diff --git a/reset_password.php b/reset_password.php
new file mode 100644
index 0000000..852749f
--- /dev/null
+++ b/reset_password.php
@@ -0,0 +1,127 @@
+ PDO::ERRMODE_EXCEPTION]
+ );
+} catch (PDOException $e) {
+ die("Koneksi DB gagal: " . $e->getMessage() .
+ "
Edit variabel \$host, \$dbname, \$dbuser, \$dbpass di baris 15-18 file ini.");
+}
+
+// ── Proses form ───────────────────────────────────────────────
+$message = '';
+$newPassword = 'Admin123'; // password default
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ $username = trim($_POST['username'] ?? '');
+ $newPassword = trim($_POST['new_password'] ?? '');
+
+ if ($username && $newPassword) {
+ // Cek user ada
+ $stmt = $pdo->prepare("SELECT id, username, password FROM users WHERE username = ?");
+ $stmt->execute([$username]);
+ $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+ if ($user) {
+ // Verifikasi apakah password lama cocok (info saja)
+ $testPasswords = ['password', 'admin', 'superadmin', '123456', 'Admin123', 'Password123', $newPassword];
+ $found = null;
+ foreach ($testPasswords as $p) {
+ if (password_verify($p, $user['password'])) {
+ $found = $p;
+ break;
+ }
+ }
+
+ // Reset password
+ $hash = password_hash($newPassword, PASSWORD_BCRYPT, ['cost' => 12]);
+ $pdo->prepare("UPDATE users SET password = ? WHERE username = ?")
+ ->execute([$hash, $username]);
+
+ $message = "
+
| ID | Username | Aktif | Password Hash (30 char) | |
|---|---|---|---|---|
| = $u['id'] ?> | += htmlspecialchars($u['username']) ?> | += htmlspecialchars($u['email']) ?> | += $u['is_active'] ? '✅' : '❌' ?> | += htmlspecialchars($u['pass_preview']) ?>... | +