Basic change password script

[Ricobob]

Can anyone make a basic change password script? Something with a username, current password, new password and confirm password fields.

Thank you.

 

[Kyuma]

I Want That Too xD

 

[alfredao]

Search for UserCP

 

[alfredao]

Here is the Script

<?php
$mssql_user = "sa";

$mssql_senha = "123123";

$mssql_database = "GunzDB";

$mssql_host = "ALFREDO\SQLEXPRESS";

$conn = mssql_connect($mssql_host, $mssql_user, $mssql_senha);

mssql_select_db($mssql_database);

?>

<FORM METHOD=POST ACTION="changepass.php?act=mudarsenha">

<table width="424" height="163" border="0" align="center" bordercolor="#A0A0A4">

  <tr>

    <td width="215" align="right">User</td>

    <td width="199"><input name="usuario" type="text" id="usuario"></td>

  </tr>

  <tr>

    <td align="right">Password</td>

    <td><input name="senha" type="password" id="senha"></td>

  </tr>

  <tr>

    <td height="28" align="right">New Password</td>

    <td><input name="novasenha" type="password" id="novasenha"></td>

  </tr>

  <tr>

    <td align="right">Retype new Password</td>

    <td><input name="repetir" type="password" id="repetir"></td>

  </tr>

  <tr>

    <td align="right"><?php 





    if ($_GET['act'] == 'mudarsenha')

{

    $usuario = anti_injection($_POST['usuario']);

    $senha = anti_injection($_POST['senha']);

    $novasenha = anti_injection($_POST['novasenha']);

    $repetir = anti_injection($_POST['repetir']);

    if (valida(Array($usuario,$senha,$novasenha,$repetir)) == true)

    if ($novasenha != $repetir){

    echo "The new passwords not match!";

    } else {

    $query = mssql_query("SELECT * FROM Login WHERE UserID='$usuario' AND Password='$senha'");

            if(mssql_num_rows($query)<1){

            echo "User/Pass Wrong!";

                } else {

            $sql=mssql_query("UPDATE Login set Password='$novasenha' WHERE UserID='$usuario'");

            if ($sql) echo "Password mudard, $usuario"; else echo 'There is a problem';

        }

    }

}

function anti_injection($sql)

{

$sql = preg_replace(sql_regcase("/(from|select|update|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);

$sql = trim($sql);

$sql = strip_tags($sql);

$sql = addslashes($sql);

return $sql;

}



function valida($campos){

  foreach($campos as $c){

      if(empty($c)){

        echo "Please, complete all textboxs";

        return false;

      }else{

        return true;

        }

  }

}

     ?></td>

    <td><input type="submit" name="Submit" value="Change"></td>

  </tr>

</table>

 

[Guy]

function anti_injection($sql)

{

$sql = preg_replace(sql_regcase("/(from|select|update|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);

$sql = trim($sql);

$sql = strip_tags($sql);

$sql = addslashes($sql);

return $sql;

}

Terrible escape function, yet again..

 

[Ricobob]

@alfredao
Thank you for the script but I have one problem.
It redirects to a blank page because I don't have this action "changepass?act=mudarsenha".

 

[alfredao]

Rename your script to changepass.php

And enter .

To view the content, you need to sign in or register

 

[Ricobob]

Thank you. I'm gonna try it later.

 

[JuanMedina]

ez than older

 

[00niels00]

<FORM method="post" action="<? echo $PHP_SELF;?>">
<table align="center">
<tr>
<td>
<p>
<h1>Change Password</h1>
<p>
</td>
</tr>
<tr>
<td>
<p><b>Accountname:</b>
</td>
<td>
<input name="name" type="text" />
</td>
</tr>
<tr>
<td>
<p><b>Current Password:</b>
</td>
<td>
<input name="Cpass" type="password" />
</td>
</tr>
</tr>
<tr>
<td>
<p><b>New Password:</b>
</td>
<td>
<input name="Npass" type="password" />
</td>
</tr>
<tr>
<td>
<input type="submit" value="change" name="change" />
</td>
</tr>
</form>

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
include('config.php');


if(isset($_POST['change']))
{

$name = anti_injection($_POST ["name"]);
$Cpass = anti_injection($_POST ["Cpass"]);
$Npass = anti_injection($_POST ["Npass"]);
$wut = mssql_query("SELECT UserID,Password FROM login WHERE UserID='$name'");
$pw = mssql_fetch_assoc($wut);
if($Cpass == $pw['Password'])
{
mssql_query("UPDATE login SET Password='$Npass' WHERE UserID='$name'");  
echo"Changed Succesfully!";
}
else
{
echo "Wrong Password";
}
}

?>

Thats mine

 

[Ricobob]

Thanks niels but I'm having this error.

Fatal error: Call to undefined function anti_injection() in C:\wamp\www\changepass.php on line 51

Edit.
Thank you again, got it fixed.