diff options
| author | Minteck <nekostarfan@gmail.com> | 2021-08-24 15:38:16 +0200 |
|---|---|---|
| committer | Minteck <nekostarfan@gmail.com> | 2021-08-24 15:38:16 +0200 |
| commit | 529ffcbfa97ab51a64a97f6dff08aeb2bc0cc105 (patch) | |
| tree | 8a50c30271b9b328cde0d907b1441f2dabdc341b /Neutron-trunk/api/admin/password.php | |
| parent | 15e4724761c50b30803df1811a525c85058f70bf (diff) | |
| download | electrode-529ffcbfa97ab51a64a97f6dff08aeb2bc0cc105.tar.gz electrode-529ffcbfa97ab51a64a97f6dff08aeb2bc0cc105.tar.bz2 electrode-529ffcbfa97ab51a64a97f6dff08aeb2bc0cc105.zip | |
Update
Diffstat (limited to 'Neutron-trunk/api/admin/password.php')
| -rw-r--r-- | Neutron-trunk/api/admin/password.php | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/Neutron-trunk/api/admin/password.php b/Neutron-trunk/api/admin/password.php new file mode 100644 index 0000000..a823721 --- /dev/null +++ b/Neutron-trunk/api/admin/password.php @@ -0,0 +1,73 @@ +<?php require_once "../../resources/private/relative.php"; getRelativeDetails("api"); ?> +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php"; + +if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log") . date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n"); +} else { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n"); +} + +if (isset($_POST['oldpass'])) { + if (trim($_POST['oldpass']) == "") { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]); + } +} else { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]); +} + +if (isset($_POST['newpass'])) { + if (trim($_POST['newpass']) == "") { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]); + } +} else { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]); +} + +if (isset($_POST['newpassr'])) { + if (trim($_POST['newpassr']) == "") { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]); + } +} else { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]); +} + +if (password_verify($_POST['oldpass'], file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/password"))) { +} else { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["passoldinvalid"]); +} + +if (strlen($_POST['newpass']) < 8) { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["passaddmore"][0] . " " . (8 - strlen($_POST['newpass'])) . " " . $lang["api"]["passaddmore"][1]); +} + +if ($_POST['newpass'] == $_POST['newpassr']) {} else { + require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["passnewnomatch"]); +} + +if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") { + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) { + $tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens"); + foreach ($tokens as $token) { + if ($token == "." || $token == "..") {} else { + unlink($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $token); + } + } + } else { + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log") . date("d/m/Y H:i:s") . " - APIDENY/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n"); + } else { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - APIDENY/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n"); + } + } +} else { + if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log") . date("d/m/Y H:i:s") . " - APIDENY/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n"); + } else { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - APIDENY/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n"); + } +} + +file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/password", password_hash($_POST['newpass'], PASSWORD_BCRYPT, ['cost' => 12,])); +require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit("ok");
\ No newline at end of file |