lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-23 19:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix password related

Browse Source
This commit is contained in:
xiaomlove
2025-10-30 10:28:52 +07:00
parent f1cbb5c3da
commit 3d5e316275
7 changed files with 79 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/reset.php
+9 -4
View File
@@ -23,6 +23,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
$res = sql_query("SELECT * FROM users WHERE username=" . sqlesc($username) . " ") or sqlerr();
$arr = mysql_fetch_assoc($res);
if (empty($arr)) {
stderr("Error","Sorry, that username doesn't exist.");
}
if (get_user_class() <= $arr['class']) {
$log = "Password Reset For $username by {$CURUSER['username']} denied: operator class => " . get_user_class() . " is not greater than target user => {$arr['class']}";
write_log($log);
@@ -31,10 +34,12 @@ if (get_user_class() <= $arr['class']) {
}
$id = $arr['id'];
$wantpassword=$newpassword;
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
sql_query("UPDATE users SET passhash=".sqlesc($wantpasshash).", secret= ".sqlesc($secret)." where id=$id");
//$wantpassword=$newpassword;
//$secret = mksecret();
//$wantpasshash = md5($secret . $wantpassword . $secret);
//sql_query("UPDATE users SET passhash=".sqlesc($wantpasshash).", secret= ".sqlesc($secret)." where id=$id");
$userRep = new \App\Repositories\UserRepository();
$userRep->resetPassword($id, $newpassword, $newpasswordagain);
write_log("Password Reset For $username by {$CURUSER['username']}");
if (mysql_affected_rows() != 1)
stderr("Error", "Unable to RESET PASSWORD on this account.");