$sql .= "and template_enabled = true ";
+					$parameters['template_language'] = $user_language_code ? $user_language_code : $settings->get('domain', 'language', 'en-us');
+					$parameters['domain_uuid'] = $domain_uuid;
+					$row = $database->select($sql, $parameters, 'row');
+					if (is_array($row)) {
+						$email_subject = $row['template_subject'];
+						$email_body = $row['template_body'];
+					}
+					unset($sql, $parameters, $row);
+
+					//replace variables in email body
+					$email_body = str_replace('${domain}', $domain_name, $email_body);
+
+					//send the email
+					send_email($user_email, $email_subject, $email_body, $eml_error);
+
+					//get the username
+					$sql = "select username from v_users ";
+					$sql .= "where user_uuid = :user_uuid ";
+					$parameters['user_uuid'] = $user_uuid;
+					$username = $database->select($sql, $parameters, 'column');
+					unset($sql, $parameters);
+
+					//build the user log array
+					$log_array['type'] = 'Password Changed';
+					$log_array['domain_uuid'] = $_SESSION['domain_uuid'];
+					$log_array['username'] = $username;
+					$log_array['user_uuid'] = $user_uuid;
+					$log_array['authorized'] = true;
+
+					//add the result to the user logs
+					user_logs::add($log_array);
+				}
 			}
 			$array['users'][$x]['user_email'] = $user_email;
 			$array['users'][$x]['user_status'] = $user_status;