Can anyone make a basic change password script? Something with a username, current password, new password and confirm password fields.
Thank you.
Can anyone make a basic change password script? Something with a username, current password, new password and confirm password fields.
Thank you.
I Want That Too xD
Search for UserCP
Here is the Script
PHP Code:<?php
$mssql_user = "sa";
$mssql_senha = "123123";
$mssql_database = "GunzDB";
$mssql_host = "ALFREDO\SQLEXPRESS";
$conn = mssql_connect($mssql_host, $mssql_user, $mssql_senha);
mssql_select_db($mssql_database);
?>
<FORM METHOD=POST ACTION="changepass.php?act=mudarsenha">
<table width="424" height="163" border="0" align="center" bordercolor="#A0A0A4">
<tr>
<td width="215" align="right">User</td>
<td width="199"><input name="usuario" type="text" id="usuario"></td>
</tr>
<tr>
<td align="right">Password</td>
<td><input name="senha" type="password" id="senha"></td>
</tr>
<tr>
<td height="28" align="right">New Password</td>
<td><input name="novasenha" type="password" id="novasenha"></td>
</tr>
<tr>
<td align="right">Retype new Password</td>
<td><input name="repetir" type="password" id="repetir"></td>
</tr>
<tr>
<td align="right"><?php
if ($_GET['act'] == 'mudarsenha')
{
$usuario = anti_injection($_POST['usuario']);
$senha = anti_injection($_POST['senha']);
$novasenha = anti_injection($_POST['novasenha']);
$repetir = anti_injection($_POST['repetir']);
if (valida(Array($usuario,$senha,$novasenha,$repetir)) == true)
if ($novasenha != $repetir){
echo "The new passwords not match!";
} else {
$query = mssql_query("SELECT * FROM Login WHERE UserID='$usuario' AND Password='$senha'");
if(mssql_num_rows($query)<1){
echo "User/Pass Wrong!";
} else {
$sql=mssql_query("UPDATE Login set Password='$novasenha' WHERE UserID='$usuario'");
if ($sql) echo "Password mudard, $usuario"; else echo 'There is a problem';
}
}
}
function anti_injection($sql)
{
$sql = preg_replace(sql_regcase("/(from|select|update|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
function valida($campos){
foreach($campos as $c){
if(empty($c)){
echo "Please, complete all textboxs";
return false;
}else{
return true;
}
}
}
?></td>
<td><input type="submit" name="Submit" value="Change"></td>
</tr>
</table>
Last edited by alfredao; 22-05-09 at 04:15 PM.
Terrible escape function, yet again..Code:function anti_injection($sql) { $sql = preg_replace(sql_regcase("/(from|select|update|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql); $sql = trim($sql); $sql = strip_tags($sql); $sql = addslashes($sql); return $sql; }
@alfredao
Thank you for the script but I have one problem.
It redirects to a blank page because I don't have this action "changepass?act=mudarsenha".
Rename your script to changepass.php
And enter . http://your-ip/changepass.php?act=mudarsenha
Thank you. I'm gonna try it later.
Last edited by Ricobob; 23-05-09 at 05:10 AM.
ez than older
Thats mine ;)PHP Code:<FORM method="post" action="<? echo $PHP_SELF;?>">
<table align="center">
<tr>
<td>
<p>
<h1>Change Password</h1>
<p>
</td>
</tr>
<tr>
<td>
<p><b>Accountname:</b>
</td>
<td>
<input name="name" type="text" />
</td>
</tr>
<tr>
<td>
<p><b>Current Password:</b>
</td>
<td>
<input name="Cpass" type="password" />
</td>
</tr>
</tr>
<tr>
<td>
<p><b>New Password:</b>
</td>
<td>
<input name="Npass" type="password" />
</td>
</tr>
<tr>
<td>
<input type="submit" value="change" name="change" />
</td>
</tr>
</form>
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
include('config.php');
if(isset($_POST['change']))
{
$name = anti_injection($_POST ["name"]);
$Cpass = anti_injection($_POST ["Cpass"]);
$Npass = anti_injection($_POST ["Npass"]);
$wut = mssql_query("SELECT UserID,Password FROM login WHERE UserID='$name'");
$pw = mssql_fetch_assoc($wut);
if($Cpass == $pw['Password'])
{
mssql_query("UPDATE login SET Password='$Npass' WHERE UserID='$name'");
echo"Changed Succesfully!";
}
else
{
echo "Wrong Password";
}
}
?>
Thanks niels but I'm having this error.
Edit.Code:Fatal error: Call to undefined function anti_injection() in C:\wamp\www\changepass.php on line 51
Thank you again, got it fixed.
Last edited by Ricobob; 23-05-09 at 12:46 PM.
Reply With Quote