Sindbad~EG File Manager

Current Path : /home/copmadinaarea/thecopmadinaarea.org/attendance/
Upload File :
Current File : /home/copmadinaarea/thecopmadinaarea.org/attendance/reset_password.php

<?php
// Emergency password reset script
// Remove this file after use for security

require_once 'config/config.php';

$db = new Database();
$conn = $db->getConnection();

echo "<!DOCTYPE html>
<html>
<head>
    <title>Emergency Password Reset</title>
    <style>
        body { font-family: Arial, sans-serif; max-width: 600px; margin: 50px auto; padding: 20px; }
        .success { color: green; background: #f0f8f0; padding: 10px; border: 1px solid green; }
        .error { color: red; background: #f8f0f0; padding: 10px; border: 1px solid red; }
        .info { color: blue; background: #f0f0f8; padding: 10px; border: 1px solid blue; }
        input, button { padding: 8px; margin: 5px 0; }
        button { background: #007cba; color: white; border: none; cursor: pointer; }
    </style>
</head>
<body>";

echo "<h2>🔐 Emergency Password Reset</h2>";

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = $_POST['username'] ?? '';
    $new_password = $_POST['new_password'] ?? '';
    
    if (empty($username) || empty($new_password)) {
        echo "<div class='error'>Username and new password are required.</div>";
    } else {
        try {
            // Hash the new password
            $password_hash = password_hash($new_password, PASSWORD_DEFAULT);
            
            // Update the user's password
            $query = "UPDATE users SET password = ? WHERE username = ? OR email = ?";
            $stmt = $conn->prepare($query);
            $stmt->execute([$password_hash, $username, $username]);
            
            if ($stmt->rowCount() > 0) {
                echo "<div class='success'>
                        <h3>✅ Password Reset Successful!</h3>
                        <p><strong>Username/Email:</strong> " . htmlspecialchars($username) . "</p>
                        <p><strong>New Password:</strong> " . htmlspecialchars($new_password) . "</p>
                        <p><a href='admin/login.php'>→ Login Now</a></p>
                      </div>";
                
                // Log the activity if possible
                try {
                    $user_query = "SELECT id FROM users WHERE username = ? OR email = ?";
                    $user_stmt = $conn->prepare($user_query);
                    $user_stmt->execute([$username, $username]);
                    $user = $user_stmt->fetch();
                    
                    if ($user) {
                        logActivity($user['id'], 'password_reset', 'Password reset via emergency script');
                    }
                } catch (Exception $e) {
                    // Ignore logging errors
                }
                
            } else {
                echo "<div class='error'>User not found: " . htmlspecialchars($username) . "</div>";
            }
            
        } catch (Exception $e) {
            echo "<div class='error'>Error: " . $e->getMessage() . "</div>";
        }
    }
}

// Show current users
try {
    $users_query = "SELECT username, email, full_name, role, is_active FROM users ORDER BY role DESC, username";
    $stmt = $conn->prepare($users_query);
    $stmt->execute();
    $users = $stmt->fetchAll();
    
    echo "<div class='info'>
            <h3>📋 Current Users</h3>
            <table border='1' cellpadding='5' style='width: 100%; border-collapse: collapse;'>
                <tr style='background: #f0f0f0;'>
                    <th>Username</th>
                    <th>Email</th>
                    <th>Full Name</th>
                    <th>Role</th>
                    <th>Active</th>
                </tr>";
    
    foreach ($users as $user) {
        $active = $user['is_active'] ? '✅' : '❌';
        $role_color = $user['role'] === 'superuser' ? 'color: red; font-weight: bold;' : '';
        echo "<tr>
                <td>{$user['username']}</td>
                <td>{$user['email']}</td>
                <td>{$user['full_name']}</td>
                <td style='$role_color'>{$user['role']}</td>
                <td>$active</td>
              </tr>";
    }
    
    echo "</table></div>";
    
} catch (Exception $e) {
    echo "<div class='error'>Could not load users: " . $e->getMessage() . "</div>";
}

echo "<form method='POST'>
        <h3>🔄 Reset Password</h3>
        <p>
            <label>Username or Email:</label><br>
            <input type='text' name='username' required placeholder='nabibo or nabibo2@yahoo.co.uk' style='width: 300px;'>
        </p>
        <p>
            <label>New Password:</label><br>
            <input type='password' name='new_password' required placeholder='Enter new password' style='width: 300px;'>
        </p>
        <p>
            <button type='submit'>Reset Password</button>
        </p>
      </form>";

echo "<div class='info'>
        <h3>🛡️ Default Superuser Credentials</h3>
        <p><strong>Username:</strong> nabibo</p>
        <p><strong>Email:</strong> nabibo2@yahoo.co.uk</p>
        <p><strong>Default Password:</strong> password123</p>
        <p><em>Use the form above to reset if these don't work.</em></p>
      </div>";

echo "<div style='margin-top: 30px; padding: 15px; background: #fff3cd; border: 1px solid #ffeaa7;'>
        <h3>⚠️ Security Notice</h3>
        <p><strong>Important:</strong> Delete this file (reset_password.php) after use for security reasons!</p>
        <p>This script allows password reset without authentication.</p>
      </div>";

echo "</body></html>";
?>

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists