1 files changed, 73 insertions, 0 deletions

diff --git a/Neutron-trunk/api/admin/password.php b/Neutron-trunk/api/admin/password.php
new file mode 100644
index 0000000..a823721
--- /dev/null
+++ b/Neutron-trunk/api/admin/password.php
@@ -0,0 +1,73 @@
+<?php require_once "../../resources/private/relative.php"; getRelativeDetails("api"); ?>
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
+
+if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) {
+    file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log") . date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
+} else {
+    file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - API/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
+}
+
+if (isset($_POST['oldpass'])) {
+    if (trim($_POST['oldpass']) == "") {
+        require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]);
+    }
+} else {
+    require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]);
+}
+
+if (isset($_POST['newpass'])) {
+    if (trim($_POST['newpass']) == "") {
+        require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]);
+    }
+} else {
+    require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]);
+}
+
+if (isset($_POST['newpassr'])) {
+    if (trim($_POST['newpassr']) == "") {
+        require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]);
+    }
+} else {
+    require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["fieldinvalid"]);
+}
+
+if (password_verify($_POST['oldpass'], file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/password"))) {
+} else {
+    require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["passoldinvalid"]);
+}
+
+if (strlen($_POST['newpass']) < 8) {
+    require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["passaddmore"][0] . " " . (8 - strlen($_POST['newpass'])) . " " . $lang["api"]["passaddmore"][1]);
+}
+
+if ($_POST['newpass'] == $_POST['newpassr']) {} else {
+    require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["passnewnomatch"]);
+}
+
+if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/") {
+    if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
+        $tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+        foreach ($tokens as $token) {
+            if ($token == "." || $token == "..") {} else {
+                unlink($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $token);
+            }
+        }
+    } else {
+        if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) {
+            file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log") . date("d/m/Y H:i:s") . " - APIDENY/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
+        } else {
+            file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - APIDENY/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
+        }
+    }
+} else {
+    if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log")) {
+        file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log") . date("d/m/Y H:i:s") . " - APIDENY/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
+    } else {
+        file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/system.log", date("d/m/Y H:i:s") . " - APIDENY/" . $_SERVER['REQUEST_METHOD'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_USER_AGENT'] . "\n\n");
+    }
+}
+
+file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/password", password_hash($_POST['newpass'], PASSWORD_BCRYPT, ['cost' => 12,]));
+require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit("ok");
\ No newline at end of file