created create_user

2024-01-20 09:41:14 +01:00
parent df9ed5e17c
commit 7f4b922d20
2 changed files with 144 additions and 0 deletions
--- a/src/server/cyberhex-code/system/index.php
+++ b/src/server/cyberhex-code/system/index.php
@@ -0,0 +1,4 @@
+<?php
+	header("LOCATION:/login.php");
+
+?>
--- a/src/server/cyberhex-code/system/secure_zone/php/add_user.php
+++ b/src/server/cyberhex-code/system/secure_zone/php/add_user.php
@@ -0,0 +1,140 @@
+<?php
+session_start();
+
+// Check if the user is logged in
+if (!isset($_SESSION['username']) or !isset($_SESSION["login"])) {
+    // Redirect to the login page or handle unauthorized access
+    header("Location: /login.php");
+    exit();
+}
+
+$username = $_SESSION['username'];
+$perms = $_SESSION["perms"];
+$email = $_SESSION["email"];
+if($perms[0]!=="1"){
+	$block=1;
+}else{
+	$block=0;
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
+	 <title>Change Password</title>
+</head>
+<body>
+
+<div class="container mt-5">
+    <div class="row justify-content-center">
+        <div class="col-md-6">
+            <div class="card">
+                <div class="card-header">
+                    <h4>Change Password (<?php echo($username); ?>)</h4>
+                </div>
+                <div class="card-body">
+					<form action="passwd.php?update=true" method="post">
+                        <div class="form-group">
+                            <label for="password">Password:</label>
+                            <input type="password" class="form-control" id="password" name="password" required>
+                        </div>
+						<div class="form-group">
+                            <label for="password">New Password:</label>
+                            <input type="password" class="form-control" id="new_password1" name="new_password1" required>
+                        </div>
+						<div class="form-group">
+                            <label for="password">Repeat New Password:</label>
+                            <input type="password" class="form-control" id="new_password2" name="new_password2" required>
+                        </div>
+						<br>
+                        <button type="submit" class="btn btn-primary btn-block">Update</button>
+                    </form>
+					<br>
+					<!-- php code to verify password-->
+					<?php
+						// Check if the form is submitted
+						if ($_SERVER["REQUEST_METHOD"] == "POST" and $block=0) {
+							//include db pw
+							include "../../../config.php";
+							
+							// Retrieve user input
+							$password = $_POST["password"];
+							$new_password1=$_POST["new_password1"];
+							$new_password2=$_POST["new_password2"];
+							$hash=password_hash($new_password1, PASSWORD_BCRYPT);
+							// Create a connection
+							$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
+
+							// Check the connection
+							if ($conn->connect_error) {
+								die("Connection failed: " . $conn->connect_error);
+							}
+							$sql = "SELECT * FROM users WHERE username = ?";
+							$stmt = $conn->prepare($sql);
+							$stmt->bind_param("s", $username);
+							
+							// Execute the statement
+							$stmt->execute();
+
+							// Get the result
+							$result = $stmt->get_result();
+							$stmt->close();
+							$conn->close();
+							
+							
+							// Check if the user exists and verify the password
+							if($new_password1===$new_password2){
+								if ($result->num_rows > 0) {
+									$row = $result->fetch_assoc();
+									if (password_verify($password, $row['password'])) {
+										//password correct update
+										// Create connection
+										$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD,$DB_DATABASE);
+
+										// Check connection
+										if ($conn->connect_error) {
+											$success=0;
+											die("Connection failed: " . $conn->connect_error);
+										}
+										$stmt = $conn->prepare("UPDATE users set password = ? where username = ?");
+										$stmt->bind_param("ss", $hash, $username);
+										$stmt->execute();
+										$stmt->close();
+										$conn->close();
+										echo '<br><div class="alert alert-success" role="alert">
+											Information updated successfully!
+										  </div>';
+										
+									} else {
+										echo '<div class="alert alert-danger" role="alert">
+												Incorrect password.
+											  </div>';
+									}
+								} else {
+									echo '<div class="alert alert-danger" role="alert">
+											Incorrect password.
+										  </div>';
+								}
+							}else{
+								echo '<div class="alert alert-danger" role="alert">
+											New password does not match.
+										  </div>';
+							}
+
+							// Close the connection
+						}elseif($block=0){
+							echo '<div class="alert alert-danger" role="alert">
+												You do not have permission to add a user!
+											  </div>';
+						}
+					?>
+					
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+</body>
+</html>