Change pass script pls?
Hi,i'm brazilian and is my first topic here and i need a script for to change the password pls? or somebody can help me for to isolate the part of 'register' and 'change pass' of pwAdmin pleaseeee?
@Edit
sorry for the mistakes because i'm doing an english course and not finished yet ... C =.
i need also, you have get me Thanks :D
Search... It's been mentioned hundreds of times how the hash for the password is calculated...
ok,i tried to find before, but i didn't find i will try again.
/PWServer/jetty-7.2.0/webapps/pwAdmin/WEB-INF/.pwadminconf.jsp
change
toCode:String iweb_password = "~random MD5 String";
This will reset the password and when you go to SERVERIP:8080/pwAdmin it will require you to set the passwordCode:String iweb_password = "63a9f0ea7bb98050796b649e85481845";
If I understood what you were asking and this works, please use the like button ;)
Goodluck, post if you can't get it working
Fairly certain they meant the user accounts themselves .-.Originally Posted by NaMeLeS
I really hate how well I understand Engrish
I have released a script just search for it.
sorry but I wanted to put a script on the site to change the password for the account of the player,understand??
Anyway i like*..
I just wrote this script. Haven't tested yet. Test it, and I hope it works, and I hope your password is 0x.md5(login.pass);Code:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <form method="post"> Login<br /> <input type="text" name="login" /><br /> Old Password<br /> <input type="password" name="oldpass" /> <br />New Password<br /> <input type="password" name="newpass" /><br /> Repeat New Password<br /> <input type="password" name="repass" /> <input type="submit" value="Send" /> </form> <?php if(isset($_POST['login'])){ function anti_injection($anti){ $anti = strip_tags($anti); $anti = mysql_real_escape_string($anti); return $anti; } $login = anti_injection($_POST['login']); $oldpass = anti_injection($_POST['oldpass']); $newpass = anti_injection($_POST['newpass']); $repass = anti_injection($_POST['repass']); } $conn = mysql_connect('host', 'user', 'passwd') or die(mysql_error()); $dbs = mysql_select_db("Dbname", $conn) or die (mysql_error()); $checkacc = mysql_query("SELECT passwd FROM users WHERE name='".$login."'") or die(mysql_error()); if(mysql_num_rows($checkacc) <= 0){ echo "The account doesn't exists"; } else{ $arraycheck = mysql_fetch_array($checkacc); $passdb = $arraycheck['passwd']; if("0x".md5($login.$oldpass) !== $passdb){ echo "Old password incorrect."; } else{ if($newpass !== $repass){ echo "New Password and Repeat New Password doesn't match"; } else{ $encript_pass = "0x".md5($login.$newpass); $chgpass = mysql_query("UPDATE users SET passwd='".$encript_pass."', passwd2='".$encript_pass."' WHERE name='$login'") or die(mysql_error()); echo "Password successfully changed!"; } } } ?> </body> </html>
Don't forget to change mysql connection properties
Last edited by renan7899; 29-09-11 at 01:38 PM.
strip tags is redundant as mysql real escape handles everything that is needed
you should also check to see if password changing query actually succeeds instead of reporting directly to user it succeeds even when it fails
no rdms actually requires the use of capital letters, and haven't for a very long time and tbh it just makes things look a bit silly (a lot of people still do it though...)
also the "or die(mysql_error());" confuses me a bit, you tell it to not report errors and then you put an explicit error reporter? A better option is to always handle errors yourself and give an "out of order" message to user instead of a php error message they'll get confused by
P.S. You are also not supposed to just flat out give people something like this as then they never learn, if its something common they need to search more if not then lead them in the right direction if it isn't overly complex </runon>
P.P.S. the giant red text when it isn't useful is incredibly annoying no matter who you ask
The error reporting will print your IP and some other environment errors. the mysql error will just print what error happened in that query.
Everybody have to test something when take it from the web, see if the results fits with what he wants, doesn't matter if I have tested it or not.
And das, stop trying to find "errors" in everything that I post on the forum.
I don't get what you are trying to say here. I know what mysql_error() does, and I know what error_reporting(0) does. Giving the end user either of these is silly and pointless. If you want to allow them to be togglable have anAnd then check the query like soCode:if(isset($_GET['debug'])){ error_reporting(E_ALL); define("DEBUG", true); } else { error_reporting(0); define("DEBUG", false); }
Code:if($conn){ //connected just fine $query = mysql_query("select `bla` from `derp`"); if(query){ //query succeeded } else { if(DEBUG){ mysql_error(); } echo "Unable to change password, please try again later"; } } else { if(DEBUG){ mysql_error(); } echo "Password change script isnt working!"; }You have mentioned that you are rather young. If anything you should take what I say as decent advice as writing robust code is a good habit to learn early in all honesty. I may dislike you some due to stupid things you do, but I'm simply trying to assist you. After all it affects many people when bad code gets circulated around with no one ever pointing out why it is bad or giving hints on how it make it better.
---solved---
Last edited by hrace009; 01-10-11 at 02:04 PM.
You're saying it's a bad code just because I was wrong about error reporting?You have mentioned that you are rather young. If anything you should take what I say as decent advice as writing robust code is a good habit to learn early in all honesty. I may dislike you some due to stupid things you do, but I'm simply trying to assist you. After all it affects many people when bad code gets circulated around with no one ever pointing out why it is bad or giving hints on how it make it better.
It's a basic script, but it does the job.
"I may dislike you due to stupid thing you do..."
I like and dislike many people here, but I don't need to put my personal feelings in a post, you shouldn't too. Hell, you were complaining even about the red text above.
hrace009 i use your server, explains how to configure data.php 'cause i didn't understand(:
Thank you all
Nope, if you actually read what I wrote I said it's bad code as you don't do any proper checks on what is being run and always tell the user the mysql_error which they don't need to know.
Just because it is simple doesn't mean it should be lazily written or give excess information the user doesn't need to see.
stop fighting at people threadand back to topic, perhaps someone can fix this script
i was modified 343 change password script with 4 digits PIN as security code, but i don't get it working.
here i give full code on that:
Spoiler:
can someone tell me what i'am miss in that codeDB.php - And where is the file?Code:require_once("DB.php");
that was pear, you must install pear first
apt-get install php-pear
Reply With Quote
