Fixed password reset bug

Added logs for password resets Added checks to sanity
2025-06-13 05:33:13 +00:00 · 2022-11-09 12:13:38 +00:00 · 2022-11-09 12:13:38 +00:00 · 60f0877a5c
commit 60f0877a5c
parent 2d7d359cde
10 changed files with 153 additions and 117 deletions
--- a/app/account/account.php
+++ b/app/account/account.php
@ -499,16 +499,21 @@ if (isset($_POST['password_reset_submit'])) {
            if (mysqli_stmt_execute($stmt)) {
                // Password updated!!!! Now goodbye
                if ($user_id == $_SESSION["id"]) {
+                    mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','".$_SESSION['username']." has reset their password')");
+
                    // Check if password reset was done by user
                    session_destroy();
                    ?>
                        <script>
                            sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--success)', 'assets/icons/check.svg');
-                            setTimeout(function(){window.location.href = "account/login.php";}, 2000);
+                            setTimeout(function(){window.location.href = "account.php";}, 2000);
                        </script>
                    <?php
                } else {
                    // An admin has changed the password
+                    $user_reset_info = $user_info->get_user_info($conn, $user_id);
+
+                    mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','".$_SESSION['username']." has reset ".$user_reset_info['username']." password')");
                    ?>
                        <script>
                            sniffleAdd('Password updated', 'Password has been reset for user! But their session may still be active', 'var(--success)', 'assets/icons/check.svg');
--- a/app/gallery.json
+++ b/app/gallery.json
@ -1,5 +1,5 @@
 {
    "license": "MIT",
-    "version": "22.11.08",
+    "version": "22.11.09",
    "branch": "main"
 }
--- a/app/sanity/check/_json.php
+++ b/app/sanity/check/_json.php
@ -1,11 +1,21 @@
 <?php
 if (defined('ROOT') && $_SESSION['id'] == 1) {
    if (!is_file(__DIR__."/../../../usr/conf/msg.json")) {
-        $results[] = array(
-            'type'=>'warning', 
-            'message'=>'msg.json is missing', 
-            'fix'=>'auto'
-        );
+        $manifest = json_decode(file_get_contents(__DIR__."/../../../usr/conf/conf.json"), true);
+        
+        if (isset($manifest['welcome_msg'])) {
+            $results[] = array(
+                'type'=>'warning', 
+                'message'=>'Welcome message is currently stored in conf.json. Please move it to msg.json', 
+                'fix'=>'auto'
+            );
+        } else {
+            $results[] = array(
+                'type'=>'warning', 
+                'message'=>'msg.json is missing', 
+                'fix'=>'auto'
+            );
+        }
    }
    
    if (!is_file(__DIR__."/../../../usr/conf/conf.json")) {
--- a/app/sanity/sanity.php
+++ b/app/sanity/sanity.php
@ -31,7 +31,7 @@ if (isset($_POST['fix'])) {
    echo "<p><span style='color: var(--accent);'>[INFO]</span> Autofix complete in $autofix_time ms</p>";
 }

-if (isset($_POST['check'])) {
+elseif (isset($_POST['check'])) {
    if (empty($_SESSION['id'])) {
        echo "<p><span style='color: var(--warning);'>[ERROR]</span> You are not logged in</p>";
        exit();
@ -80,4 +80,8 @@ if (isset($_POST['check'])) {
                </button>";
        }
    }
+}
+
+else {
+    echo "<p class='alert alert-warning'><span class='badge badge-warning'>Warning</span> Bruh, what do you want?</p>";
 }