Let admins generate password reset links
parent
0991d5a487
commit
f19e186cd3
|
@ -22,14 +22,13 @@
|
||||||
));
|
));
|
||||||
|
|
||||||
if($validator->isValid($_POST)) {
|
if($validator->isValid($_POST)) {
|
||||||
$NEWPW = substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil(10/strlen($x)) )),1,10); // Generate random password (10 characters)
|
require_once 'app/utils.php';
|
||||||
$salt = bin2hex(random_bytes(16));
|
$token = generateToken(32);
|
||||||
$hash = md5(md5($NEWPW).':'.$salt);
|
$setToken = $RUNTIME['PDO']->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)');
|
||||||
|
$setToken->execute([$_POST['userid'], $token, time()]);
|
||||||
|
$resetLink = "https://".$RUNTIME['DOMAIN'].'/index.php?page=reset-password&token='.$token;
|
||||||
|
|
||||||
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
|
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($opensim->getUserName($_REQUEST['userid'])).' kann in den nächsten 24 Stunden über diesen Link zurückgesetzt werden: <b>'.$resetLink.'</b></div>');
|
||||||
$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $_REQUEST['userid']]);
|
|
||||||
|
|
||||||
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($opensim->getUserName($_REQUEST['userid'])).' wurde geändert. Das neue Passwort ist <b>'.htmlspecialchars($NEWPW).'</b></div>');
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if(isset($_POST['generateLink'])) {
|
else if(isset($_POST['generateLink'])) {
|
||||||
|
@ -57,7 +56,7 @@
|
||||||
|
|
||||||
while($row = $statement->fetch())
|
while($row = $statement->fetch())
|
||||||
{
|
{
|
||||||
$entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ÄNDERN</button></form></td></tr>';
|
$entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button></form></td></tr>';
|
||||||
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
|
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue