Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

account.jsp - pwAdmin

343

343

Omega
Loyal Member
10 Happy Years Notable Release
Joined
Oct 14, 2009
Messages
5,493
Reaction score
2,299
Can anyone help me modify account.jsp so that when you utilize the "CHANGE ACCOUNT PASSWORD" feature it will retain any information in the 'email' field of 'DBO/users' ???

---------- Post added at 07:40 PM ---------- Previous post was at 06:01 PM ----------

This is the section I am working with
Code: 
			if(action.compareTo("passwd") == 0)
			{
				String getlogin = request.getParameter("getlogin");
                String login = getlogin.toLowerCase();
				String password_old = request.getParameter("password_old");
				String password_new = request.getParameter("password_new");

				if(login.length() > 0 && password_old.length() > 0 && password_new.length() > 0)
				{
					if(password_new.length() < 4 || password_new.length() > 10)
					{
						message = "<font color=\"ee0000\">Only 4-10 Characters</font>";
					}
					else
					{
						String alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_";
						boolean check = true;
						char c;
						for(int i=0; i<password_new.length(); i++)
						{
							c = password_new.charAt(i);
							if (alphabet.indexOf(c) == -1)
							{
								check = false;
								break;
							}
						}

						if(!check)
						{
							message = "<font color=\"ee0000\">Forbidden Characters</font>";
						}
						else
						{
							try
							{
								Class.forName("com.mysql.jdbc.Driver").newInstance();
								Connection connection = DriverManager.getConnection("jdbc:mysql://" + db_host + ":" + db_port + "/" + db_database, db_user, db_password);
								Statement statement = connection.createStatement();
								ResultSet rs = statement.executeQuery("SELECT ID, passwd FROM users WHERE name='" + login + "'");
								String password_stored = "";
								String id_stored = "";

								int count = 0;
								while(rs.next())
								{
									id_stored = rs.getString("ID");
									password_stored = rs.getString("passwd");

									count++;
								}

								if(count <= 0)
								{
									message = "<font color=\"ee0000\">User Doesn't Exist</font>";
								}
								else
								{
									password_old = pw_encode(login + password_old, MessageDigest.getInstance("MD5"));

									// Some hard encoding problems requires a strange solution...
									// changePasswd -> wrong encoding password destroyed...
									// Only a temp entry in database gives us a correct encoded password for comparsion

									rs = statement.executeQuery("call adduser('" + login + "_TEMP_USER', " + password_old + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_old + ")");
									rs = statement.executeQuery("SELECT passwd FROM users WHERE name='" + login + "_TEMP_USER'");
									rs.next();
									password_old = rs.getString("passwd");

									// Delete temp entry
									statement.executeUpdate("DELETE FROM users WHERE name='" + login + "_TEMP_USER'");

									if(password_old.compareTo(password_stored) != 0)
									{
										message = "<font color=\"ee0000\">Old Password Mismatch</font>";
									}
									else
									{
										password_new = pw_encode(login + password_new, MessageDigest.getInstance("MD5"));

										// LOCK TABLE to ensure that nobody else get the original ID of the user
										statement.executeUpdate("LOCK TABLE users WRITE");
										// Delete old entry
										statement.executeUpdate("DELETE FROM users WHERE name='" + login + "'");
										// Add new entry
										rs = statement.executeQuery("call adduser('" + login + "', " + password_new + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_new + ")");
										// change new entry ID to original ID - necessary to keep characters of this account
										statement.executeUpdate("UPDATE users SET ID='" + id_stored + "' WHERE name='" + login + "'");
										// UNLOCK TABLES
										statement.executeUpdate("UNLOCK TABLES");

										message = "<font color=\"00cc00\">Password Changed</font>";
									}
								}
								connection.close();
								rs.close();
							}
							catch(Exception e)
							{
								message = "<font color=\"#ee0000\"><b>Connection to MySQL Database Failed</b></font>";
							}
						}
					}
				}
			}
 
Last edited:
The Best DDoS Protected Servers
343

343

Omega
Loyal Member
10 Happy Years Notable Release
Joined
Oct 14, 2009
Messages
5,493
Reaction score
2,299
no, I want it to retain whatever is in the email field of the database...

My 'registration' or 'sign up' page has fields for a 'new user' to enter the following fields:
User Name: EMail Address: Password: Confirm Password:

Now, I am utilizing a password change script that will verify the info in the email field. My problem that comes in with pwAdmin is if you utilize the feature for changing the password (in account.jsp) because of the way it is written the email field will be blanked/overwritten/empty. I cannot have that because my PW change script seeks a valid value in the email field. So if the email field is empty there is nothing that will satisfy my password change script, which I cannot allow. So to unify I must modify account.jsp so that it does not blank out the email field on a password change.

---------- Post added at 04:41 PM ---------- Previous post was at 04:36 PM ----------

and I know it is going to be something pretty easy to do, I just am not really familiar with JSP, so everything I have tried so far has failed :(
 
N

nofxpunkerbrian

[B]aSH
Loyal Member
Joined
Apr 2, 2009
Messages
1,138
Reaction score
371
The change password changes the email field?

weird =/

Just change the field it uses so it dont use the email field make it use a different field or am i still not getting what ur saying? sorry if im not im a little confused >.<
 
343

343

Omega
Loyal Member
10 Happy Years Notable Release
Joined
Oct 14, 2009
Messages
5,493
Reaction score
2,299
well I do not know JSP too well. but I can tell you the way the above 'code' works for the password change box, for the most part:

you input the account name, current password, and what you want to be the new password.

The account.jsp then takes this info, makes a temporary account entry in the database to compare passwords to make sure you typed the current password correctly. if you did, it will then write an entry to the database for your new password. The only downfall is when it does this, it takes any pre-existing info in the 'email' field and essentially erases it (due to this 'code' right here)
Code: 
rs = statement.executeQuery("call adduser('" + login + "', " + password_new + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_new + ")");

Now what I am saying is I cannot have it behave this way, because then any passwords previously changed within pwAdmin, the user will NOT be able to use my port 80 password change script since it calls for a valid email field entry.

To attempt to cover it one more way: full steps of what I mean:

1- a new user comes to my port 80 register page, and registers an account; lets say [USERNAME: TEST] [PASSWORD: TEST] [EMAIL: TEST@YAHOO.COM]

2- that user goes to my port 80 change password script and changes their password:
[USERNAME: TEST] => [USERNAME: TEST]
[PASSWORD: TEST] => [PASSWORD: TEST2]
[EMAIL: TEST@YAHOO.COM] => [EMAIL: TEST@YAHOO.COM]

3- if the password for that account is now changed in pwAdmin (account.jsp) it will blank out the email field:
[USERNAME: TEST] => [USERNAME: TEST]
[PASSWORD: TEST2] => [PASSWORD: TEST3]
[EMAIL: TEST@YAHOO.COM] => [EMAIL: ]

so now if you go back to the port 80 change password script (which calls for a valid email field) it will not work, because there is no value that will satisfy 'blank' for my port 80 change password script.

So what I want to change is that pwAdmin / account.jsp does not erase the email field in the database :)
 
Last edited:
343

343

Omega
Loyal Member
10 Happy Years Notable Release
Joined
Oct 14, 2009
Messages
5,493
Reaction score
2,299
so far I have attempted by making the following changes in RED

Code: 
			if(action.compareTo("passwd") == 0)
			{
				String getlogin = request.getParameter("getlogin");
                String login = getlogin.toLowerCase();
				String password_old = request.getParameter("password_old");
				String password_new = request.getParameter("password_new");

				if(login.length() > 0 && password_old.length() > 0 && password_new.length() > 0)
				{
					if(password_new.length() < 4 || password_new.length() > 10)
					{
						message = "<font color=\"ee0000\">Only 4-10 Characters</font>";
					}
					else
					{
						String alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_";
						boolean check = true;
						char c;
						for(int i=0; i<password_new.length(); i++)
						{
							c = password_new.charAt(i);
							if (alphabet.indexOf(c) == -1)
							{
								check = false;
								break;
							}
						}

						if(!check)
						{
							message = "<font color=\"ee0000\">Forbidden Characters</font>";
						}
						else
						{
							try
							{
								Class.forName("com.mysql.jdbc.Driver").newInstance();
								Connection connection = DriverManager.getConnection("jdbc:mysql://" + db_host + ":" + db_port + "/" + db_database, db_user, db_password);
								Statement statement = connection.createStatement();
								ResultSet rs = statement.executeQuery("SELECT ID, passwd[COLOR="Red"], email[/COLOR] FROM users WHERE name='" + login + "'");
								String password_stored = "";
								String id_stored = "";

								int count = 0;
								while(rs.next())
								{
									id_stored = rs.getString("ID");
									password_stored = rs.getString("passwd");

									count++;
								}

								if(count <= 0)
								{
									message = "<font color=\"ee0000\">User Doesn't Exist</font>";
								}
								else
								{
									password_old = pw_encode(login + password_old, MessageDigest.getInstance("MD5"));

									// Some hard encoding problems requires a strange solution...
									// changePasswd -> wrong encoding password destroyed...
									// Only a temp entry in database gives us a correct encoded password for comparsion

									rs = statement.executeQuery("call adduser('" + login + "_TEMP_USER', " + password_old + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_old + ")");
									rs = statement.executeQuery("SELECT passwd FROM users WHERE name='" + login + "_TEMP_USER'");
									rs.next();
									password_old = rs.getString("passwd");

									// Delete temp entry
									statement.executeUpdate("DELETE FROM users WHERE name='" + login + "_TEMP_USER'");

									if(password_old.compareTo(password_stored) != 0)
									{
										message = "<font color=\"ee0000\">Old Password Mismatch</font>";
									}
									else
									{
										password_new = pw_encode(login + password_new, MessageDigest.getInstance("MD5"));

										// LOCK TABLE to ensure that nobody else get the original ID of the user
										statement.executeUpdate("LOCK TABLE users WRITE");
										// Delete old entry
										statement.executeUpdate("DELETE FROM users WHERE name='" + login + "'");
										// Add new entry
										rs = statement.executeQuery("call adduser('" + login + "', " + password_new + ", '0', '0', '0', '0', [COLOR="Red"]" + email_stored + "[/COLOR], '0', '0', '0', '0', '0', '0', '0', '', '', " + password_new + ")");
										// change new entry ID to original ID - necessary to keep characters of this account
										statement.executeUpdate("UPDATE users SET ID='" + id_stored + "' WHERE name='" + login + "'");
										// UNLOCK TABLES
										statement.executeUpdate("UNLOCK TABLES");

										message = "<font color=\"00cc00\">Password Changed</font>";
									}
								}
								connection.close();
								rs.close();
							}
							catch(Exception e)
							{
								message = "<font color=\"#ee0000\"><b>Connection to MySQL Database Failed</b></font>";
							}
						}
					}
				}
			}
Those are the parts that I am pretty sure are 'supposed' to be that way; but I am missing at least one element that I cannot seem to figure out. assigning the email variable or field a string ie... something like "password_stored = rs.getString("passwd");" except for this task specifically something more like "email_stored = rs.getString("email");" of course

I have tried to do this, but I believe this is where I have been failing. Someone that knows JSP better than me, please shed some light on the situation for me :s
 
Last edited:
343

343

Omega
Loyal Member
10 Happy Years Notable Release
Joined
Oct 14, 2009
Messages
5,493
Reaction score
2,299
Nevermind, I figured it out. My advice, never work on this kinda s*** when you're tired :lol:; as I finally found my minor 'typo' that was hindering it from working properly. Just in-case anyone else is as meticulous about things as I am here is the new password change section so it will not overwrite your email field in your database:

Code: 
			if(action.compareTo("passwd") == 0)
			{
				String getlogin = request.getParameter("getlogin");
                String login = getlogin.toLowerCase();
				String password_old = request.getParameter("password_old");
				String password_new = request.getParameter("password_new");

				if(login.length() > 0 && password_old.length() > 0 && password_new.length() > 0)
				{
					if(password_new.length() < 4 || password_new.length() > 10)
					{
						message = "<font color=\"ee0000\">Only 4-10 Characters</font>";
					}
					else
					{
						String alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_";
						boolean check = true;
						char c;
						for(int i=0; i<password_new.length(); i++)
						{
							c = password_new.charAt(i);
							if (alphabet.indexOf(c) == -1)
							{
								check = false;
								break;
							}
						}

						if(!check)
						{
							message = "<font color=\"ee0000\">Forbidden Characters</font>";
						}
						else
						{
							try
							{
								Class.forName("com.mysql.jdbc.Driver").newInstance();
								Connection connection = DriverManager.getConnection("jdbc:mysql://" + db_host + ":" + db_port + "/" + db_database, db_user, db_password);
								Statement statement = connection.createStatement();
								[COLOR="Red"]ResultSet rs = statement.executeQuery("SELECT ID, passwd[b], email[/b] FROM users WHERE name='" + login + "'");
                                [b]String email_stored = "";[/b][/COLOR]
								String password_stored = "";
								String id_stored = "";
								int count = 0;
								while(rs.next())
								{
                                    [COLOR="Red"][b]email_stored = rs.getString("email");[/b][/COLOR]
									id_stored = rs.getString("ID");
									password_stored = rs.getString("passwd");
									count++;
								}

								if(count <= 0)
								{
									message = "<font color=\"ee0000\">User Doesn't Exist</font>";
								}
								else
								{
									password_old = pw_encode(login + password_old, MessageDigest.getInstance("MD5"));

									// Some hard encoding problems requires a strange solution...
									// changePasswd -> wrong encoding password destroyed...
									// Only a temp entry in database gives us a correct encoded password for comparsion

									rs = statement.executeQuery("call adduser('" + login + "_TEMP_USER', " + password_old + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_old + ")");
									rs = statement.executeQuery("SELECT passwd FROM users WHERE name='" + login + "_TEMP_USER'");
									rs.next();
									password_old = rs.getString("passwd");

									// Delete temp entry
									statement.executeUpdate("DELETE FROM users WHERE name='" + login + "_TEMP_USER'");

									if(password_old.compareTo(password_stored) != 0)
									{
										message = "<font color=\"ee0000\">Old Password Mismatch</font>";
									}
									else
									{
										password_new = pw_encode(login + password_new, MessageDigest.getInstance("MD5"));

										// LOCK TABLE to ensure that nobody else get the original ID of the user
										statement.executeUpdate("LOCK TABLE users WRITE");
										// Delete old entry
										statement.executeUpdate("DELETE FROM users WHERE name='" + login + "'");
										// Add new entry
										[COLOR="Red"]rs = statement.executeQuery("call adduser('" + login + "', " + password_new + ", '0', '0', '0', '0', '[b]" + email_stored + "[/b]', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_new + ")");[/COLOR]
										// change new entry ID to original ID - necessary to keep characters of this account
										statement.executeUpdate("UPDATE users SET ID='" + id_stored + "' WHERE name='" + login + "'");
										// UNLOCK TABLES
										statement.executeUpdate("UNLOCK TABLES");

										message = "<font color=\"00cc00\">Password Changed</font>";
									}
								}
								connection.close();
								rs.close();
							}
							catch(Exception e)
							{
								message = "<font color=\"#ee0000\"><b>Connection to MySQL Database Failed</b></font>";
							}
						}
					}
				}
			}

The additions / changes I have made are highlighted in red :)
 
Last edited:
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
231
Guests online
6,568
Total visitors
6,799
Totals may include hidden visitors.

Forum statistics

Threads
429,015
Messages
4,589,835
Members
280,261
Latest member
bemap103
Most visitors online was 8830 , on 6 Feb 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top