From 328938f473939b6475b7fb140d686e972923b11e Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Sat, 17 Oct 2020 13:21:36 +0200
Subject: [PATCH] Add password reset for super admin
---
chat.php | 31 ++++++++++++++++++++++++++++++-
lang_de.php | 6 +++++-
lang_en.php | 6 +++++-
3 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/chat.php b/chat.php
index f92ea0d..7f5d8ea 100644
--- a/chat.php
+++ b/chat.php
@@ -146,6 +146,8 @@ function route(){
send_admin(route_admin());
}elseif($_REQUEST['action']==='setup'){
route_setup();
+ }elseif($_REQUEST['action']==='sa_password_reset'){
+ send_sa_password_reset();
}else{
send_login();
}
@@ -922,9 +924,35 @@ function send_alogin(){
echo "<tr><td>$I[pass]</td><td><input type=\"password\" name=\"pass\" size=\"15\"></td></tr>";
send_captcha();
echo '<tr><td colspan="2">'.submit($I['login']).'</td></tr></table></form>';
+ echo '<br><a href="?action=sa_password_reset">'.$I['forgotlogin'].'</a><br>';
echo "<p id=\"changelang\">$I[changelang]";
foreach($L as $lang=>$name){
- echo " <a href=\"$_SERVER[SCRIPT_NAME]?action=setup&lang=$lang\">$name</a>";
+ echo " <a href=\"?action=setup&lang=$lang\" hreflang=\"$lang\">$name</a>";
+ }
+ echo '</p>'.credit();
+ print_end();
+}
+
+function send_sa_password_reset(){
+ global $I, $L, $db;
+ print_start('sa_password_reset');
+ echo "<h1>$I[resetpassword]</h1>";
+ if(defined('RESET_SUPERADMIN_PASSWORD') && !empty(RESET_SUPERADMIN_PASSWORD)){
+ $stmt = $db->query('SELECT nickname FROM ' . PREFIX . 'members WHERE status = 8 LIMIT 1;');
+ if($user = $stmt->fetch(PDO::FETCH_ASSOC)){
+ $mem_update = $db->prepare('UPDATE ' . PREFIX . 'members SET passhash = ? WHERE nickname = ? LIMIT 1;');
+ $mem_update->execute([password_hash(RESET_SUPERADMIN_PASSWORD, PASSWORD_DEFAULT), $user['nickname']]);
+ $sess_delete = $db->prepare('DELETE FROM ' . PREFIX . 'sessions WHERE nickname = ?;');
+ $sess_delete->execute([$user['nickname']]);
+ printf("<p>$I[resetsucc]</p>", $user['nickname']);
+ }
+ } else {
+ echo "<p>$I[resetinstruction]</p>";
+ }
+ echo "<a href=\"?action=setup\">$I[backtosetup]</a>";
+ echo "<p id=\"changelang\">$I[changelang]";
+ foreach($L as $lang=>$name){
+ echo " <a href=\"?action=sa_password_reset&lang=$lang\" hreflang=\"$lang\">$name</a>";
}
echo '</p>'.credit();
print_end();
@@ -4265,4 +4293,5 @@ function load_config(){
define('AES_IV', AES_IV_PASS);
}
}
+ //define('RESET_SUPERADMIN_PASSWORD', 'changeme'); //Use this to reset your superadmin password in case you forgot it
}
diff --git a/lang_de.php b/lang_de.php
index 6195c8c..8431b53 100644
--- a/lang_de.php
+++ b/lang_de.php
@@ -366,5 +366,9 @@ $T=[
'manualrefresh' => 'Manuelles Neuladen erforderlich',
'personalnotes' => 'Persönliche Notizen',
'filtermodkick' => 'Kickfilter auf Moderatoren anwenden',
+ 'forgotlogin' => 'Zugangsdaten vergessen?',
+ 'resetinstruction' => 'Bitte bearbeiten Sie das Skript und fügen Sie folgendes am Ende der Datei hinzu (und ändern Sie das Passwort "changeme"). Danach aktualisieren Sie die Seite bitte: define(\'RESET_SUPERADMIN_PASSWORD\', \'changeme\');',
+ 'resetpassword' => 'Passwort zurücksetzen',
+ 'resetsucc' => 'Passwort erfolgreich für Nutzer %s zurückgesetzt. Bitte entfernen Sie das Passwort zurücksetzen define wieder aus dem Skript.',
+ 'Zurück zur Einrichtungsseite',
];
-
diff --git a/lang_en.php b/lang_en.php
index 7fbc397..b62041a 100644
--- a/lang_en.php
+++ b/lang_en.php
@@ -366,5 +366,9 @@ $I=[
'manualrefresh' => 'Manual refresh required',
'personalnotes' => 'Personal notes',
'filtermodkick' => 'Apply kick filter on moderators',
+ 'forgotlogin' => 'Forgot login?',
+ 'resetinstruction' => 'Please modify the script and put the following at the bottom of it (change the password). Then refresh this page: define(\'RESET_SUPERADMIN_PASSWORD\', \'changeme\');',
+ 'resetpassword' => 'Reset password',
+ 'resetsucc' => 'Successfully reset password for username %s. Please remove the password reset define from the script again.',
+ 'backtosetup' => 'Back to setup',
];
-