From c76e8fe9d39cb15be2ce22ac057ab67b636ff872 Mon Sep 17 00:00:00 2001
From: Thomas Hooge <thomas@hoogi.de>
Date: Sun, 12 Mar 2023 17:05:34 +0100
Subject: [PATCH] Added administrative password change feature

---
 images/key_add.png | Bin 0 -> 703 bytes
 lang/de.php        |   1 +
 lang/en.php        |   1 +
 tpl/useredit.tpl   |   6 +++---
 tpl/userview.tpl   |  24 +++++++++++++++++++++---
 user.php           |  33 +++++++++++++++++++++++++++++++++
 6 files changed, 59 insertions(+), 6 deletions(-)
 create mode 100644 images/key_add.png

diff --git a/images/key_add.png b/images/key_add.png
new file mode 100644
index 0000000000000000000000000000000000000000..d40740396cbefe1b8204f4f91a696f6d04eec2e0
GIT binary patch
literal 703
zcmV;w0zmzVP)<h;3K|Lk000e1NJLTq000mG000mO1^@s6AM^iV00004XF*Lt006JZ
zHwB960000PbVXQnQ*UN;cVTj606}DLVr3vnZDD6+Qe|Oed2z{QJOBU!QAtEWR5;6x
zlI?4fQ5eQY|3&l<I7ZQIwLR5F>7oX;f<E*mVMQx?fj$+1tL57AJuOletzz^kl-Q&i
zsT9QwXHD8NmDMuaOQiMq?xWM~>YS5fR?a$bad^&iuHSu~`<xm8HPtjT)M_R|N#;NQ
z|ChO#`@~cU@^5p-i+uDh3dv_=d5J+n7Rf+WK)E^hRge7l!R6|pBQ(gtZQ`C+1F*={
zEX-a)?%Pcw=P!s=f~6vl>3%VTtO}r!shMd`!61c%6R9aJGSh8X%)P*raU)hwAiO6D
z)GH7M>Os=K8*y(FIo?C~yJ{<%*U%nBM$Zz%Wh5q=k@+A)HgpoHzyZX@8&HV#!QWjA
z`_+cv-}i0Xg^24s7I-VE#u4*AQoR#N?{>t-#LOH})WM<J?E9^W)Vx$okaIeaos}a#
zDMH5Ai0tPpn0e5G5!XeWyLA}HukDAdcgJGeg$-Q{Q2x^L5erhmc2cPhDStDBum&ED
znAfYNyuxw>k9;P)owvi_IE6!o^=Lf3R#&PVCy|Gc4obnhMMwvBLinP_YpwW)P1ST?
zrfe04-x)FNzro&t&e;ir^8^J56p&nqIY_fO@GcRuAKQt!4<4<Uf2`$h)0lhZ^?2eN
zK>4sunkb-j=jm5S_@$&_dyonDz^$r}kLbDn<^FJI)(KksQ7G*l%&dIcv63Kcm5d9~
zQDnp25a#b;Oe2ojja#pmUoF|#dr&8W-hPZ#rZfF!J@DLVkx!Vn%)K#giqbQ`G;LE>
ldR%0)iYQ5Amu3}R{|RMS>3;1N)RF)I002ovPDHLkV1l&ZPDKC!

literal 0
HcmV?d00001

diff --git a/lang/de.php b/lang/de.php
index 137a73b..dfe317d 100644
--- a/lang/de.php
+++ b/lang/de.php
@@ -42,6 +42,7 @@ $lang = array(
     'lang_logout' => 'Abmelden',
     'lang_options' => 'Optionen',
     'lang_option_none' => '(kein)',
+    'lang_pass_set' => 'Neues Kennwort einstellen',
     'lang_reset' => 'Zur&uuml;cksetzen',
     'lang_search' => 'Suche',
     'lang_statistics' => 'Statistik',
diff --git a/lang/en.php b/lang/en.php
index ccd242f..e654402 100644
--- a/lang/en.php
+++ b/lang/en.php
@@ -42,6 +42,7 @@ $lang = array(
     'lang_logout' => 'Logout',
     'lang_options' => 'Options',
     'lang_option_none' => '(none)',
+    'lang_pass_set' => 'Set new password',
     'lang_reset' => 'Reset',
     'lang_search' => 'Search',
     'lang_statistics' => 'Statistics',
diff --git a/tpl/useredit.tpl b/tpl/useredit.tpl
index 9c3f2b1..7703237 100644
--- a/tpl/useredit.tpl
+++ b/tpl/useredit.tpl
@@ -60,7 +60,7 @@
         {$lang_user_role_add}
     </td>
     <td class="value">
-        <img src="images/page_add.png" alt="[Add]">
+        <img src="images/add.png" alt="[Add]">
         <input type="checkbox" name="role_add" {if in_array('add', $user->role)} checked="checked"{/if}
     </td>
 </tr>
@@ -69,7 +69,7 @@
         {$lang_user_role_edit}
     </td>
     <td class="value">
-        <img src="images/page_edit.png" alt="[Edit]">
+        <img src="images/edit.png" alt="[Edit]">
         <input type="checkbox" name="role_edit" {if in_array('edit', $user->role)} checked="checked"{/if}
     </td>
 </tr>
@@ -79,7 +79,7 @@
         {$lang_user_role_delete}
     </td>
     <td class="value">
-        <img src="images/page_delete.png" alt="[Delete]">
+        <img src="images/delete.png" alt="[Delete]">
         <input type="checkbox" name="role_delete" {if in_array('delete', $user->role)} checked="checked"{/if}
     </td>
 </tr>
diff --git a/tpl/userview.tpl b/tpl/userview.tpl
index f233a54..cf34eb8 100644
--- a/tpl/userview.tpl
+++ b/tpl/userview.tpl
@@ -50,13 +50,13 @@
     </td>
     <td class="value">
 {if in_array('add', $user->role)}
-        <img src="images/page_add.png" alt="{$lang_user_role_add}"{if $suser_tooltips} title="{$lang_user_role_add}"{/if} />
+        <img src="images/add.png" alt="{$lang_user_role_add}"{if $suser_tooltips} title="{$lang_user_role_add}"{/if} />
 {/if}
 {if in_array('edit', $user->role)}
-        <img src="images/page_edit.png" alt="{$lang_user_role_edit}"{if $suser_tooltips} title="{$lang_user_role_edit}"{/if} />
+        <img src="images/edit.png" alt="{$lang_user_role_edit}"{if $suser_tooltips} title="{$lang_user_role_edit}"{/if} />
 {/if}
 {if in_array('delete', $user->role)}
-        <img src="images/page_delete.png" alt="{$lang_user_role_delete}"{if $suser_tooltips} title="{$lang_user_role_delete}"{/if} />
+        <img src="images/delete.png" alt="{$lang_user_role_delete}"{if $suser_tooltips} title="{$lang_user_role_delete}"{/if} />
 {/if}
 {if in_array('manage', $user->role)}
         <img src="images/manage.png" alt="{$lang_user_role_manage}"{if $suser_tooltips} title="{$lang_user_role_manage}"{/if} />
@@ -66,4 +66,22 @@
 {/if}
     </td>
 </tr>
+{if $suser_manage}
+<tr>
+    <td class="label">
+{if $newpass}
+        {$lang_options_newpassword1}
+{else}
+        {$lang_pass_set}
+{/if}
+    </td>
+    <td class="value">
+{if $newpass}
+    {$newpass}
+{else}
+        <a href="{$g_scriptname}?f=pass&amp;id={$user->id}"><img src="images/key_add.png" alt="{$lang_reset}"{if $suser_tooltips} title="{$lang_pass_set}"{/if} /></a>
+{/if}
+    </td>
+</tr>
+{/if}
 </table>
diff --git a/user.php b/user.php
index c3920b6..5655046 100644
--- a/user.php
+++ b/user.php
@@ -18,6 +18,23 @@ if (isset($_REQUEST['id'])) {
     $id = (int) $_REQUEST['id'] or $id = 0;
 }
 
+function makepwd($length) {
+    mt_srand((double) microtime() * 1000000);
+    $digits = "0123456789";
+    $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    $umlauts = "ÄÖÜäöüß";
+    $specials = "!§$%&/()=?[]{}+~*#.,;:<>|";
+    $vocals = "AEIOUaeiou";
+    $consonants = "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz";
+    $passwd = '';
+    $possible = $chars . $digits;
+    $l = strlen($possible)-1;
+    for ($k = 0; $k < $length; $k += 1) {
+        $passwd .= $possible[mt_rand(0, $l)];
+    }
+    return $passwd;
+}
+
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
 
@@ -28,6 +45,22 @@ switch ($submit = form_get_action()) {
     case 'edit':  $action = ACT_EDIT; break;
     case 'del':   $action = ACT_DELETE; break;
 
+    case 'pass':
+        // Create new random password to display once
+        $newpass = makepwd(8);
+        $sql = "UPDATE user SET user_pass=:pass WHERE user_id=:id";
+        $sth = $dbh->prepare($sql);
+        $sth->bindValue(':id', $id, PDO::PARAM_INT);
+        $sth->bindValue(':pass', password_hash($newpass, PASSWORD_BCRYPT), PDO::PARAM_STR);
+        try {
+            $sth->execute();
+        } catch (PDOException $e) {
+            $g_warning->Add($e->getMessage());
+        }
+        $smarty->assign('newpass', $newpass);
+        $action = ACT_VIEW;
+        break;
+
     case 'insert':
         $user_name = strtolower(sanitize($_POST['user_name']));
         $user_displayname = sanitize($_POST['user_displayname']);