> This is for NinjaFirewall v1.0+ << | =====================================================================+ | 1. Rename this file to "pro1-reset.php". | | 2. Upload it into your NinjaFirewall's folder. | | 3. Go to http://YOUR WEBSITE/FOLDER/pro1-reset.php | | 4. Delete it afterwards. | +=====================================================================+ */ if (! file_exists('./config.php')) { die('Error #001 : I cannot find ['.dirname( dirname(__FILE__) ).'/config.php] file.
Installation aborted'); } $msg = ''; $mid = @$_POST['mid']; if ($mid == 1) { $admin = @$_POST['admin']; if (! preg_match('/^[a-z0-9]{6,12}$/D', $admin) ) { summary('Error #002 : ['. htmlspecialchars($admin) .'] is not a correct username.'); exit; } reset_pass($admin); } else { summary($msg); } exit; /*********************************************************************/ function summary($msg) { echo '
NinjaFirewall Password Reset v.'. VERSION .'


'; if ($msg) { echo ''. $msg .'


'; } echo 'This script allows you to reset your NinjaFirewall admin password.

The new password will be sent to the admin address email you gave during the install process.

Please enter your admin log-in name :



'; } /*********************************************************************/ function reset_pass($admin) { require('config.php'); if ( (! $db_name) || (!$db_ip) || (!$db_port) || (!$db_user) || (!$db_pass) ) { echo 'Error : please edit the "config.php" file with your database credentials'; exit; } if (! $dbh = mysql_connect($db_ip.':'.$db_port, $db_user, $db_pass) ) { die('error (line ' . __LINE__ . ') : mysql_connect'); } $db_port = $db_user = $db_pass = ''; mysql_select_db($db_name, $dbh); $dbqh = mysql_query('SELECT * FROM `'. $db_prefix .'nf_admin`', $dbh); if (! $dbadmin = mysql_fetch_object($dbqh) ) { die('error (line ' . __LINE__ . ') : mysql_fetch_object error'); } if ($admin !== $dbadmin->name){ summary('Error #003 : cannot find user ['. htmlspecialchars($admin) .'].'); exit; } if (! $dbadmin->email) { summary('Error #004 : cannot find the admin email address!'); exit; } $alphachars = "abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $charlength = strlen($alphachars); $password = ''; for ($i = 1; $i <= 10; $i++) { $char = mt_rand(1, $charlength); $char = substr($alphachars, $char, 1); $password .= $char; } $encoded_password = sha1($password); if ( strlen($encoded_password) != 40) { summary('Error #005 : error while generating the password SHA1 hash!'); exit; } $query = "UPDATE `$db_name`.`". $db_prefix ."nf_admin` SET `password` = '$encoded_password' WHERE `". $db_prefix ."nf_admin`.`t_id` = 'admin'"; $res = mysql_query($query, $dbh); if (! $res) { summary('Error #006 : error while updating the database!'); exit; } $message = 'Hi, You have requested to reset your NinjaFirewall admin password. The request came from IP '. $_SERVER['REMOTE_ADDR'] .' on '. date('Y-m-d'). ' at ' .date('H:i:s O'). '. You new password : ' . $password . ' Best Regards, NinjaFirewall Team - http://ninjafirewall.com/ '; $subject = '[NinjaFirewall] Password reset'; mail($dbadmin->email, $subject, $message, null, '-f'. $dbadmin->email); summary(' your new password has been sent to you'); exit; } /*********************************************************************/ ?>