2020-12-26 01:42:23 +08:00
< ? php
2021-01-13 19:32:26 +08:00
require " ../include/bittorrent.php " ;
2020-12-26 01:42:23 +08:00
dbconn ();
loggedinorreturn ();
// Reset Lost Password ACTION
if ( get_user_class () < UC_ADMINISTRATOR )
stderr ( " Error " , " Permission denied, Administrator Only. " );
if ( $_SERVER [ " REQUEST_METHOD " ] == " POST " )
{
$username = trim ( $_POST [ " username " ]);
$newpassword = trim ( $_POST [ " newpassword " ]);
$newpasswordagain = trim ( $_POST [ " newpasswordagain " ]);
2021-06-13 20:53:14 +08:00
2020-12-26 01:42:23 +08:00
if ( empty ( $username ) || empty ( $newpassword ) || empty ( $newpasswordagain ))
stderr ( " Error " , " Don't leave any fields blank. " );
if ( $newpassword != $newpasswordagain )
stderr ( " Error " , " The passwords didn't match! Must've typoed. Try again. " );
if ( strlen ( $newpassword ) < 6 )
stderr ( " Error " , " Sorry, password is too short (min is 6 chars) " );
2021-06-13 20:53:14 +08:00
2020-12-26 01:42:23 +08:00
$res = sql_query ( " SELECT * FROM users WHERE username= " . sqlesc ( $username ) . " " ) or sqlerr ();
$arr = mysql_fetch_assoc ( $res );
2025-10-30 10:28:52 +07:00
if ( empty ( $arr )) {
stderr ( " Error " , " Sorry, that username doesn't exist. " );
}
2021-06-13 20:53:14 +08:00
if ( get_user_class () <= $arr [ 'class' ]) {
$log = " Password Reset For $username by { $CURUSER [ 'username' ] } denied: operator class => " . get_user_class () . " is not greater than target user => { $arr [ 'class' ] } " ;
write_log ( $log );
do_log ( $log , 'alert' );
stderr ( " Error " , " Sorry, you don't have enough permission to reset this user's password. " );
}
2020-12-26 01:42:23 +08:00
$id = $arr [ 'id' ];
2025-10-30 10:28:52 +07:00
//$wantpassword=$newpassword;
//$secret = mksecret();
//$wantpasshash = md5($secret . $wantpassword . $secret);
//sql_query("UPDATE users SET passhash=".sqlesc($wantpasshash).", secret= ".sqlesc($secret)." where id=$id");
$userRep = new \App\Repositories\UserRepository ();
2025-10-30 11:29:00 +07:00
try {
$userRep -> resetPassword ( $id , $newpassword , $newpasswordagain );
} catch ( \Exception $e ) {
stderr ( 'Error' , $e -> getMessage ());
}
2021-06-13 20:53:14 +08:00
write_log ( " Password Reset For $username by { $CURUSER [ 'username' ] } " );
2020-12-26 01:42:23 +08:00
if ( mysql_affected_rows () != 1 )
stderr ( " Error " , " Unable to RESET PASSWORD on this account. " );
stderr ( " Success " , " The password of account <b> $username </b> is reset , please inform user of this change. " , false );
}
stdhead ( " Reset User's Lost Password " );
?>
< table border = 1 cellspacing = 0 cellpadding = 5 >
< form method = post >
< tr >< td class = colhead align = " center " colspan = 2 > Reset User ' s Lost Password </ td ></ tr >
< tr >< td class = rowhead align = " right " > User Name :</ td >< td class = rowfollow >< input size = 40 name = username ></ td ></ tr >
< tr >< td class = rowhead align = " right " > New Password :</ td >< td class = rowfollow >< input type = " password " size = 40 name = newpassword >< br />< font class = small > Minimum is 6 characters </ font ></ td ></ tr >
< tr >< td class = rowhead align = " right " > Confirm New Password :</ td >< td class = rowfollow >< input type = " password " size = 40 name = newpasswordagain ></ td ></ tr >
< tr >< td class = toolbox colspan = 2 align = " center " >< input type = submit class = btn value = 'Reset' ></ td ></ tr >
</ form >
</ table >
< ? php
stdfoot ();
