Re: script change password??
Test this code.
Code:
<?php
$accdir = 'C:\\Server';
$userid = $_SESSION['username'];
$fp = fopen("$accdir."\\Share\\Serv00\\new\\".$userid.".txt",w);
fwrite($fp,$UserID."\r\n");
fwrite($fp,$password."\r\n");
fwrite($fp,"000000\r\n");
fwrite($fp,$userkey."\r\n");
@fclose($fp);
$password2 = strtoupper(md5($newpass));
$initial=substr($userid,0,1);
if (ereg("^[a-zA-Z]$",$initial)){$initial=strtoupper($initial);} else {$initial="etc";}
$f=fopen($accdir."\\DBSRV\\Account\\".$initial."\\".$userid.".TAD",r) or die("Error 1");
$acc = @fread($f,7124);
$demopass=substr($acc,52,32);
$acc = str_replace($demopass,$password2,$acc);
$f2=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",w);
fwrite($f2,$acc) or die("Error 2");
@fclose($f);
mssql_query("UPDATE ACCOUNT SET Password = '$password' WHERE UserID='" . $userid . "'");
$result = "Your password has been changed successfully.";
?>
Re: script change password??
@John thanks for reply ... but im try to replace your scipt and your scipt didn't work
Re: script change password??
¿some error?, paste here your full file code.
Re: script change password??
<?php
global $link;
mssql_select_db("UserLogin",$link);
if ($_POST['action'] == 'submitted')
{
$UserId= trim($_SESSION['username']);
$oldpass=trim($_POST['oldpass']);
$password=trim($_POST['password']);
$password2=trim($_POST['password2']);
$initial=substr($UserId,0,1);
$querys = mssql_query("SELECT * FROM Account WHERE UserID='".$_SESSION['username']."'");
$QRow = mssql_fetch_array($querys);
$num_rows = $QRow['Password'];
$zgsend=trim($_POST['zgcode']);
$zgcode = $QRow['ZGCode'];
$userkey = $QRow['UserKey'];
$error = "";
function AllOK()
{
global $error, $num_rows, $oldpass, $password, $password2, $zgcode, $zgsend ;
if ($num_rows != $oldpass)
{
$error .= "<p>The old password is incorrect. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if ($password == "")
{
$error .= "<p>Failure to place the new password. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if(!ereg("^[0-9a-zA-Z]{4,12}$",$password))
{
$error .= "<p>Only letters or numbers are allowed, from 4 to 12 characters. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if ($password != $password2)
{
$error .= "<p>The password do not match. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if ($num_rows == $password)
{
$error .= "<p>The old password and the new password are the same. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if ($zgsend != $zgcode)
{
$error .= "<p>Your Tantra Zone Code is incorrect. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
return 1;
}
if (!AllOK())
{
$result = $error;
}
else
{
$accdir = 'C:\\ServerZone';
$userid = $_SESSION['username'];
$fp = fopen("$accdir."\\Share\\Serv00\\new".$userid.".txt",w);
fwrite($fp,$UserID."\r\n");
fwrite($fp,$password."\r\n");
fwrite($fp,"000000\r\n");
fwrite($fp,$userkey."\r\n");
@fclose($fp);
$password2 = strtoupper(md5($newpass));
$initial=substr($userid,0,1);
if (ereg("^[a-zA-Z]$",$initial)){$initial=strtoupper($initial);} else {$initial="etc";}
$f=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",r) or die("Error 1");
$acc = @fread($f,7124);
$demopass=substr($acc,52,32);
$acc = str_replace($demopass,$password2,$acc);
$f2=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",w);
fwrite($f2,$acc) or die("Error 2");
@fclose($f);
mssql_query("UPDATE ACCOUNT SET Password = '$password' WHERE UserID='" . $userid . "'");
$result = "Your password has been changed successfully.";
}
echo $result;
}
else
{
?>
1 Attachment(s)
Re: script change password??
Quote:
Originally Posted by
TantraRex
Code:
<?php
global $link;
mssql_select_db("UserLogin",$link);
if ($_POST['action'] == 'submitted')
{
$UserId= trim($_SESSION['username']);
$oldpass=trim($_POST['oldpass']);
$password=trim($_POST['password']);
$password2=trim($_POST['password2']);
$initial=substr($UserId,0,1);
$querys = mssql_query("SELECT * FROM Account WHERE UserID='".$_SESSION['username']."'");
$QRow = mssql_fetch_array($querys);
$num_rows = $QRow['Password'];
$zgsend=trim($_POST['zgcode']);
$zgcode = $QRow['ZGCode'];
$userkey = $QRow['UserKey'];
$error = "";
function AllOK()
{
global $error, $num_rows, $oldpass, $password, $password2, $zgcode, $zgsend ;
if ($num_rows != $oldpass)
{
$error .= "<p>The old password is incorrect. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if ($password == "")
{
$error .= "<p>Failure to place the new password. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if(!ereg("^[0-9a-zA-Z]{4,12}$",$password))
{
$error .= "<p>Only letters or numbers are allowed, from 4 to 12 characters. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if ($password != $password2)
{
$error .= "<p>The password do not match. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if ($num_rows == $password)
{
$error .= "<p>The old password and the new password are the same. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
if ($zgsend != $zgcode)
{
$error .= "<p>Your Tantra Zone Code is incorrect. <a href=javascript:history.go(-1)>Back</a></p>";
return 0;
}
return 1;
}
if (!AllOK())
{
$result = $error;
}
else
{
$accdir = 'C:\\ServerZone';
$userid = $_SESSION['username'];
$fp = fopen("$accdir."\\Share\\Serv00\\new".$userid.".txt",w);
fwrite($fp,$UserID."\r\n");
fwrite($fp,$password."\r\n");
fwrite($fp,"000000\r\n");
fwrite($fp,$userkey."\r\n");
@fclose($fp);
$password2 = strtoupper(md5($newpass));
$initial=substr($userid,0,1);
if (ereg("^[a-zA-Z]$",$initial)){$initial=strtoupper($initial);} else {$initial="etc";}
$f=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",r) or die("Error 1");
$acc = @fread($f,7124);
$demopass=substr($acc,52,32);
$acc = str_replace($demopass,$password2,$acc);
$f2=fopen($accdir."\\DBSRV\\Account".$initial."".$userid.".TAD",w);
fwrite($f2,$acc) or die("Error 2");
@fclose($f);
mssql_query("UPDATE ACCOUNT SET Password = '$password' WHERE UserID='" . $userid . "'");
$result = "Your password has been changed successfully.";
}
echo $result;
}
else
{
?>
Not return any error?
Re: script change password??
sql server update > success
.tad update > success (but im check using pspad password not updated
and im try login in game in choose server >> Sorry connectio to server failed xD
Re: script change password??
DBSRV daemon should update TAD file if the php script not does O_o
Re: script change password??
Hi John,
Is there a way we could change the code and not set the username to a session but to a post value wherein only adminsitrators can change the password without logging in the account of the player?
Re: script change password??
Quote:
Originally Posted by
A v a r a
Hi John,
Is there a way we could change the code and not set the username to a session but to a post value wherein only adminsitrators can change the password without logging in the account of the player?
You want choice the user at he will change the values?, if so, you only need to change the value of the variable for the user's name
Code:
/* Username received at a session */
$UserId = $_SESSION['username']; // ( username is a sessión variable )
/* Username received per post method */
$UserId = $_POST['username']; // ( username is a post variable )
/* Username received per get method */
$UserId = $_GET['username']; // ( username is a get variable )
/* Username as a fixed value */
$UserId = 'Amir'; // ( Amir is a username in this example )
POST and GET be are formulary send methods. In html something like this:
Code:
<!-- POST METHOD -->
<form method="post" action="">
<label>Enter the username</label><br>
<input type="text" name="username" /><br>
<button>Send</button>
</form>
<!-- GET METHOD -->
<form method="get" action="">
<label>Enter the username</label><br>
<input type="text" name="username" /><br>
<button>Send</button>
</form>
You can also receive values from the url with the GET method, something like:
Code:
http://localhost/changepass.php?username=Amir
Username is the get variable:
Code:
$UserId = $_GET['username'];
And "Amir" the value.
Re: script change password??
Sorry, what about allowing any characters (special characters) in the password?
Re: script change password??
Quote:
Originally Posted by
A v a r a
Sorry, what about allowing any characters (special characters) in the password?
Can you explain?
Re: script change password??
Quote:
Originally Posted by
John
Can you explain?
Like I will allow any characters in password and not only numbers and letters. Passwords like - $#Haw_()A:
1 Attachment(s)
Re: script change password??
I hardly remember anything about tantra (server side), the game does not allow these characters in the password?, TAD file contain password in md5, "$#Haw_()A:" in md5 is: CC2ACEA65C7E8564395FCEAB454712F1, login reads the text password and converts in md5 to compare with the md5 in the TAD file.
Re: script change password??
John is correct in the password but, it is also for another reason that it doesn't allow special characters. This is a security flaw that must remain secure. If you allow use of special characters you also allow for intrusion in your server side scripting. Best to keep it simple.
