Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

add password reset to users page

master
Chris 2021-01-07 15:30:23 +01:00
parent bc0c8816b9
commit 0429f2db6a
2 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pages/HTML/users.html
View File

@ -1,7 +1,8 @@
<div class="container-fluid"> <div class="container-fluid">
<div class="row"> <div class="row">
<div class="col-md-6"> <div class="col-md-6">
%%REGION-LIST%% %%MESSAGE%%
%%USER-LIST%%
</div> </div>
<div class="col-md-6"> <div class="col-md-6">
<div style="width: 400px; margin: auto; left: 50%;"> <div style="width: 400px; margin: auto; left: 50%;">

23
pages/users.php
View File

@ -1,4 +1,8 @@
<?php <?php
function generateRandomString($length = 10) {
return substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil($length/strlen($x)) )),1,$length);
}
if(@$_SESSION['LEVEL'] < 100) if(@$_SESSION['LEVEL'] < 100)
{ {
$HTML->setHTMLTitle("Kein Zugriff"); $HTML->setHTMLTitle("Kein Zugriff");
@ -11,6 +15,20 @@
$HTML->setHTMLTitle("Benutzer"); $HTML->setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("pages/HTML/users.html"); $HTML->importSeitenInhalt("pages/HTML/users.html");
if(@$_REQUEST['action'] == 'genpw' && @$_REQUEST['userid'] != '')
{
$SALT = md5(rand(1111, 9999));
$NEWPW = generateRandomString(10);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => md5(md5($NEWPW).":".$SALT), 'PrincipalID' => $_REQUEST['userid']]);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordSalt = :passwordSalt WHERE UUID = :PrincipalID');
$statement->execute(['passwordSalt' => $SALT, 'PrincipalID' => $_REQUEST['userid']]);
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.$RUNTIME['OPENSIM']->getUserName($_REQUEST['userid']).' wurde geändert. Das neue Passwort ist <b>'.$NEWPW.'</b></div>');
}
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))");
$statement->execute(); $statement->execute();
@ -32,13 +50,14 @@
while($row = $statement->fetch()) while($row = $statement->fetch())
{ {
$entry = '<tr><td>'.$row['FirstName'].'</td><td>'.$row['LastName'].'</td><td>'.$row['UserLevel'].'</td><td>PASSWORT ÄNDERN | SPERREN</td></tr>'; $entry = '<tr><td>'.$row['FirstName'].'</td><td>'.$row['LastName'].'</td><td>'.$row['UserLevel'].'</td><td><a href="index.php?page=users&action=genpw&userid='.$row['PrincipalID'].'">PASSWORT ÄNDERN</a></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
} }
$table = str_replace("%%ENTRY%%", "", $table); $table = str_replace("%%ENTRY%%", "", $table);
$HTML->ReplaceSeitenInhalt("%%REGION-LIST%%", $table); $HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table);
$HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' ');
$HTML->build(); $HTML->build();
echo $HTML->ausgabe(); echo $HTML->ausgabe();