Password resest progress

2024-12-28 02:16:17 +00:00 · 2022-09-17 10:51:54 +00:00 · 2022-09-17 10:51:54 +00:00 · c69ae90a40
parent 7143e35bc7
commit c69ae90a40
2 changed files with 87 additions and 32 deletions
--- a/account.php
+++ b/account.php
@ -153,7 +153,7 @@
 													<?php
 												} else {
 													?>
-														<button id="userResetPassword" class="btn btn-bad">Reset Password</button>
+														<button id="userResetPassword" class="btn btn-bad" onclick="userResetPassword('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Reset Password</button>
 														<button id="userDeleteButton" class="btn btn-bad" onclick="userDelete('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Delete user</button>
 														<button id="userToggleAdmin" class="btn btn-bad" onclick="userToggleAdmin('<?php echo $user['id']; ?>', '<?php echo $user['username']; ?>')">Toggle admin</button>
 													<?php
@ -164,6 +164,32 @@
 								}
 							?>
 							<script>
+								function userResetPassword(id, username) {
+									var header = "UwU whats the new passywassy code?";
+									var description = "Do this only if "+username+" has forgotten their password, DO NOT abuse this power";
+									var actionBox = "<form id='userResetPasswordForm' method='POST'>\
+									<input id='userNewPassword' class='btn btn-neutral' type='password' name='new_password' placeholder='New Password'>\
+									<input id='userConfirmSassword' class='btn btn-neutral' type='password' name='confirm_password' placeholder='Confirm Password'>\
+									<br>\
+									<button id='userPasswordSubmit' class='btn btn-bad' type='submit' name='reset' value='"+id+"'><img class='svg' src='assets/icons/password.svg'>Reset</button>\
+									</form>";
+
+									flyoutShow(header, description, actionBox);
+									
+									$("#userResetPasswordForm").submit(function(event) {
+										event.preventDefault();
+										var new_passowrd = $("#userNewPassword").val();
+										var confirm_password = $("#userConfirmSassword").val();
+										var submit = $("#userPasswordSubmit").val();
+										var userId = $("#userPasswordSubmit").val();
+										$("#sniffle").load("app/account/password_reset.php", {
+											new_passowrd: new_passowrd,
+											confirm_password: confirm_password,
+											id: userId,
+											submit: submit
+										});
+									});
+								}
 								function userDelete(id, username) {
 									var header = "Are you very very sure?";
 									var description = "This CANNOT be undone, be very carefull with your decition...";
--- a/app/account/password_reset.php
+++ b/app/account/password_reset.php
@ -16,6 +16,11 @@
 session_start();
 // Include server connection
 include dirname(__DIR__)."/server/conn.php";
+include dirname(__DIR__)."/app.php";
+
+use App\Account;
+
+$user_info = new Account();

 if (isset($_POST['submit'])) {
    /*
@ -31,20 +36,20 @@ if (isset($_POST['submit'])) {
    // Validate new password
    if (empty(trim($_POST["new_password"]))) {
        ?>
-        <script>
-            sniffleAdd('Meep', 'Enter a new password!', 'var(--red)', 'assets/icons/cross.svg');
-            flyoutClose();
-        </script>
+            <script>
+                sniffleAdd('Meep', 'Enter a new password!', 'var(--red)', 'assets/icons/cross.svg');
+                flyoutClose();
+            </script>
        <?php
-        $error = $error + 1;
+        $error += 1;
    } elseif(strlen(trim($_POST["new_password"])) < 6) {
        ?>
-        <script>
-            sniffleAdd('Not long enough...', 'Password, must be 6 or more characters in length uwu', 'var(--red)', 'assets/icons/cross.svg');
-            flyoutClose();
-        </script>
+            <script>
+                sniffleAdd('Not long enough...', 'Password, must be 6 or more characters in length uwu', 'var(--red)', 'assets/icons/cross.svg');
+                flyoutClose();
+            </script>
        <?php
-        $error = $error + 1;
+        $error += 1;
    } else {
        $new_password = trim($_POST["new_password"]);
    }
@ -52,23 +57,37 @@ if (isset($_POST['submit'])) {
    // Validate confirm password
    if (empty(trim($_POST["confirm_password"]))) {
        ?>
-        <script>
-            sniffleAdd('Meep', 'You must confirm the password!!!!', 'var(--red)', 'assets/icons/cross.svg');
-            flyoutClose();
-        </script>
+            <script>
+                sniffleAdd('Meep', 'You must confirm the password!!!!', 'var(--red)', 'assets/icons/cross.svg');
+                flyoutClose();
+            </script>
        <?php
-        $error = $error + 1;
+        $error += 1;
    } else {
        $confirm_password = trim($_POST["confirm_password"]);
        if(empty($error) && ($new_password != $confirm_password)) {
            ?>
+                <script>
+                    sniffleAdd('AAAA', 'Passwords do not match!!!', 'var(--red)', 'assets/icons/cross.svg');
+                    flyoutClose();
+                </script>
+            <?php
+            $error += 1;
+        }
+    }
+
+    if (isset($_POST['id']) && $user_info->is_admin($conn, $_SESSION["id"])) {
+        $user_id = $_POST['id'];
+    } elseif (empty($_POST['id'])) {
+        $user_id = $_SESSION["id"];
+    } else {
+        ?>
            <script>
-                sniffleAdd('AAAA', 'Passwords do not match!!!', 'var(--red)', 'assets/icons/cross.svg');
+                sniffleAdd('Oopsie', 'An error occured while figuring out which user to change the password of... Are you an admin?', 'var(--red)', 'assets/icons/cross.svg');
                flyoutClose();
            </script>
-            <?php
-            $error = $error + 1;
-        }
+        <?php
+        $error += 1;
    }

    // Check for errors
@ -81,24 +100,34 @@ if (isset($_POST['submit'])) {
    
            // Setting up Password parameters
            $param_password = password_hash($new_password, PASSWORD_DEFAULT);
-            $param_id = $_SESSION["id"];
+            $param_id = $user_id;
    
            // Attempt to execute (sus)
            if (mysqli_stmt_execute($stmt)) {
                // Password updated!!!! Now goodbye
-                session_destroy();
-                ?>
-                <script>
-                    sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--green)', 'assets/icons/check.svg');
-                    setTimeout(function(){window.location.href = "account/login.php";}, 2000);
-                </script>
-                <?php
+                if ($user_id == $_SESSION["id"]) {
+                    // Check if password reset was done by user
+                    session_destroy();
+                    ?>
+                        <script>
+                            sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--green)', 'assets/icons/check.svg');
+                            setTimeout(function(){window.location.href = "account/login.php";}, 2000);
+                        </script>
+                    <?php
+                } else {
+                    // An admin has changed the password
+                    ?>
+                        <script>
+                            sniffleAdd('Password updated', 'Password has been reset for user! But their session may still be active', 'var(--green)', 'assets/icons/check.svg');
+                        </script>
+                    <?php
+                }
            } else {
                ?>
-                <script>
-                    sniffleAdd('Bruh', 'Something happened on our end, sowwy', 'var(--red)', 'assets/icons/cross.svg');
-                    flyoutClose();
-                </script>
+                    <script>
+                        sniffleAdd('Bruh', 'Something happened on our end, sowwy', 'var(--red)', 'assets/icons/cross.svg');
+                        flyoutClose();
+                    </script>
                <?php
            }
        }