initial upload

This commit is contained in:
root
2026-03-24 10:22:01 +00:00
commit e805f225bc
19 changed files with 2160 additions and 0 deletions

97
change_password.php Normal file
View File

@ -0,0 +1,97 @@
<?php
// /var/www/html/qdb/change_password.php
require_once __DIR__ . '/common.php';
header('Content-Type: application/json; charset=UTF-8');
// dieselben Defaults wie in login.php
$USERS_DEFAULT = [
'user01' => 'pw1',
'user02' => 'pw2',
'Tmp_Daniel' => 'dummy4',
'Tmp_Johanna' => 'dummy1',
'Tmp_Anke' => 'dummy2',
'Tmp_Liliana' => 'dummy3',
'Amy_tmp' => 'dummy4',
'Brigitte_tmp' => 'dummy5',
'Extra1_tmp' => 'dummy6',
'Extra2_tmp' => 'dummy7',
'Danny' => 'pw1',
'User1' => 'pw1',
'User2' => 'pw2',
'User3' => 'pw3',
'User4' => 'pw4',
'User5' => 'pw5',
'User6' => 'pw6',
'User7' => 'pw7',
'User8' => 'pw8',
'User9' => 'pw9',
'User10' => 'pw10',
'User11' => 'pw11'
];
$STORE_FILE = __DIR__ . '/users.json';
function load_store($path) {
if (!file_exists($path)) return [];
$txt = file_get_contents($path);
$arr = json_decode($txt, true);
return is_array($arr) ? $arr : [];
}
function save_store($path, $data) {
file_put_contents($path, json_encode($data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
}
$raw = file_get_contents("php://input");
$in = json_decode($raw, true) ?: [];
$username = trim($in['username'] ?? '');
$oldPassword = (string)($in['old_password'] ?? '');
$newPassword = (string)($in['new_password'] ?? '');
if ($username === '' || $oldPassword === '' || $newPassword === '') {
http_response_code(400);
echo json_encode(["success" => false, "message" => "Felder fehlen"]);
exit;
}
if (strlen($newPassword) < 6) {
http_response_code(400);
echo json_encode(["success" => false, "message" => "Neues Passwort zu kurz (min. 6 Zeichen)."]);
exit;
}
$store = load_store($STORE_FILE);
// Fall A: User hat schon Hash -> altes Passwort gegen Hash prüfen
if (array_key_exists($username, $store) && isset($store[$username]['hash'])) {
$hash = (string)$store[$username]['hash'];
if (!password_verify($oldPassword, $hash)) {
http_response_code(401);
echo json_encode(["success" => false, "message" => "Altes Passwort falsch."]);
exit;
}
} else {
// Fall B: User hat noch keinen Hash -> gegen Default prüfen
if (!array_key_exists($username, $USERS_DEFAULT) || $USERS_DEFAULT[$username] !== $oldPassword) {
http_response_code(401);
echo json_encode(["success" => false, "message" => "Altes Passwort falsch."]);
exit;
}
}
// neuen Hash setzen (bcrypt)
$store[$username] = [
"hash" => password_hash($newPassword, PASSWORD_DEFAULT),
"changedAt" => time()
];
save_store($STORE_FILE, $store);
// Nach erfolgreichem Wechsel direkt einloggen (Token erstellen)
$token = bin2hex(random_bytes(32));
token_add($token, 30 * 24 * 60 * 60);
echo json_encode([
"success" => true,
"message" => "Passwort geändert.",
"token" => $token,
"user" => $username
]);