- This script will only function with the following requirements met:
- PHP 5.3+
- SQLSRV api e.g PHP Driver 3.0+
- Properly configured IIS 7.5+
- Basic Knowledge of HTML/PHP
- I will not be answering any questions and anything posted here-in will be provided on an as-is basis with the knowledge that you may have to make adaptations to the script to suit your specific needs.
- I will not be held responsible for any failure to commit security precautions on your part.
- This script is not and will never be perfect, remember to keep up with current trend articles on PHP and website safety in-general.
- Don't bicker about thinking your methods are better or whatever, I don't care, use it or don't.
This script was initially designed for a user control panel but can easily be adapted to use <form> input
First using your fav text editor and open a new text file as we will need to create our database config
Code:
<?php $database_ip = ""; $database_name = ""; $database_user = ""; $database_pass = ""; $sql_error ="There has been a connection error, please check db_config"; $connectionInfo = array( "Database"=>"$database_name", "UID"=>"$database_user", "PWD"=>"$database_pass"); $connect = sqlsrv_connect( $database_ip, $connectionInfo) or die($sql_error); ?>
Now open another new text file and copy and paste the below contents into it, modify as needed
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <style type="text/css"> #new_pass, #conf_new_pass, #current_pass { width: 540px; padding: 7px; font-weight: bold; background-color: #768588; border: 1px solid black; } #title { padding: 5px; color: #171f21; font-size: 18px; font-family: 'Francois One', sans-serif; } #button { padding: 10px; color: black; font-size: 18px; font-family: 'Francois One', sans-serif; background-color: #768588; border: 1px solid black; } </style> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Password Changer</title> </head> <body><br /> <form id="pwd_changer" name="pwd_changer" method="post" action="ck_curpw.php"> <p> <label id="title">PASSWORD CHANGE</label> <br /><br /> <input type ="text" name="username" id="username"/> <label id="title">Current password</label> <br /> <label for="textbox"></label> <input type="password" name="current_pass" id="current_pass" size="95" /> </p> <p> <label id="title">New Password</label> <br /> <input type="password" name="new_pass" id="new_pass" size="95" /> <br /> <br /> <label id="title">Confirm New Password</label> <br /> <input type="password" name="conf_new_pass" id="conf_new_pass" size="95" /> </p> <center><input type="submit" name="button" id="button" value="Submit" /></center> </form> </body> </html> ?>
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link href='http://fonts.googleapis.com/css?family=Revalia|McLaren' rel='stylesheet' type='text/css'> <style type="text/css"> body{ text-align: justify; font-family: 'McLaren', cursive; color: #435c6b; font-size: 12px; } #button { padding: 10px; color: #0077aa; font-size: 18px; font-family: 'Francois One', sans-serif; } </style> <title>Redemption - Homepage</title> </head> <body> <center> <?php //Start Session session_start(); // Database Connection Information include("db_config.php"); //Define Posted Variable $md5_key = "2011"; $data_array = $_POST; $array_char = array("'","/","\\","*",":","!","?",".", "&", "%", "ù","^", "$", "=","¨","}","{","(",")","~","#","[","]","ç","Ã*","é","€","§",";","¤","°","£","`","<",">"); $user = $data_array['username']; $user = str_replace($array_char, "", $user); $password_cur = $data_array['current_pass']; $password_cur = str_replace($array_char, "", $password_cur); $password_new = $data_array['new_pass']; $password_new = str_replace($array_char, "", $password_new); $password_conf_new = $data_array['conf_new_pass']; $password_conf_new = str_replace($array_char, "", $password_conf_new); $comb_pass_cur = $md5_key.$password_cur; $fin_pass_cur = md5($comb_pass_cur); $comb_pass_new = $md5_key.$password_new; $fin_pass_new = md5($comb_pass_new); $comb_pass_conf_new = $md5_key.$password_conf_new; $fin_pass_conf_new = md5($comb_pass_conf_new); //Define Check (Username + Password) $search_un_pw = "SELECT login_name FROM dbo.Accounts WHERE login_name = '$user' AND password = '$fin_pass_cur'"; //Execute Check (Username + Password) $exec_search_un_pw = sqlsrv_query($connect, $search_un_pw); //Return Result $return = sqlsrv_has_rows($exec_search_un_pw); if($fin_pass_new != $fin_pass_conf_new){ echo "The passwords you have entered do not match, please try again!"; exit; } if($return === TRUE){ //Session Data $_SESSION['username'] = $user; $_SESSION['new_pwd'] = $fin_pass_new; $_SESSION['fin_new_pwd'] = $fin_pass_conf_new; header('Location: exec_cnpw.php'); } else { echo "<img src='../img/crown.png' height='250' width='250' /> <br /> <br /> <b>The password you have entered was incorrect! <br /> <br /> Please go back and try again!</b>"; echo '<br /> <br /> <input type="button" onClick="history.back()" id="button" value="Back"></input>'; } ?> </body> </html>
Code:
<?php //Start Session session_start(); // Database Connection Information include("db_config.php"); //Define Session Variables $username = $_SESSION['username']; $new_pass = $_SESSION['new_pwd']; $fin_new_pass = $_SESSION['fin_new_pwd']; //Change Password $query = "UPDATE dbo.Accounts SET password = '$fin_new_pass' WHERE login_name = '$username'"; $exec_query = sqlsrv_query($connect, $query); if(!$exec_query){ echo "Error! The query has failed to execute REF: exec_query"; exit; } else{ sqlsrv_query($connect, $query); echo "Your password has been successfully changed! <br/>"; echo "Your new password is: $new_pass <br/>"; echo "Don't forget to copy your new password or write it down!'"; } ?>
This script comes from an older itteration of a Redemption website, I will not support it and if you can't get it working with google then you do not need to be using it in the first place, but for those with basic php knowledge, enjoy.
--Disclaimer-- All coding used in the above script is the sole creation of iSmokeDrow
If you think this should be stickied you should pm