Code:
<table width="299" height="22" border="10" align="center"> <tr> <td width="*" height="18"><div align="center"><strong><a href="http://(Hamachi-IP)/co/">Home</a></strong></div></td> <td width="*"><div align="center"><strong><a href="Devil.php">Top Devils</a></strong></div></td> <td width="*"><div align="center"><strong><a href="noble1.php">Top Donations</a></strong></div></td> <td width="*"><div align="center"><strong><a href="TopGuild.php">Top Guild</a></strong></div></td> <td width="*"><div align="center"><strong><a href="topvirtue.php">Top VirtuePoints</a></strong></div></td> <td width="*"><div align="center"><strong><a href="ko.php">Ko Board</a></strong></div></td> <td width="*"><div align="center"><strong><a href="character.php">Top Characters</a></strong></div></td> <td width="*"><div align="center"><strong><a href="TopMoneyBags.php">Top MoneyBags</a></strong></div></td> <td width="*"><div align="center"><strong><a href="topjobindex.php">Top Profession's</a></strong></div></td> <td width="*"><div align="center"><strong><a href="pass.php">Password Change</a></strong></div></td> </tr> <?php require_once ('config.php'); ?> <center><b class="h2"> <?php echo '<font color="#00FF00">Welcome to '.$servername.' Password change'; ?> </b><br /> <br /></center> <br /> <center><form method='post' action=''><table class=body width="440" height="229"> <tr> <td align="left" height="32"><b>Account Id:</b></td> <td class="it3" height="32"><input class="it" name="login" id="id" /></td> </tr> <tr> <td align="left" height="37">New Password:</td> <td class="it3" height="37"><input class="it" id="ipassword" type="password" maxLength=12 name="pass" /></td> </tr> <tr> <td align="left" height="32">Retype New Password:</td> <td class=it3 height="32"><input class="it1" id="ipassword" type="password" maxlength=12 name="retpass" /></td> </tr> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"><b></b></td> </tr> <tr> <td align="left" height="32"><b>Account Question:</b></td> <td class=it3 height="32"><input type="text" maxlength=16 name="ownerID" /></td> </tr> <?php if ($chPass) { ?> <tr> <td align="left" height="32"><b>Question Anwser</b></td> <td class=it3 height="32"><input type="text" maxlength=16 name="ownerReply" /></td> </tr> <?php } ?> <tr> <td colspan="2"> </td> </tr> <tr> <td align="left" height="32">E-mail:</td> <td class=it3 height="32"><input type="text" name="email" /></td> </tr> <?php if ($requireCAPTCHA) { ?> <tr> <td align="left" height="32"><b>Type Check Code</b>:</td> <td class=it3 height="32"><input name='CheckCode' size='20' maxlength='6'class=it style="FONT-SIZE: 9pt"></td> </tr> <tr> <td height="25" align="left">Check Code:</td> <td height="25"><span style="font-size: 9pt"> <img src='./inc/img.php' width='200' height='60' alt='CAPTCHA' /></td> </tr> <?php } ?> <tr> <td></td> <td style="FONT-SIZE: 14px; VERTICAL-ALIGN: middle"> <span style="font-size: 9pt"><input type="hidden" name="hash"><!-- Created by <someone> @ webyt.net --> <input class=Butt type=submit onclick="hash.value = login(pass.value)" value='Change it' name=B1 /></span></td> </tr></table> </form> <?php if(isset($_POST['retpass']) && isset($_POST['login']) && isset($_POST['pass']) && isset($_POST['ownerID'])) { if(!Empty($_POST['retpass']) && !Empty($_POST['login']) && !Empty($_POST['pass']) && !Empty($_POST['ownerID'])) { $ok=false; if ($requireCAPTCHA) { if (PhpCaptcha::Validate($_POST['CheckCode'])) $ok=true; } else $ok=true; if($ok) { mysql_select_db($accdb); $userid = trim($_POST['login']); $password=trim($_POST['pass']); $passretype=trim($_POST['retpass']); $hash=$_POST['hash']; $ownerReply=(isset($_POST['ownerReply']) ? substr(trim($_POST['ownerReply']), 0,16) : ''); $mail=(isset($_POST['email']) ? trim($_POST['email']) : ''); $ownerID=substr(trim($_POST['ownerID']), 0,16); if (!Empty($mail)) if (!ereg("^[0-9a-zA-Z]{4,128}$", (strtr($mail, Array('@'=>'','.'=>''))))) { $mail=''; echo 'mail > Only letters a to z and special chars @ . are allowed'; } if(!eregi("^[0-9a-z]{4,12}$",$userid)) { echo 'login > Only letters from "a" to "z" and numbers, lenght of 4 to 12 characters'; } else { if($password == $passretype) { if(!ereg("^[0-9a-zA-Z]{4,22}$",$password)) { echo 'password > Only letters or numbers, lenght of 4 to 22 characters'; } else { $res = mysql_query('SELECT * FROM account WHERE name="'.$userid.'" AND idnumber="'.$ownerID .($chPass ? '" AND phone="'.$ownerReply : '').'" ORDER BY id DESC'); if(mysql_num_rows($res) == 1) { //$d=explode ('.', $_SERVER['REMOTE_ADDR']); //for case that IP limits works and u can restrict access from spec. class C IP address range // idnumber = ownerID phone=ownerReply // I doubt phone will be used or someone rly provide his number anyway mysql_query('UPDATE account SET password="'.($passhash ? $hash : $password) .(!Empty($mail) ? '", email="'.$mail : '') .'", netbar_ip="'.$_SERVER['REMOTE_ADDR'].'", ip_mask="'.'255.255.255.0" ' .'WHERE name="'.$userid.'" AND idnumber="'.$ownerID.'";'); echo 'Success > Account info updated successfully.'; } else echo 'Error > Wrong login and/or owner... info.'; } } else echo 'Error > New passwords did not match.'; } } // if $ok else echo 'Error > Check Code is Wrong.'; } else echo 'Error > umm why there is empty <b>required</b> areas in register form????'; } ?> </center>