script change password??

**TantraRex** · 17-08-15

any one have this script for change password?

i already try this script

$fp = fopen("C:/Server/Unity/Share/Serv00/new/$UserID.txt","w");
fwrite($fp,$UserID."\r\n");
fwrite($fp,$password."\r\n");
fwrite($fp,"000000\r\n");
fwrite($fp,$userkey."\r\n");
@fclose($fp);

$userid = $_SESSION['username'];
$password2 = strtoupper(md5($newpass));
$initial=substr($userid,0,1);
if (ereg("^[a-zA-Z]$",$initial))
{
$initial=strtoupper($initial);
}
else
{
$initial="etc";
}
$accdir=("C:\Server\Unity\DBSRV\Account");
$f=fopen("./inc/sample.tad", "r");
$f=@fopen($accdir."".$initial."".$userid.".TAD",r) or die("Error");
$acc = @fread($f,7124);
$demopass=substr($acc,52,32);
$acc = str_replace($demopass,$password2,$acc);
$f2=@fopen($accdir."".$initial."".$userid.".TAD",w);
@fwrite($f2,$acc) or die("Error");
@fclose($f2);
@fclose($f);

mssql_query("UPDATE Account SET Password = '$password' WHERE UserID='".$_SESSION['username']."'");
$result = "Your password has been changed successfully.";

but in MSSQL Password or login website already changed.. but in game not changed still use old password and .tad not updated...

what wrong in my case?

thanks in advanced

**MentaL**

**John** · 19-08-15

Test this code.

Code:

<?php
$accdir = 'C:\\Server';
$userid = $_SESSION['username'];

$fp = fopen("$accdir."\\Share\\Serv00\\new\\".$userid.".txt",w);
fwrite($fp,$UserID."\r\n");
fwrite($fp,$password."\r\n");
fwrite($fp,"000000\r\n");
fwrite($fp,$userkey."\r\n");
@fclose($fp);

$password2 = strtoupper(md5($newpass));
$initial=substr($userid,0,1);
if (ereg("^[a-zA-Z]$",$initial)){$initial=strtoupper($initial);} else {$initial="etc";}
$f=fopen($accdir."\\DBSRV\\Account\\".$initial."\\".$userid.".TAD",r) or die("Error 1");
$acc = @fread($f,7124);
$demopass=substr($acc,52,32);
$acc = str_replace($demopass,$password2,$acc); 
$f2=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",w);
fwrite($f2,$acc) or die("Error 2");
@fclose($f);

mssql_query("UPDATE ACCOUNT SET Password = '$password' WHERE UserID='" . $userid . "'");
$result = "Your password has been changed successfully.";
?>

**TantraRex** · 21-08-15

@John thanks for reply ... but im try to replace your scipt and your scipt didn't work

**John** · 21-08-15

¿some error?, paste here your full file code.

**TantraRex** · 22-08-15

<?php
global $link;
mssql_select_db("UserLogin",$link);

if ($_POST['action'] == 'submitted')
{

$UserId= trim($_SESSION['username']);
$oldpass=trim($_POST['oldpass']);
$password=trim($_POST['password']);
$password2=trim($_POST['password2']);
$initial=substr($UserId,0,1);
$querys = mssql_query("SELECT * FROM Account WHERE UserID='".$_SESSION['username']."'");
$QRow = mssql_fetch_array($querys);
$num_rows = $QRow['Password'];
$zgsend=trim($_POST['zgcode']);
$zgcode = $QRow['ZGCode'];
$userkey = $QRow['UserKey'];

$error = "";
function AllOK()
{

global $error, $num_rows, $oldpass, $password, $password2, $zgcode, $zgsend ;

if ($num_rows != $oldpass)
{
$error .= "The old password is incorrect. <a href=javascript:history.go(-1)>Back</a>";
return 0;
}
if ($password == "")
{
$error .= "Failure to place the new password. <a href=javascript:history.go(-1)>Back</a>";
return 0;
}
if(!ereg("^[0-9a-zA-Z]{4,12}$",$password))
{
$error .= "Only letters or numbers are allowed, from 4 to 12 characters. <a href=javascript:history.go(-1)>Back</a>";
return 0;
}
if ($password != $password2)
{
$error .= "The password do not match. <a href=javascript:history.go(-1)>Back</a>";
return 0;
}
if ($num_rows == $password)
{
$error .= "The old password and the new password are the same. <a href=javascript:history.go(-1)>Back</a>";
return 0;
}
if ($zgsend != $zgcode)
{
$error .= "Your Tantra Zone Code is incorrect. <a href=javascript:history.go(-1)>Back</a>";
return 0;
}

return 1;
}

if (!AllOK())
{
$result = $error;
}
else
{

$accdir = 'C:\\ServerZone';
$userid = $_SESSION['username'];

$fp = fopen("$accdir."\\Share\\Serv00\\new".$userid.".txt",w);
fwrite($fp,$UserID."\r\n");
fwrite($fp,$password."\r\n");
fwrite($fp,"000000\r\n");
fwrite($fp,$userkey."\r\n");
@fclose($fp);

$password2 = strtoupper(md5($newpass));
$initial=substr($userid,0,1);
if (ereg("^[a-zA-Z]$",$initial)){$initial=strtoupper($initial);} else {$initial="etc";}
$f=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",r) or die("Error 1");
$acc = @fread($f,7124);
$demopass=substr($acc,52,32);
$acc = str_replace($demopass,$password2,$acc);
$f2=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",w);
fwrite($f2,$acc) or die("Error 2");
@fclose($f);

mssql_query("UPDATE ACCOUNT SET Password = '$password' WHERE UserID='" . $userid . "'");
$result = "Your password has been changed successfully.";

}
echo $result;
}
else
{
?>

**John** · 23-08-15

Originally Posted by TantraRex

Code:

<?php
global $link;
mssql_select_db("UserLogin",$link);

if ($_POST['action'] == 'submitted')
{
    
        $UserId= trim($_SESSION['username']);
        $oldpass=trim($_POST['oldpass']);
        $password=trim($_POST['password']);
        $password2=trim($_POST['password2']);
        $initial=substr($UserId,0,1);
        $querys = mssql_query("SELECT * FROM Account WHERE UserID='".$_SESSION['username']."'");
        $QRow = mssql_fetch_array($querys);
        $num_rows = $QRow['Password'];
        $zgsend=trim($_POST['zgcode']);
        $zgcode = $QRow['ZGCode'];
        $userkey = $QRow['UserKey'];

    $error = "";
    function AllOK()
    {

        global $error, $num_rows, $oldpass, $password, $password2, $zgcode, $zgsend ;

        if ($num_rows != $oldpass)
        {
            $error .= "<p>The old password is incorrect. <a href=javascript:history.go(-1)>Back</a></p>";
            return 0;
        }
        if ($password == "")
        {
            $error .= "<p>Failure to place the new password. <a href=javascript:history.go(-1)>Back</a></p>";
            return 0;
        }
        if(!ereg("^[0-9a-zA-Z]{4,12}$",$password))
        {
            $error .= "<p>Only letters or numbers are allowed, from 4 to 12 characters. <a href=javascript:history.go(-1)>Back</a></p>";
            return 0;
        }
        if ($password != $password2)
        {
            $error .= "<p>The password do not match. <a href=javascript:history.go(-1)>Back</a></p>";
            return 0;
        }
        if ($num_rows == $password)
        {
            $error .= "<p>The old password and the new password are the same. <a href=javascript:history.go(-1)>Back</a></p>";
            return 0;
        }
        if ($zgsend != $zgcode)
        {
            $error .= "<p>Your Tantra Zone Code is incorrect. <a href=javascript:history.go(-1)>Back</a></p>";
            return 0;
        }

    return 1;
    }

    if (!AllOK())
    {
        $result = $error;
    }
    else
    {
        
        

$accdir = 'C:\\ServerZone';
$userid = $_SESSION['username'];

$fp = fopen("$accdir."\\Share\\Serv00\\new".$userid.".txt",w);
fwrite($fp,$UserID."\r\n");
fwrite($fp,$password."\r\n");
fwrite($fp,"000000\r\n");
fwrite($fp,$userkey."\r\n");
@fclose($fp);

$password2 = strtoupper(md5($newpass));
$initial=substr($userid,0,1);
if (ereg("^[a-zA-Z]$",$initial)){$initial=strtoupper($initial);} else {$initial="etc";}
$f=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",r) or die("Error 1");
$acc = @fread($f,7124);
$demopass=substr($acc,52,32);
$acc = str_replace($demopass,$password2,$acc); 
$f2=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",w);
fwrite($f2,$acc) or die("Error 2");
@fclose($f);

mssql_query("UPDATE ACCOUNT SET Password = '$password' WHERE UserID='" . $userid . "'");
$result = "Your password has been changed successfully.";

    }
    echo $result;
}
else
{
?>

Not return any error?

**TantraRex** · 23-08-15

sql server update > success

.tad update > success (but im check using pspad password not updated

and im try login in game in choose server >> Sorry connectio to server failed xD

**John** · 24-08-15

DBSRV daemon should update TAD file if the php script not does O_o

**A v a r a** · 29-08-15

Hi John,

Is there a way we could change the code and not set the username to a session but to a post value wherein only adminsitrators can change the password without logging in the account of the player?

**John** · 29-08-15

Originally Posted by A v a r a

Hi John,

Is there a way we could change the code and not set the username to a session but to a post value wherein only adminsitrators can change the password without logging in the account of the player?

You want choice the user at he will change the values?, if so, you only need to change the value of the variable for the user's name

Code:

/* Username received at a session */
$UserId = $_SESSION['username']; // ( username is a sessión variable )

/* Username received per post method */
$UserId = $_POST['username']; // ( username is a post variable )

/* Username received per get method */
$UserId = $_GET['username']; // ( username is a get variable )

/* Username as a fixed value */
$UserId = 'Amir'; // ( Amir is a username in this example )

POST and GET be are formulary send methods. In html something like this:

Code:

<!-- POST METHOD -->
<form method="post" action="">
      <label>Enter the username</label><br>
      <input type="text" name="username" /><br>

      <button>Send</button>
</form>

<!-- GET METHOD -->
<form method="get" action="">
      <label>Enter the username</label><br>
      <input type="text" name="username" /><br>

      <button>Send</button>
</form>

You can also receive values from the url with the GET method, something like:

Code:

http://localhost/changepass.php?username=Amir

Username is the get variable:

Code:

$UserId = $_GET['username'];

And "Amir" the value.

**A v a r a** · 29-08-15

Sorry, what about allowing any characters (special characters) in the password?

**John** · 29-08-15

Originally Posted by A v a r a

Sorry, what about allowing any characters (special characters) in the password?

Can you explain?

**A v a r a** · 29-08-15

Originally Posted by John

Can you explain?

Like I will allow any characters in password and not only numbers and letters. Passwords like - $#Haw_()A:

**John** · 30-08-15

I hardly remember anything about tantra (server side), the game does not allow these characters in the password?, TAD file contain password in md5, "$#Haw_()A:" in md5 is: CC2ACEA65C7E8564395FCEAB454712F1, login reads the text password and converts in md5 to compare with the md5 in the TAD file.

**jbeitz107** · 30-08-15

John is correct in the password but, it is also for another reason that it doesn't allow special characters. This is a security flaw that must remain secure. If you allow use of special characters you also allow for intrusion in your server side scripting. Best to keep it simple.

script change password??

Thread Tools

script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Re: script change password??

Advertisement