File: /srv/www/rectt-csmcri.res.in/admin_html/reset_user_password.php
<?php
session_start();
require_once dirname(__DIR__) . '/public_html/sites/config/config.php';
if (!isset($_SESSION['admin_logged_in']) || $_SESSION['admin_logged_in'] !== true || $_SESSION['admin_role'] !== 'superadmin') {
header("Location: admin_dashboard.php");
exit;
}
// 1) basic session checks
if (
empty($_SESSION['admin_id']) || empty($_SESSION['session_token'])
) {
header("Location: admin_login.php");
exit;
}
// 2) pull the token (and role) from the database
$stmt = $conn->prepare("SELECT session_token FROM admin_users WHERE id = ?");
$stmt->bind_param("i", $_SESSION['admin_id']);
$stmt->execute();
$result = $stmt->get_result()->fetch_assoc();
$stmt->close();
// 3) if the DB token is gone or doesn’t match the session’s, force logout
if (
! $result || $result['session_token'] !== $_SESSION['session_token']
) {
session_unset();
session_destroy();
header("Location: admin_login.php?error=" . urlencode("Your session has expired."));
exit;
}
$user_id = intval($_GET['id'] ?? 0);
if ($user_id <= 0) die("Invalid user.");
$stmt = $conn->prepare("SELECT username FROM admin_users WHERE id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$res = $stmt->get_result();
$user = $res->fetch_assoc();
$stmt->close();
if (!$user) die("User not found.");
// CSRF setup
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
$errors = [];
$success = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
$errors[] = "Invalid CSRF token.";
}
$new_password = $_POST['new_password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
if (strlen($new_password) < 6) $errors[] = "Password must be at least 6 characters.";
if ($new_password !== $confirm_password) $errors[] = "Passwords do not match.";
if (empty($errors)) {
$hash = sha1($new_password . $salt);
$stmt = $conn->prepare("UPDATE admin_users SET password_hash = ? WHERE id = ?");
$stmt->bind_param("si", $hash, $user_id);
if ($stmt->execute()) {
$success = "Password updated for user: " . htmlspecialchars($user['username']);
} else {
$errors[] = "Failed to update password.";
}
$stmt->close();
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Reset Admin Password</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body class="bg-light">
<div class="container py-5">
<div class="card mx-auto shadow-sm" style="max-width: 500px;">
<div class="card-body">
<h4 class="text-center mb-3">🔐 Reset Password for <b><?= htmlspecialchars($user['username']) ?></b></h4>
<?php if ($errors): ?>
<div class="alert alert-danger">
<ul class="mb-0">
<?php foreach ($errors as $e): ?>
<li><?= htmlspecialchars($e) ?></li>
<?php endforeach; ?>
</ul>
</div>
<?php elseif ($success): ?>
<div class="alert alert-success"><?= $success ?></div>
<?php endif; ?>
<form method="post">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<div class="mb-3">
<label>New Password</label>
<input type="password" name="new_password" class="form-control" required>
</div>
<div class="mb-3">
<label>Confirm Password</label>
<input type="password" name="confirm_password" class="form-control" required>
</div>
<button class="btn btn-primary w-100">Update Password</button>
</form>
<a href="manage_admin_users.php" class="btn btn-link mt-3 w-100">← Back to User List</a>
</div>
</div>
</div>
</body>
</html>