PHP WebShell
Текущая директория: /var/www/bitcardoApp/auth
Просмотр файла: reset.php
<?php
// auth/reset.php — Enter code + new password (stateless-ish: asks for email/phone again if we don't know it)
require_once __DIR__ . '/../config/bootstrap.php';
// Flash from forgot_process/reset_process
$flash = $_SESSION['flash'] ?? null;
unset($_SESSION['flash']);
// Prefill login (set by forgot_process). If empty, user can type it.
$prefill = $_SESSION['prefill_login'] ?? '';
// Do NOT unset here; keep for one round in case of validation errors.
// If you prefer to clear after render, move the unset below the HTML.
// DEV code: from URL (?dev_code=XXXXXX) or session (__DEV_RESET_CODE__)
$devCode = '';
if (!empty($_GET['dev_code'])) {
$devCode = preg_replace('/\D+/', '', (string)$_GET['dev_code']);
} elseif (!empty($_SESSION['__DEV_RESET_CODE__'])) {
$devCode = preg_replace('/\D+/', '', (string)$_SESSION['__DEV_RESET_CODE__']);
// one-time show
unset($_SESSION['__DEV_RESET_CODE__']);
}
include __DIR__ . '/header.php';
?>
<style>
.btn-secure-primary{ background:#076289; border-color:#076289; color:#fff !important; font-weight:600; }
.btn-secure-primary:hover{ background:#fff; color:#076289 !important; border-color:#076289 !important; box-shadow:0 0 0 3px rgba(7,98,137,.12); }
.card-soft { border:1px solid rgba(7,98,137,.12); border-radius:12px; background:#fff; box-shadow:0 8px 24px rgba(7,98,137,.06); }
.muted{ color:#6b7280; }
</style>
<div class="container">
<div class="offset-md-4 col-md-4">
<div class="form-signin text-start mt-4 card-soft p-4">
<h3 class="mb-1">Enter your code</h3>
<p class="muted">We sent a 6-digit code. Enter it with your new password.</p>
<?php if (!empty($flash['error'])): ?>
<div class="alert alert-danger"><?= htmlspecialchars($flash['error']) ?></div>
<?php elseif (!empty($flash['ok'])): ?>
<div class="alert alert-success"><?= htmlspecialchars($flash['ok']) ?></div>
<?php endif; ?>
<?php if ($devCode !== '' && (defined('OTP_ALWAYS_SHOW_DEV') && OTP_ALWAYS_SHOW_DEV)): ?>
<div class="alert alert-warning">
<strong>DEV ONLY</strong>: Reset code is
<code><?= htmlspecialchars($devCode) ?></code>
</div>
<?php endif; ?>
<form method="POST" action="../models/auth/reset_process.php" novalidate>
<input type="hidden" name="csrf" value="<?= htmlspecialchars($_SESSION['csrf'] ?? '') ?>">
<div class="mb-3">
<label for="login" class="form-label">Email or phone</label>
<input
type="text"
id="login"
name="login"
class="form-control"
value="<?= htmlspecialchars($prefill) ?>"
<?= $prefill !== '' ? 'readonly' : 'required' ?>
autocomplete="username"
>
</div>
<div class="mb-3">
<label for="code" class="form-label">6-digit code</label>
<input
type="text"
id="code"
name="code"
class="form-control"
inputmode="numeric"
autocomplete="one-time-code"
required
value="<?= $devCode !== '' ? htmlspecialchars($devCode) : '' ?>"
>
</div>
<div class="mb-3">
<label for="pass" class="form-label">New password</label>
<input type="password" id="pass" name="password" class="form-control" required>
<div class="form-text">Use at least 8 characters.</div>
</div>
<div class="mb-4">
<label for="pass2" class="form-label">Confirm new password</label>
<input type="password" id="pass2" name="password2" class="form-control" required>
</div>
<button class="w-100 btn btn-secure-primary btn-lg rounded-5" type="submit">Reset password</button>
<div class="text-center mt-3">
<a href="/auth/login.php" class="text-decoration-none">Back to login</a>
</div>
</form>
</div>
</div>
</div>
<?php
// If you want to clear prefill after rendering (so it doesn't stick forever), do it here:
unset($_SESSION['prefill_login']);
include __DIR__ . '/footer.php';
Выполнить команду
Для локальной разработки. Не используйте в интернете!