PHP WebShell

• .. (вверх)
• [DIR] ..
• [FILE] analytics_preferences.php
• [FILE] change_password.php
• [FILE] dismiss_trust_banner.php
• [FILE] limits.php
• [FILE] notifications.php
• [FILE] revoke_device.php
• [FILE] revoke_session.php
• [FILE] security_privacy.php
• [FILE] sessions.php
• [FILE] trust_device.php

Просмотр файла: change_password.php

<?php
// user/security/change_password.php
require_once __DIR__ . '/../../config/bootstrap.php';

if (empty($_SESSION['user_id'])) {
  header("Location: /login.php");
  exit();
}

$userId = (int)$_SESSION['user_id'];
$errors = [];
$success = '';

function str_len(string $s): int {
  return function_exists('mb_strlen') ? (int)mb_strlen($s) : (int)strlen($s);
}

// Load current hash
$currentHash = '';
if ($st = $conn->prepare("SELECT password_hash FROM users WHERE user_id=? LIMIT 1")) {
  $st->bind_param('i', $userId);
  $st->execute();
  $st->bind_result($currentHash);
  $st->fetch();
  $st->close();
} else {
  $errors[] = "Unable to load account data.";
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  $current = (string)($_POST['current_password'] ?? '');
  $new     = (string)($_POST['new_password'] ?? '');
  $confirm = (string)($_POST['confirm_password'] ?? '');

  if ($currentHash === '') $errors[] = "Password is not set on this account.";
  if ($current === '') $errors[] = "Current password is required.";
  if ($new === '') $errors[] = "New password is required.";
  if ($confirm === '') $errors[] = "Confirm password is required.";

  if (empty($errors) && !password_verify($current, $currentHash)) {
    $errors[] = "Current password is incorrect.";
  }

  if (empty($errors)) {
    if (str_len($new) < 8) $errors[] = "New password must be at least 8 characters.";
    if ($new !== $confirm) $errors[] = "New password and confirm password do not match.";
    if ($current !== '' && $new === $current) $errors[] = "New password must be different from current password.";
  }

  if (empty($errors)) {
    $newHash = password_hash($new, PASSWORD_DEFAULT);

    if ($up = $conn->prepare("UPDATE users SET password_hash=? WHERE user_id=? LIMIT 1")) {
      $up->bind_param('si', $newHash, $userId);
      if ($up->execute()) {
        $success = "Password updated successfully.";
      } else {
        $errors[] = "Unable to update password. Please try again.";
      }
      $up->close();
    } else {
      $errors[] = "Unable to update password right now.";
    }
  }
}
?>

<? include '../common/header.php'; ?>

<div class="container mt-3">
  <div class="row">

    <? include '../common/nav.php'; ?>

    <main class="col-md-9 col-lg-10 px-md-5 mb-5">
      <? include '../common/page-header.php'; ?>

      <div class="container my-5">
        <div class="d-flex align-items-center justify-content-between mb-3">
          <div>
            <h5 class="mb-0">Password</h5>
            <div class="text-muted small">Update your password to protect your account.</div>
          </div>
          <a href="/user/security/security_privacy.php" class="btn btn-sm btn-outline-secondary">
            <i class="bi bi-arrow-left"></i> Back
          </a>
        </div>

        <?php if ($success): ?>
          <div class="alert alert-success"><?= htmlspecialchars($success) ?></div>
        <?php endif; ?>

        <?php if (!empty($errors)): ?>
          <div class="alert alert-danger">
            <strong>Please fix the following:</strong>
            <ul class="mb-0">
              <?php foreach ($errors as $e): ?><li><?= htmlspecialchars($e) ?></li><?php endforeach; ?>
            </ul>
          </div>
        <?php endif; ?>

        <div class="card-soft">
          <form method="post" action="">
            <div class="row g-3">

              <div class="col-12">
                <label class="form-label">Current password</label>
                <input type="password" name="current_password" class="form-control" placeholder="Enter current password" required>
              </div>

              <div class="col-md-6">
                <label class="form-label">New password</label>
                <input type="password" name="new_password" class="form-control" placeholder="Minimum 8 characters" required>
              </div>

              <div class="col-md-6">
                <label class="form-label">Confirm new password</label>
                <input type="password" name="confirm_password" class="form-control" placeholder="Re-enter new password" required>
              </div>

              <div class="col-12 mt-2">
                <button type="submit" class="btn btn-dark">
                  <i class="bi bi-save2"></i> Save changes
                </button>
              </div>

            </div>
          </form>
        </div>

      </div>
    </main>
  </div>
</div>

<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js"></script>

<? include '../common/footer.php'; ?>

Выполнить команду