- Joined
- Sep 11, 2006
- Messages
- 291
- Reaction score
- 10
I wrote this up for another user who needed help, so I figured I'd just drop this here for others. It's working perfect on my server. It's very basic, unthemed, but it gets straight to the point.
I named it changepw.php.
I named it changepw.php.
Code:
<?php
if (isset($_POST['submit'])) {
//MSSQL conf
$serverIp = "192.168.2.2";
$userName = "sa";
$password = "";
$dbName1 = "SRO_VT_ACCOUNT";
$dbName2 = "SRO_VT_SHARD";
$dbConn = mssql_connect($serverIp, $userName, $password) or die ("Couldn't connect to server $serverIp");
//POST structure.
$user = htmlspecialchars($_POST['username'], ENT_QUOTES);
$old_pass = md5(htmlspecialchars($_POST['oldpassword'], ENT_QUOTES));
$new_pass = md5(htmlspecialchars($_POST['new_pass'], ENT_QUOTES));
$confirm = md5(htmlspecialchars($_POST['confirm_pass'], ENT_QUOTES));
//MSSQL Connect phase
mssql_select_db($dbName1, $dbConn) or die ("Couln't select database $dbName1");
//Get JID.
$getUserJID = mssql_query("select * from TB_User where StrUserID = '$user'");
while ($row = mssql_fetch_array($getUserJID)) {
$userJID = $row['JID'];
}
//Verify
$verifyAccount = mssql_num_rows(mssql_query("select * from TB_User where StrUserID = '$user' AND password = '$old_pass'"));
if($verifyAccount <= 0) {
echo "<a href='changepw.php'>Current Password is incorrect, try again!</a>";
} else {
if ($new_pass != md5($_POST['new_pass'])) echo "<a href='changepw.php'>Password used has invalid characters!</a>";
else if ($new_pass != $confirm) echo "<a href='changepw.php'>Both the new password and confirm password must match!</a>";
else {
mssql_query("update TB_User set password = '$new_pass' where JID = '$userJID'");
echo 'Successfully updated password.';
}
}
}
//HTML
else {
?>
<form action="#" method="post">
User: <input name="username" type="text"><br>
Password: <input name="oldpassword" type="password" /><br>
New Password: <input name="new_pass" type="password" /><br>
Confirm: <input name="confirm_pass" type="password" /><br>
<input name="submit" type="submit" value="Change!" />
</form>
<?php
}
?>