Commit Graph

5 Commits

Author SHA1 Message Date
myron 9815db29d0 Add reset_password.php — password reset redemption page
Handles the /reset_password.php?token=... URL generated by the
admin send_password_reset action. Flow:
- GET: validates token against pending_registrations (username=__reset__,
  not expired), shows set-new-password form
- POST: re-validates token, enforces 6-char min + confirm match,
  bcrypt-hashes the new password, updates users.password by email,
  deletes the pending row to prevent reuse
- Invalid/expired token shows a clear error with link back to home

Matches the dark gaming aesthetic of verify.php.
2026-06-03 03:56:17 +00:00
myron 18ec3a7143 Fix broken password reset INSERT — SQL syntax error and wrong token value
The INSERT had two compounding bugs:
1. ".?" in the VALUES clause — a PHP dot inside a double-quoted string
   is a literal character, not concatenation. MySQL saw it as a syntax
   error and the INSERT always failed silently (no try/catch).
2. The token column had the literal string __reset__ hardcoded instead
   of a ? placeholder, so even if the INSERT had run, the real random
   token would never have been stored — the reset link always invalid.

Fix: VALUES ("__reset__","",?,?,?,?) with execute(alias,email,token,exp)
giving 4 placeholders for 4 params, all columns correctly bound.
2026-06-03 03:54:16 +00:00
myron ad57071f97 Add DB schema (22 tables) and vhost config 2026-05-25 13:52:18 +00:00
myron 894392065c Security: remove test/debug/install files from production 2026-05-22 13:05:18 +00:00
myron 2e587941c2 Initial commit 2026-05-22 12:52:50 +00:00