lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-23 11:27:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

test new exam

Browse Source
This commit is contained in:
xiaomlove
2021-06-13 20:53:14 +08:00
parent f9e4bcbac4
commit bf2825713d
5 changed files with 56 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/reset.php
+9 -4
View File
@@ -11,7 +11,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
$username = trim($_POST["username"]);
$newpassword = trim($_POST["newpassword"]);
$newpasswordagain = trim($_POST["newpasswordagain"]);
if (empty($username) || empty($newpassword) || empty($newpasswordagain))
stderr("Error","Don't leave any fields blank.");
@@ -20,17 +20,22 @@ if ($_SERVER["REQUEST_METHOD"] == "POST")
if (strlen($newpassword) < 6)
stderr("Error","Sorry, password is too short (min is 6 chars)");
$res = sql_query("SELECT * FROM users WHERE username=" . sqlesc($username) . " ") or sqlerr();
$arr = mysql_fetch_assoc($res);
if (get_user_class() <= $arr['class']) {
$log = "Password Reset For $username by {$CURUSER['username']} denied: operator class => " . get_user_class() . " is not greater than target user => {$arr['class']}";
write_log($log);
do_log($log, 'alert');
stderr("Error","Sorry, you don't have enough permission to reset this user's password.");
}
$id = $arr['id'];
$wantpassword=$newpassword;
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
sql_query("UPDATE users SET passhash=".sqlesc($wantpasshash).", secret= ".sqlesc($secret)." where id=$id");
write_log("Password Reset For $username by $CURUSER[username]");
write_log("Password Reset For $username by {$CURUSER['username']}");
if (mysql_affected_rows() != 1)
stderr("Error", "Unable to RESET PASSWORD on this account.");
stderr("Success", "The password of account <b>$username</b> is reset , please inform user of this change.",false);