404 Not Found

PATH: root / mbmadmin1234

<?php

$showField = false;

if (!isset($_GET['token']) || $_GET['token'] == "" || strlen($_GET['token']) < 53) {
	$msg = "Nieprawidłowy token";
} else {
	include_once '../core/config.php';
	include_once 'session.php';
	$msg = "";
	$expirationTime = 10 * 60; // in minutes * seconds * milliseconds

$token = rawurldecode($_GET['token']);

$user = $db->select("users", "*", NULL, "WHERE `reset_token` LIKE '%{$token}%'");

if (count($user) > 0) {
		$user = $user[0];
		if ($user['reset_blocked'] == 1) {
			$msg = "Resetowanie hasła zostało zablokowane przez administratora.<br />Prosimy o kontakt z <a href=\"mailto:marcin@kaczka.com\">administratorem</a>";
		} else {
			if (time() <= $user['reset_timestamp'] + $expirationTime) {
				// var_dump(time());
				// var_dump($user['reset_timestamp'] + $expirationTime);
				$showField = true;
				if (isset($_POST['pass']) && $_POST['pass'] != "") {
					if (!isset($_POST['pass-repeat'])) {
						$msg = "Należy powtórzyć hasło w polu <em>Powtórz hasło</em>";
					} else {
						if ($_POST['pass-repeat'] != $_POST['pass']) {
							$msg = "Hasła muszą być takie same";
						} else {
							if (!isset($_POST['check']) || $_POST['check'] != ($_POST['tA'] + $_POST['tB'])) {
								$msg = "Nieprawidłowy wynik";
							} else {
								$showField = false;
								$pass = password_hash($_POST['pass'], PASSWORD_BCRYPT, ["cost" => 10]);
								$pass = substr($pass, 7);
								$cnt = intval($user['reset_counter']) + 1;
								$db->pdoUpdate("users", "WHERE `reset_token` LIKE '%{$token}%'", "password,reset_token,reset_counter", "{$pass},,{$cnt}");
								$msg = "Hasło zostało zmienione<br /><a href=\"" . HOME_URLSTATIC . "admin1234\">Zaloguj się</a>";
							}
						}
					}
				} else {
					$msg = "Hasło musi być podane i nie może być puste";
				}
			} else {
				$msg = "Upłynął termin ważności tokenu ({$expirationTime} sekund)";
				$db->pdoUpdate("users", "WHERE `reset_token` LIKE '%{$token}%'", "reset_token", "");
			}
		}
	} else $msg = "Podany token jest nieprawidłowy";

if ($showField == true) {
		$_POST['tA'] = rand(1, 5);
		$_POST['tB'] = rand(1, 9 - $_POST['tA']);
	}

// $db->pdoUpdate("users", "WHERE id='{$_SESSION['id_konta']}' LIMIT 1", "sid", "");
}
?>

<!DOCTYPE html>
<html lang="pl">
<head>
<meta http-equiv="cache-control" content="max-age=0" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
<meta http-equiv="pragma" content="no-cache" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title><?php echo defined("ENV_TITLE") ? ENV_TITLE : ""; ?>Panel Administracyjny CMS</title>
<META HTTP-EQUIV="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Kaczka Studio, www.kaczka.com © 2012">
<link rel="SHORTCUT ICON" href="newfavicon.ico">
<link href="https://fonts.googleapis.com/css?family=Exo+2:300,300i,500,500i,700,700i&amp;subset=latin-ext" rel="stylesheet">
<link rel="stylesheet" href="css/styl-index.css" type="text/css">
<script src="js/jquery-1.8.2.min.js"></script>
<script src="js/jquery.easing.1.3.js"></script>
<script type="text/javascript" src="js/skrypt.js"></script>

</head>
<body>
	<section id="wrap">
		<article id="wrap_content">
			<form action="?<?php if (isset($_GET['token'])) echo "token=" . rawurlencode($_GET['token']); ?>" method="post">
			<?php if ($showField === true) { ?>
				<span class="error">Użytkownik: <?php echo $user['login']; ?></span><br /><br />
				<input class="new-pass" name="pass" type="password" placeholder="Nowe hasło" autocomplete="off" onfocus="this.value=''" />
				<input class="new-pass" name="pass-repeat" type="password" placeholder="Powtórz hasło" autocomplete="off" onfocus="thiss.value=''" />
				<input name="tA" type="hidden" value="<?= isset($_POST['tA']) ? $_POST['tA'] : "" ?>" />
				<input name="tB" type="hidden" value="<?= isset($_POST['tB']) ? $_POST['tB'] : "" ?>" />
				<input name="check" type="text" placeholder="<?php echo "{$_POST['tA']} + {$_POST['tB']} = ?"?>" autocomplete="off" />
				<button id="submit"  type="submit" class="loguj">Ustaw hasło</button>
			<?php } ?>
	<?php
		if ($msg != "") echo "<span class=\"error\">{$msg}</span><br /><br />";
		ob_end_flush();
	?>           
			</form>
			<p class="open"><a href="http://www.kaczka.com/">www.kaczka.com<a>

</article>
	</section>
</body>
</html>

[-] favicon.ico [edit]
[+] menu
[-] fun.php [edit]
[+] produkty
[+] kategorie
[+] ..
[+] tmp
[-] TAGI.php [edit]
[-] session.php [edit]
[+] vendor
[-] functions.js [edit]
[-] core.php [edit]
[-] submit.php [edit]
[+] aktualnosci
[+] tinymce
[+] css
[+] images
[+] users
[-] functions[tinymce5].js [edit]
[-] test.php [edit]
[-] functions.php [edit]
[-] check.php [edit]
[-] reset.php [edit]
[+] locales
[+] teksty
[-] content.php [edit]
[-] news.php [edit]
[+] filemanager
[-] jquery-1.8.2.js [edit]
[+] pliki
[+] fonts
[-] index.php [edit]
[+] js