Script Pass
Code:
<table width="299" height="22" border="10" align="center">
<tr>
<td width="*" height="18"><div align="center"><strong><a href="http://(Hamachi-IP)/co/">Home</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="Devil.php">Top Devils</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="noble1.php">Top Donations</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="TopGuild.php">Top Guild</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="topvirtue.php">Top VirtuePoints</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="ko.php">Ko Board</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="character.php">Top Characters</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="TopMoneyBags.php">Top MoneyBags</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="topjobindex.php">Top Profession's</a></strong></div></td>
<td width="*"><div align="center"><strong><a href="pass.php">Password Change</a></strong></div></td>
</tr>
<?php
require_once ('config.php');
?>
<center><b class="h2"> <?php echo '<font color="#00FF00">Welcome to '.$servername.' Password change'; ?> </b><br />
<br /></center>
<br />
<center><form method='post' action=''><table class=body width="440" height="229">
<tr>
<td align="left" height="32"><b>Account Id:</b></td>
<td class="it3" height="32"><input class="it" name="login" id="id" /></td>
</tr> <tr>
<td align="left" height="37">New Password:</td>
<td class="it3" height="37"><input class="it" id="ipassword" type="password" maxLength=12 name="pass" /></td>
</tr> <tr>
<td align="left" height="32">Retype New Password:</td>
<td class=it3 height="32"><input class="it1" id="ipassword" type="password" maxlength=12 name="retpass" /></td>
</tr> <tr>
<td colspan="2"> </td>
</tr> <tr>
<td colspan="2"><b></b></td>
</tr> <tr>
<td align="left" height="32"><b>Account Question:</b></td>
<td class=it3 height="32"><input type="text" maxlength=16 name="ownerID" /></td>
</tr> <?php if ($chPass) { ?> <tr>
<td align="left" height="32"><b>Question Anwser</b></td>
<td class=it3 height="32"><input type="text" maxlength=16 name="ownerReply" /></td>
</tr> <?php } ?> <tr>
<td colspan="2"> </td>
</tr> <tr>
<td align="left" height="32">E-mail:</td>
<td class=it3 height="32"><input type="text" name="email" /></td>
</tr> <?php if ($requireCAPTCHA) { ?> <tr>
<td align="left" height="32"><b>Type Check Code</b>:</td>
<td class=it3 height="32"><input name='CheckCode' size='20' maxlength='6'class=it style="FONT-SIZE: 9pt"></td>
</tr> <tr>
<td height="25" align="left">Check Code:</td>
<td height="25"><span style="font-size: 9pt">
<img src='./inc/img.php' width='200' height='60' alt='CAPTCHA' /></td>
</tr> <?php } ?> <tr>
<td></td>
<td style="FONT-SIZE: 14px; VERTICAL-ALIGN: middle">
<span style="font-size: 9pt"><input type="hidden" name="hash"><!-- Created by <someone> @ webyt.net -->
<input class=Butt type=submit onclick="hash.value = login(pass.value)" value='Change it' name=B1 /></span></td>
</tr></table>
</form>
<?php
if(isset($_POST['retpass']) && isset($_POST['login']) && isset($_POST['pass']) && isset($_POST['ownerID'])) {
if(!Empty($_POST['retpass']) && !Empty($_POST['login']) && !Empty($_POST['pass']) && !Empty($_POST['ownerID'])) {
$ok=false;
if ($requireCAPTCHA) { if (PhpCaptcha::Validate($_POST['CheckCode'])) $ok=true; }
else $ok=true;
if($ok) {
mysql_select_db($accdb);
$userid = trim($_POST['login']);
$password=trim($_POST['pass']);
$passretype=trim($_POST['retpass']);
$hash=$_POST['hash'];
$ownerReply=(isset($_POST['ownerReply']) ? substr(trim($_POST['ownerReply']), 0,16) : '');
$mail=(isset($_POST['email']) ? trim($_POST['email']) : '');
$ownerID=substr(trim($_POST['ownerID']), 0,16);
if (!Empty($mail)) if (!ereg("^[0-9a-zA-Z]{4,128}$", (strtr($mail, Array('@'=>'','.'=>''))))) {
$mail='';
echo 'mail > Only letters a to z and special chars @ . are allowed';
}
if(!eregi("^[0-9a-z]{4,12}$",$userid)) {
echo 'login > Only letters from "a" to "z" and numbers, lenght of 4 to 12 characters';
}
else {
if($password == $passretype) {
if(!ereg("^[0-9a-zA-Z]{4,22}$",$password)) {
echo 'password > Only letters or numbers, lenght of 4 to 22 characters';
}
else {
$res = mysql_query('SELECT * FROM account WHERE name="'.$userid.'" AND idnumber="'.$ownerID
.($chPass ? '" AND phone="'.$ownerReply : '').'" ORDER BY id DESC');
if(mysql_num_rows($res) == 1) {
//$d=explode ('.', $_SERVER['REMOTE_ADDR']);
//for case that IP limits works and u can restrict access from spec. class C IP address range
// idnumber = ownerID phone=ownerReply
// I doubt phone will be used or someone rly provide his number anyway
mysql_query('UPDATE account SET password="'.($passhash ? $hash : $password)
.(!Empty($mail) ? '", email="'.$mail : '')
.'", netbar_ip="'.$_SERVER['REMOTE_ADDR'].'", ip_mask="'.'255.255.255.0" '
.'WHERE name="'.$userid.'" AND idnumber="'.$ownerID.'";');
echo 'Success > Account info updated successfully.';
}
else echo 'Error > Wrong login and/or owner... info.';
}
}
else echo 'Error > New passwords did not match.';
}
} // if $ok
else echo 'Error > Check Code is Wrong.';
}
else echo 'Error > umm why there is empty <b>required</b> areas in register form????';
}
?>
</center>
