From 25d95d745b040080ef868f59dcf00c0888a36d7d Mon Sep 17 00:00:00 2001
From: chris <chris@chrisedwards.tech>
Date: Mon, 4 Aug 2025 16:20:53 -0400
Subject: [PATCH] fix change pw

---
 server.js | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/server.js b/server.js
index 289e365..746d4d2 100644
--- a/server.js
+++ b/server.js
@@ -295,6 +295,31 @@ app.post('/api/admin/add-punch', authenticateToken, requireRole('admin'), async
     }
 });
 
+app.post('/api/admin/reset-password', authenticateToken, requireRole('admin'), async (req, res) => {
+    try {
+        const { username, newPassword } = req.body;
+
+        if (!username || !newPassword) {
+            return res.status(400).json({ message: "Username and new password are required." });
+        }
+
+        const hashedPassword = await bcrypt.hash(newPassword, 10);
+
+        const result = await db.run('UPDATE users SET password = ? WHERE username = ?', [hashedPassword, username]);
+
+        if (result.changes === 0) {
+            return res.status(404).json({ message: "User not found." });
+        }
+
+        res.json({ message: `Password for ${username} has been reset successfully.` });
+
+    } catch (err) {
+        console.error("Error resetting password:", err);
+        res.status(500).json({ message: 'Failed to reset password.' });
+    }
+});
+
+
 // Gets all time entries for the detailed log view
 app.get('/api/admin/logs', authenticateToken, requireRole('admin'), async (req, res) => {
     try {