PHP Help

Results 1 to 2 of 2
  1. 25-11-13 #1
    RenePunik
    No avatar RenePunik is offline
    MemberRank
    Feb 2013 Join Date
    1,431Posts

    big grin PHP Help

    Guys i want make reset password page any idea please?
    Reply With Quote Reply With Quote
  2. Check out our sponsor
    PHP Help
  3. 26-11-13 #2
    alextepes
    This is bullshit. alextepes is offline
    MemberRank
    Sep 2006 Join Date
    CanadaLocation
    310Posts

    Re: PHP Help

    You have to use mssql and md5 it. So as long as they are logged in this shouldn't be a problem. Just ask them to confirm their old password as confirmation at changing their password. Like changepw.php in Silkroad Castle CMS I'm currently modifying.

    Spoiler:

    Code:
    <?php
    session_start();
    include("../modules/include/Config.php");
    require_once("../modules/include/sqlConn.php");
    require_once("../modules/include/Security.php");
    
    
    mssql_select_db($dbName1, $dbConn) or die ("Couln't select database $dbName1");
    
    $userID = $_SESSION['name'];
    
    if(!isset($_SESSION['loggedin'])) {
        header("location:./../?notLoggedIn");
    } else if ($_POST['password_1'] != $_POST['password_2']) {
        header("location:./../?pwMissmatch");
    } else if (empty($_POST['newpassword_1']) || empty($_POST['newpassword_2']) || empty($_POST['password'])) {
        header("location:./../?noData");
    } else {
        $getUserJID = mssql_query("select * from TB_User where StrUserID = '$userID'");
        while ($row = mssql_fetch_array($getUserJID)) {
            $userJID = $row['JID'];
        }
        $currPassword = md5($_POST['password']);
        $verifyAccount = mssql_num_rows(mssql_query("select * from TB_User where StrUserID = '$userID' AND password = '$currPassword'"));
        if($verifyAccount <= 0) {
            print "<a href='Change.php'>Current Password is incorrect!</a>";
        } else {
            $check = new security();
            $message = null;
            if ($check->is_secure($_POST['password']) == false) $message[] = "<a href='Change.php'>Invalid characters in Password field!</a><br />";
            if ($check->is_secure($_POST['newpassword_1']) == false) $message[] = "<a href='Change.php'>Invalid characters in new Password 1 field!</a><br />";
            if ($check->is_secure($_POST['newpassword_2']) == false) $message[] = "<a href='Change.php'>Invalid characters in new Password 2 field!</a><br />";
            if(count($message) > 0) {
                for($i = 0; $i < count($message); $i++) {
                    print $message[$i];
                    header("location:./../?invalidData");
                }
                return;
            } else {    
                $newPassword = md5($_POST['newpassword_2']);
                mssql_query("update TB_User set password = '$newPassword' where JID = '$userJID'");
                header("location:./../?pwChanged");
            }
        }
    }
?>


    In this, it includes the config for mssql, and has security functions, but what it's doing is using md5(post);
    So it would be like $_POST['username'], $_POST['oldpassword'], $_POST['new_pass'], $_POST['confirm_pass']

    Wrote this while replying to you ~_~, can't guarantee it works, but it's a starting point.
    Spoiler:

    Code:
    <?php
if (isset($_POST['submit'])) {
//MSSQL conf
    $serverIp     = "192.168.2.2";
    $userName     = "sa";
    $password     = "password";
    $dbName1      = "SRO_VT_ACCOUNT";
    $dbName2      = "SRO_VT_SHARD";
    $dbConn = mssql_connect($serverIp, $userName, $password) or die ("Couldn't connect to server $serverIp");
//POST structure.
$user = htmlspecialchars($_POST['username'], ENT_QUOTES);
$old_pass = md5(htmlspecialchars($_POST['oldpassword'], ENT_QUOTES));
$new_pass = md5(htmlspecialchars($_POST['new_pass'], ENT_QUOTES));
$confirm = md5(htmlspecialchars($_POST['confirm_pass'], ENT_QUOTES));
//MSSQL Connect phase
mssql_select_db($dbName1, $dbConn) or die ("Couln't select database $dbName1");
//Get JID.
        $getUserJID = mssql_query("select * from TB_User where StrUserID = '$user'");
        while ($row = mssql_fetch_array($getUserJID)) {
            $userJID = $row['JID'];
        }
//Verify
        $verifyAccount = mssql_num_rows(mssql_query("select * from TB_User where StrUserID = '$user' AND password = '$old_pass'"));
if($verifyAccount <= 0) {
            echo "<a href='changepw.php'>Current Password is incorrect, try again!</a>";
        } else {


if ($new_pass != md5($_POST['new_pass'])) echo "<a href='changepw.php'>Password used has invalid characters!</a>";
else if ($new_pass != $confirm) echo "<a href='changepw.php'>Both the new password and confirm password must match!</a>";
else { 
mssql_query("update TB_User set password = '$new_pass' where JID = '$userJID'");
echo 'Successfully updated password.';
}
}
}
else {
?>
<form action="#" method="post">
User: <input name="username" type="text"><br>
Password: <input name="oldpassword" type="password" /><br>
New Password: <input name="new_pass" type="password" /><br>
Confirm: <input name="confirm_pass" type="password" /><br>
<input name="submit" type="submit" value="Change!" />
</form>
<?php
}
?>


    Update: 26/11/2013 2:25PM EST, it appears to work on my server. I named it changepw.php
    Last edited by alextepes; 26-11-13 at 08:37 PM.
    Reply With Quote Reply With Quote


« Previous Thread | Next Thread »

Advertisement