Change pass script pls?

Hi,i'm brazilian and is my first topic here and i need a script for to change the password pls? or somebody can help me for to isolate the part of 'register' and 'change pass' of pwAdmin pleaseeee?

@Edit
sorry for the mistakes because i'm doing an english course and not finished yet ... C =.

i need also, you have get me Thanks :D

Search... It's been mentioned hundreds of times how the hash for the password is calculated...

ok,i tried to find before, but i didn't find i will try again.

/PWServer/jetty-7.2.0/webapps/pwAdmin/WEB-INF/.pwadminconf.jsp

change

Code:

---

String iweb_password = "~random MD5 String";

---

to

Code:

---

String iweb_password = "63a9f0ea7bb98050796b649e85481845";

---

This will reset the password and when you go to SERVERIP:8080/pwAdmin it will require you to set the password

If I understood what you were asking and this works, please use the like button ;)

Goodluck, post if you can't get it working

Quote:

---

Originally Posted by NaMeLeS

/PWServer/jetty-7.2.0/webapps/pwAdmin/WEB-INF/.pwadminconf.jsp

change

Code:

---

String iweb_password = "~random MD5 String";

---

to

Code:

---

String iweb_password = "63a9f0ea7bb98050796b649e85481845";

---

This will reset the password and when you go to SERVERIP:8080/pwAdmin it will require you to set the password

If I understood what you were asking and this works, please use the like button ;)

Goodluck, post if you can't get it working

---

Fairly certain they meant the user accounts themselves .-.

I really hate how well I understand Engrish

I have released a script just search for it.

Quote:

---

Originally Posted by NaMeLeS

/PWServer/jetty-7.2.0/webapps/pwAdmin/WEB-INF/.pwadminconf.jsp

change

Code:

---

String iweb_password = "~random MD5 String";

---

to

Code:

---

String iweb_password = "63a9f0ea7bb98050796b649e85481845";

---

This will reset the password and when you go to SERVERIP:8080/pwAdmin it will require you to set the password

If I understood what you were asking and this works, please use the like button ;)

Goodluck, post if you can't get it working

---

sorry but I wanted to put a script on the site to change the password for the account of the player,understand??
Anyway i like*..

Code:

---

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>

<form method="post">
Login<br />
<input type="text" name="login" /><br />
Old Password<br />
<input type="password" name="oldpass" />
<br />New Password<br />
<input type="password" name="newpass" /><br />
Repeat New Password<br />
<input type="password" name="repass" />
<input type="submit" value="Send" />
</form>
<?php
if(isset($_POST['login'])){
function anti_injection($anti){

$anti = strip_tags($anti);
$anti = mysql_real_escape_string($anti);
return $anti;

}

$login = anti_injection($_POST['login']);
$oldpass = anti_injection($_POST['oldpass']);
$newpass = anti_injection($_POST['newpass']);
$repass = anti_injection($_POST['repass']);
}

$conn = mysql_connect('host', 'user', 'passwd') or die(mysql_error());
$dbs = mysql_select_db("Dbname", $conn) or die (mysql_error());

$checkacc = mysql_query("SELECT passwd FROM users WHERE name='".$login."'") or die(mysql_error());

if(mysql_num_rows($checkacc) <= 0){ echo "The account doesn't exists"; }
else{

$arraycheck = mysql_fetch_array($checkacc);
$passdb = $arraycheck['passwd'];

if("0x".md5($login.$oldpass) !== $passdb){ echo "Old password incorrect."; }
else{

if($newpass !== $repass){ echo "New Password and Repeat New Password doesn't match"; }

else{
$encript_pass = "0x".md5($login.$newpass);
$chgpass = mysql_query("UPDATE users SET passwd='".$encript_pass."', passwd2='".$encript_pass."' WHERE name='$login'") or die(mysql_error());
echo "Password successfully changed!";
}
       
}
       
}

?>

</body>
</html>

---

I just wrote this script. Haven't tested yet. Test it, and I hope it works, and I hope your password is 0x.md5(login.pass);

Don't forget to change mysql connection properties

Quote:

---

Originally Posted by renan7899

Code:

---

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>

<form method="post">
Login<br />
<input type="text" name="login" /><br />
Old Password<br />
<input type="password" name="oldpass" />
<br />New Password<br />
<input type="password" name="newpass" /><br />
Repeat New Password<br />
<input type="password" name="repass" />
<input type="submit" value="Send" />
</form>
<?php
if(isset($_POST['login'])){
error_reporting(0);
function anti_injection($anti){

$anti = strip_tags($anti);
$anti = mysql_real_escape_string($anti);
return $anti;

}

$login = anti_injection($_POST['login']);
$oldpass = anti_injection($_POST['oldpass']);
$newpass = anti_injection($_POST['newpass']);
$repass = anti_injection($_POST['repass']);
}

$conn = mysql_connect('host', 'user', 'passwd') or die(mysql_error());
$dbs = mysql_select_db("Dbname", $conn) or die (mysql_error());

$checkacc = mysql_query("SELECT passwd FROM users WHERE name='".$login."'") or die(mysql_error());

if(mysql_num_rows($checkacc) <= 0){ echo "The account doesn't exists"; }
else{

$arraycheck = mysql_fetch_array($checkacc);
$passdb = $arraycheck['passwd'];

if("0x".md5($login.$oldpass) !== $passdb){ echo "Old password incorrect."; }
else{

if($newpass !== $repass){ echo "New Password and Repeat New Password doesn't match"; }

else{
$encript_pass = "0x".md5($login.$newpass);
$chgpass = mysql_query("UPDATE users SET passwd='".$encript_pass."', passwd2='".$encript_pass."' WHERE name='$login'") or die(mysql_error());
echo "Password successfully changed!";
}
       
}
       
}

?>

</body>
</html>

---

I just wrote this script. Haven't tested yet. Test it, and I hope it works, and I hope your password is 0x.md5(login.pass);

Don't forget to change mysql connection properties

---

strip tags is redundant as mysql real escape handles everything that is needed
you should also check to see if password changing query actually succeeds instead of reporting directly to user it succeeds even when it fails
no rdms actually requires the use of capital letters, and haven't for a very long time and tbh it just makes things look a bit silly (a lot of people still do it though...)
also the "or die(mysql_error());" confuses me a bit, you tell it to not report errors and then you put an explicit error reporter? A better option is to always handle errors yourself and give an "out of order" message to user instead of a php error message they'll get confused by

P.S. You are also not supposed to just flat out give people something like this as then they never learn, if its something common they need to search more if not then lead them in the right direction if it isn't overly complex </runon>

P.P.S. the giant red text when it isn't useful is incredibly annoying no matter who you ask

Quote:

---

Originally Posted by das7002

strip tags is redundant as mysql real escape handles everything that is needed
you should also check to see if password changing query actually succeeds instead of reporting directly to user it succeeds even when it fails
no rdms actually requires the use of capital letters, and haven't for a very long time and tbh it just makes things look a bit silly (a lot of people still do it though...)
also the "or die(mysql_error());" confuses me a bit, you tell it to not report errors and then you put an explicit error reporter? A better option is to always handle errors yourself and give an "out of order" message to user instead of a php error message they'll get confused by

P.S. You are also not supposed to just flat out give people something like this as then they never learn, if its something common they need to search more if not then lead them in the right direction if it isn't overly complex </runon>

P.P.S. the giant red text when it isn't useful is incredibly annoying no matter who you ask

---

The error reporting will print your IP and some other environment errors. the mysql error will just print what error happened in that query.

Everybody have to test something when take it from the web, see if the results fits with what he wants, doesn't matter if I have tested it or not.

And das, stop trying to find "errors" in everything that I post on the forum.

Quote:

---

Originally Posted by renan7899

The error reporting will print your IP and some other environment errors. the mysql error will just print what error happened in that query.

---

I don't get what you are trying to say here. I know what mysql_error() does, and I know what error_reporting(0) does. Giving the end user either of these is silly and pointless. If you want to allow them to be togglable have an

Code:

---

if(isset($_GET['debug'])){
error_reporting(E_ALL);
define("DEBUG", true);
} else {
error_reporting(0);
define("DEBUG", false);
}

---

And then check the query like so

Code:

---

if($conn){
//connected just fine
$query = mysql_query("select `bla` from `derp`");
if(query){
//query succeeded
} else {
if(DEBUG){
mysql_error();
}
echo "Unable to change password, please try again later";
}
} else {
if(DEBUG){
mysql_error();
}
echo "Password change script isnt working!";

}

---

Quote:

---

Originally Posted by renan7899

And das, stop trying to find "errors" in everything that I post on the forum.

---

You have mentioned that you are rather young. If anything you should take what I say as decent advice as writing robust code is a good habit to learn early in all honesty. I may dislike you some due to stupid things you do, but I'm simply trying to assist you. After all it affects many people when bad code gets circulated around with no one ever pointing out why it is bad or giving hints on how it make it better.

---solved---

Quote:

---

You have mentioned that you are rather young. If anything you should take what I say as decent advice as writing robust code is a good habit to learn early in all honesty. I may dislike you some due to stupid things you do, but I'm simply trying to assist you. After all it affects many people when bad code gets circulated around with no one ever pointing out why it is bad or giving hints on how it make it better.

---

You're saying it's a bad code just because I was wrong about error reporting?

It's a basic script, but it does the job.

"I may dislike you due to stupid thing you do..."

I like and dislike many people here, but I don't need to put my personal feelings in a post, you shouldn't too. Hell, you were complaining even about the red text above.

hrace009 i use your server, explains how to configure data.php 'cause i didn't understand(:
Thank you all

Quote:

---

Originally Posted by renan7899

You're saying it's a bad code just because I was wrong about error reporting?

---

Nope, if you actually read what I wrote I said it's bad code as you don't do any proper checks on what is being run and always tell the user the mysql_error which they don't need to know.

Quote:

---

Originally Posted by renan7899

It's a basic script, but it does the job.

---

Just because it is simple doesn't mean it should be lazily written or give excess information the user doesn't need to see.

Quote:

---

Originally Posted by renan7899

You're saying it's a bad code just because I was wrong about error reporting?

It's a basic script, but it does the job.

"I may dislike you due to stupid thing you do..."

I like and dislike many people here, but I don't need to put my personal feelings in a post, you shouldn't too. Hell, you were complaining even about the red text above.

---

Quote:

---

Originally Posted by das7002

Nope, if you actually read what I wrote I said it's bad code as you don't do any proper checks on what is being run and always tell the user the mysql_error which they don't need to know.



Just because it is simple doesn't mean it should be lazily written or give excess information the user doesn't need to see.

---

stop fighting at people thread :closedeyes: and back to topic, perhaps someone can fix this script

Quote:

---

Originally Posted by hrace009

i was modified 343 change password script with 4 digits PIN as security code, but i don't get it working.

here i give full code on that:

Spoiler:

index.php

PHP Code:

---

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
/*---343 change password script---*/
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Change Password</title>
</head>

<body bgcolor="#161616">
<form name='form1' method='post' action='data.php'>
<b><font color=white>
<table width="337">
  <tr>
    <th scope="col"><div align="center"><strong>User Name</strong></div></th>
    <th scope="col"><div align="center"><strong>:</strong></div></th>
    <th scope="col">
      
        <div align="center">
          <input name='myusername' type='text' id='myusername' />
        </div></th></tr>
  <tr>
    <th scope="row"><div align="center"><strong>Email Address</strong></div></th>
    <td><div align="center"><strong>:</strong></div></td>
    <td>
      <div align="center">
        <input name='email' type='text' id='email' />
        </div></td>
  <tr>
    <th scope="row"><div align="center"><strong>Current Password</strong></div></th>
    <td><div align="center"><strong>:</strong></div></td>
    <td>
      <div align="center">
        <input name='oldpassword' type='password' id='oldpassword' />
        </div></td>
  </tr>
  <tr>
    <th scope="row"><div align="center"><strong>New Password</strong></div></th>
    <td><div align="center"><strong>:</strong></div></td>
    <td>
      <div align="center">
        <input name='newpassword' type='password' id='newpassword' />
        </div></td>
  </tr>
  <tr>
    <th scope="row"><div align="center"><strong>Confirm New Password</strong></div></th>
    <td><div align="center"><strong>:</strong></div></td>
    <td>
      <div align="center">
        <input name='confirmnew' type='password' id='confirmnew' />
        </div></td>
  </tr>
    </tr>
    <tr>
    <th scope="row"><div align="center"><strong>Pin</strong></div></th>
    <td><div align="center"><strong>:</strong></div></td>
    <td>
      <div align="center">
        <input name='pin' type='password' id='pin' />
        </div></td>
  </tr>
  <tr>
    <th colspan="3" scope="row"><div align="center">
      <input type='submit' name='Submit' value='Change Password' />
    </div></th>
  </tr>
</table>
</form>
</body>
</html> 


---

data.php

PHP Code:

---

<body bgcolor="#161616">
<font color=white>
<style type="text/css">
<!--
body {
    background-color: #161616;
    background-image: url();
    background-repeat: no-repeat;
    background-position: center 0;
    color: white;
}
    A:link {text-decoration: none; color: orange;}
    A:visited {text-decoration: none; color: orange;}
    A:active {text-decoration: none; color: orange;}
    A:hover {text-decoration: underline overline; color: white;}
</style>
<?
/*---343 change password script---*/
require_once("DB.php");

include "connector.php";
   $mysql = 'mysql://';
   $col = ':';
   $at = '@';
   $slash = '/';
   $dbdsn = $mysql.$DB_User.$col.$DB_Password.$at.$DB_Host.$slash.$DB_Name;

$dbh =& DB::connect($dbdsn);
if (PEAR::isError($dbh)) {
    die($dbh->getMessage());
}
$dbh->setFetchMode(DB_FETCHMODE_ASSOC);

$UserName=$_POST['myusername']; 
$EMail=$_POST['email'];
$OldPassword=$_POST['oldpassword'];
$NewPassword=$_POST['newpassword'];
$ConfirmNew=$_POST['confirmnew'];
$Pin=$_POST['pin'];

$UserName = stripslashes(StrToLower($UserName));
$EMail = stripslashes(StrToLower($EMail));
$OldPassword = stripslashes($OldPassword);
$NewPassword = stripslashes($NewPassword);
$ConfirmNew = stripslashes($ConfirmNew);
$Pin = stripslashes($Pin);

$UserName = mysql_real_escape_string($UserName);
// $EMail = mysql_real_escape_string($EMail);
$OldPassword = mysql_real_escape_string($OldPassword);
$NewPassword = mysql_real_escape_string($NewPassword);
// $ConfirmNew = mysql_real_escape_string($ConfirmNew);
$Pin = mysql_real_escape_string($Pin);

        if (empty($UserName) || empty($EMail) || empty($OldPassword) || empty($NewPassword) || empty($ConfirmNew) || empty($OldPassword))
            {
                echo "<font color=red>One or more fields are empty.</font><br><input type='button' onClick=location.href='index.php' value='Some data was empty, please fix it'></input><br><br>";
            }
ELSE {

//Count String Length
$CountNewPassword = strlen($NewPassword);

IF ($CountNewPassword < 5 OR $CountNewPassword > 10) {
    echo "<font color=red>Password Must be at least 5 Characters, and no more than 10. </font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
}
ELSE {

// Make sure New Password fields match
IF ( $NewPassword !== $ConfirmNew ) {
    echo "<font color=red>Confirm New Password Failed. <font color=white>New Password</font> and <font color=white>Confirm New Password</font> Fields Must Match. Please Try Again.</font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
}
ELSE {

//Count Pin Length
$Pin = strlen($Pin);

IF ($Pin < 4 OR $Pin > 4) {
    echo "<font color=red>Pin must have 4 digits.</font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
}
ELSE {

//Encrypt Password and Username
$EncryptOldPassword = "0x" . md5($UserName . $OldPassword);
$EncryptNewPassword = "0x" . md5($UserName . $NewPassword);

$GetIP=$_SERVER['REMOTE_ADDR'];

$GetAccountInfo = Mysql_Query("SELECT * FROM users WHERE name = '$UserName'");
$GetAccountNum = Mysql_Num_Rows($GetAccountInfo);
IF ($GetAccountNum == 1) {
    $GetAccountArray = Mysql_Fetch_Array($GetAccountInfo);
    $GetPassword = $GetAccountArray['passwd'];
        $GetEmail = $GetAccountArray['email'];
    $GetPin = $GetAccountArray['qq'];
    $GetPassword = addslashes($GetPassword);
        $GetEmail = addslashes($GetEmail);
     $GetPin = addslashes($GetPin);
    $rs = mysql_query("SELECT fn_varbintohexsubstring (1,'$GetPassword',1,0) AS result");
        $rs2 = mysql_query("SELECT '$GetEmail' AS result2");
    $rs3 = mysql_query("SELECT '$GetPin' AS result3");
    $GetResult = Mysql_Fetch_Array($rs);
        $GetResultEmail = Mysql_Fetch_Array($rs2);
    $GetResultPin = Mysql_Fetch_Array($rs3);
    $CheckPassword = $GetResult['result'];
        $CheckEmail = $GetResultEmail['result2'];
     $CheckPin = $GetResultPin['result3'];
        IF ($EMail == $CheckEmail) {
     IF ($Pin == $CheckPin) {
    IF ($EncryptOldPassword == $CheckPassword) {
        Mysql_Query("CALL changePasswd ($GetAccountInfo->quoteSmart'$UserName', $EncryptNewPassword)");
        Mysql_Query("CALL changePasswd2 ($GetAccountInfo->quoteSmart'$UserName', $EncryptNewPassword)");
        echo "<font color='green' size='+2'>Password for Account: <font color=red>$UserName</font> has been changed</font><br><input type='button' onClick=location.href='index.php' value='Go Back'></input><br><br>";
    }
    ELSE {
        echo "<font color=red>Account Information is Incorrect! </font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
    }
}
}
ELSE {
    echo "<font color=red>Account Information is Incorrect! </font><br><input type='button' onClick=location.href='index.php' value='Try Again / Change Your Account Password'></input><br><br>";
    }
   }
  }
 }
}
}
?>

---

connector.php

PHP Code:

---

<?php
/*---343 change password script---*/
    /*-------Config MySQL Database-------*/

    $DB_Host = "localhost";  // localhost or your IP for MySQL
    $DB_User = "root";  // Database username
    $DB_Password = "root";  // Database password
    $DB_Name = "data";  // Database name
    
    $ServerIP = "localhost";  // WAN IP (Public IP) or DOMAIN NAME of your Server
    $LanIP = "localhost";  // LAN IP of your Server
    $ServerPort = "29000";  // PW Server Port

    $top=50;  // How many top players to show (on rank page)





    /*-------END User Config-------*/





    $db_link = mysql_connect($DB_Host, $DB_User, $DB_Password);
    $db = mysql_select_db("$DB_Name", $db_link);

    // security check for http_get variables to prevent injections
    foreach ($_GET as $key => $value)
    {
        $_GET[$key] = mysql_real_escape_string($value, $db_link);
    }
    // security check for http_get variables to prevent injections
    foreach ($_POST as $key => $value)
    {
        $_POST[$key] = mysql_real_escape_string($value, $db_link);
    }

?>

---

can someone tell me what i'am miss in that code :wink:

---

Code:

---

require_once("DB.php");

---

DB.php - And where is the file?

Quote:

---

Originally Posted by Pilad

Code:

---

require_once("DB.php");

---

DB.php - And where is the file?

---

that was pear, you must install pear first

apt-get install php-pear