admin/36146-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36146-vm/reset-password.php
Flatlogic Bot 65d71ae74f v1
2025-11-23 19:41:44 +00:00

65 lines
2.1 KiB
PHP
Raw Permalink Blame History

<?php
session_start();
require_once 'db/config.php';
if (!isset($_SESSION['user_id'])) {
header("Location: /login.php");
exit;
}
$adminId = $_SESSION['user_id'];
$db = db();
// Check if user is admin
$stmt = $db->prepare("SELECT role FROM users WHERE id = ?");
$stmt->execute([$adminId]);
$adminUser = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$adminUser || $adminUser['role'] !== 'admin') {
die("Access Denied.");
}
if (!isset($_GET['user_id'])) {
die("User ID not specified.");
}
$userIdToReset = $_GET['user_id'];
// Generate a new random password
$newPassword = bin2hex(random_bytes(8)); // 16 characters
$hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
// Update the user's password
$stmt = $db->prepare("UPDATE users SET password = ? WHERE id = ?");
$stmt->execute([$hashedPassword, $userIdToReset]);
// Fetch user name for display
$stmt = $db->prepare("SELECT name, email FROM users WHERE id = ?");
$stmt->execute([$userIdToReset]);
$userToReset = $stmt->fetch(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Password Reset - Admin</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
<div class="container mt-5">
<div class="alert alert-success">
<h4 class="alert-heading">Password Reset Successful!</h4>
<p>The password for user <strong><?php echo htmlspecialchars($userToReset['name']); ?> (<?php echo htmlspecialchars($userToReset['email']); ?>)</strong> has been reset.</p>
<hr>
<p class="mb-0">New Password: <code><?php echo $newPassword; ?></code></p>
</div>
<div class="alert alert-danger">
<strong>Security Warning:</strong> This is a temporary and insecure password reset method. Please advise the user to change their password immediately. A proper, secure password reset flow (e.g., via email with a token) should be implemented.
</div>
<a href="/admin.php" class="btn btn-primary">Back to Admin Panel</a>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink