Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Rappelz > Rappelz Private Server
You last visited: Today at 12:25

  • Please register to post and access all features, it's quick, easy and FREE!

 

[RELEASE] SQLSRV Password Changer

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Oct 2010
Posts: 2,557
Received Thanks: 2,411
[RELEASE] SQLSRV Password Changer

Warnings!
  • This script will only function with the following requirements met:
    • PHP 5.3+
    • SQLSRV api e.g PHP Driver 3.0+
    • Properly configured IIS 7.5+
    • Basic Knowledge of HTML/PHP
  • I will not be answering any questions and anything posted here-in will be provided on an as-is basis with the knowledge that you may have to make adaptations to the script to suit your specific needs.
  • I will not be held responsible for any failure to commit security precautions on your part.
  • This script is not and will never be perfect, remember to keep up with current trend articles on PHP and website safety in-general.
  • Don't bicker about thinking your methods are better or whatever, I don't care, use it or don't.


This script was initially designed for a user control panel but can easily be adapted to use <form> input

First using your fav text editor and open a new text file as we will need to create our database config

Code:
<?php
$database_ip = "";
$database_name = "";
$database_user = "";
$database_pass = "";
$sql_error ="There has been a connection error, please check db_config";
$connectionInfo = array( "Database"=>"$database_name", "UID"=>"$database_user", "PWD"=>"$database_pass");
$connect = sqlsrv_connect( $database_ip, $connectionInfo) or die($sql_error);
?>
Copy and paste the info into your new blank file, edit as needed and save as db_config.php!

Now open another new text file and copy and paste the below contents into it, modify as needed

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style type="text/css">
#new_pass, #conf_new_pass, #current_pass {
	width: 540px;	
	padding: 7px;
	font-weight: bold;
	background-color: #768588;
	border: 1px solid black;
}
#title {
	padding: 5px;
	color: #171f21;
	font-size: 18px;
	font-family: 'Francois One', sans-serif;
}

#button {
	padding: 10px;
	color: black;
	font-size: 18px;
	font-family: 'Francois One', sans-serif;
	background-color: #768588;
	border: 1px solid black;
}
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Password Changer</title>
</head>
<body><br />
<form id="pwd_changer" name="pwd_changer" method="post" action="ck_curpw.php">
<p>
<label id="title">PASSWORD CHANGE</label> <br /><br />
<input type ="text" name="username" id="username"/>
  <label id="title">Current password</label> <br />
    <label for="textbox"></label>
    <input type="password" name="current_pass" id="current_pass" size="95" />
  </p>
  <p>
  <label id="title">New Password</label> <br />
    <input type="password" name="new_pass" id="new_pass" size="95" />
    <br />
    <br />
  <label id="title">Confirm New Password</label> <br />
<input type="password" name="conf_new_pass" id="conf_new_pass" size="95" />
  </p>
  <center><input type="submit" name="button" id="button" value="Submit" /></center>
</form>
</body>
</html>
?>
Save File as change_pw.php and open another new file in your text editor. Now we will check if the users name and password exist.

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href='http://fonts.googleapis.com/css?family=Revalia|McLaren' rel='stylesheet' type='text/css'>
<style type="text/css">
body{
	text-align: justify;
	font-family: 'McLaren', cursive;
	color: #435c6b;
	font-size: 12px;
}
#button {
	padding: 10px;
	color: #0077aa;
	font-size: 18px;
	font-family: 'Francois One', sans-serif;
}
</style>
<title>Redemption - Homepage</title>
</head>

<body>
<center>
<?php
//Start Session
session_start();

// Database Connection Information
include("db_config.php");

//Define Posted Variable
$md5_key = "2011";
$data_array = $_POST;
$array_char = array("'","/","\\","*",":","!","?",".", "&", "%", "ù","^", "$", "=","¨","}","{","(",")","~","#","[","]","ç","*","é","‚","§",";","¤","°","£","`","<",">");
$user = $data_array['username'];
$user = str_replace($array_char, "", $user);		
$password_cur = $data_array['current_pass'];
$password_cur = str_replace($array_char, "", $password_cur);
$password_new = $data_array['new_pass'];
$password_new = str_replace($array_char, "", $password_new);
$password_conf_new = $data_array['conf_new_pass'];		
$password_conf_new = str_replace($array_char, "", $password_conf_new);
$comb_pass_cur = $md5_key.$password_cur;
$fin_pass_cur = md5($comb_pass_cur);
$comb_pass_new = $md5_key.$password_new;
$fin_pass_new = md5($comb_pass_new);
$comb_pass_conf_new = $md5_key.$password_conf_new;
$fin_pass_conf_new = md5($comb_pass_conf_new);

//Define Check (Username + Password)
$search_un_pw = "SELECT login_name FROM dbo.Accounts WHERE login_name = '$user' AND password = '$fin_pass_cur'";

//Execute Check (Username + Password)
$exec_search_un_pw = sqlsrv_query($connect, $search_un_pw);

//Return Result
$return = sqlsrv_has_rows($exec_search_un_pw);

if($fin_pass_new != $fin_pass_conf_new){
echo "The passwords you have entered do not match, please try again!";
exit;
}
if($return === TRUE){
//Session Data 
$_SESSION['username'] = $user;
$_SESSION['new_pwd'] = $fin_pass_new;
$_SESSION['fin_new_pwd'] = $fin_pass_conf_new;
header('Location: exec_cnpw.php');
}
else
{
	echo "<img src='../img/crown.png' height='250' width='250' /> <br /> <br /> <b>The password you have entered was incorrect! <br /> <br /> Please go back and try again!</b>";
	echo '<br /> <br /> <input type="button" onClick="history.back()" id="button" value="Back"></input>';
}

?>
</body>
</html>
Now save this file as ck_curpw.php and open a new file in your text editor and copy the below into it:

Code:
<?php
//Start Session
session_start();

// Database Connection Information
include("db_config.php");

//Define Session Variables
$username = $_SESSION['username'];
$new_pass = $_SESSION['new_pwd'];
$fin_new_pass = $_SESSION['fin_new_pwd'];

//Change Password
$query = "UPDATE dbo.Accounts SET password = '$fin_new_pass' WHERE login_name = '$username'";
$exec_query = sqlsrv_query($connect, $query);

if(!$exec_query){
	echo "Error! The query has failed to execute REF: exec_query";
        exit;
}
else{
sqlsrv_query($connect, $query);
echo "Your password has been successfully changed! <br/>";
echo "Your new password is: $new_pass <br/>";
echo "Don't forget to copy your new password or write it down!'";
}

?>
Now save the above as exec_cnpw.php

This script comes from an older itteration of a Redemption website, I will not support it and if you can't get it working with google then you do not need to be using it in the first place, but for those with basic php knowledge, enjoy.

--Disclaimer-- All coding used in the above script is the sole creation of iSmokeDrow

If you think this should be stickied you should pm



ismokedrow is offline  
Thanks
4 Users
Old   #2
 
elite*gold: 0
Join Date: Nov 2011
Posts: 66
Received Thanks: 4
nice !!


ghost_h is offline  
Thanks
1 User
Old   #3
 
elite*gold: 0
Join Date: Aug 2012
Posts: 312
Received Thanks: 252
Why do you use Session for that O_o a simply $_GET do the job and don't eat many RAM usage on the server

I think you can do other thing but i don't have the time for look the code
gr4ph0s is offline  
Old   #4
 
elite*gold: 0
Join Date: Oct 2010
Posts: 2,557
Received Thanks: 2,411
I looked through the script and wondered why I had used a <form> in ck_ I originally had thought I made it an automatic pass-through (where $_SESSION would have been a better route) but seeing as there was a <form> in ck_ I simply attached the username/new_pwd/fin_new_pwd as invisible inputs so now they get passed with the $_POST method (Sorry I do not prefer $_GET) I have not tested the update I just mentioned! If you find an error due to changes in the ck_ file please contact me via pm.


ismokedrow is offline  
Old   #5
 
elite*gold: 0
Join Date: Aug 2012
Posts: 312
Received Thanks: 252
Yes $_Post or $_Get is the same excepted for newbie who can't see $_Post content \o/
gr4ph0s is offline  
Old   #6
 
elite*gold: 0
Join Date: Oct 2010
Posts: 2,557
Received Thanks: 2,411

Quoted From Stack-Overflow:

The GET request is marginally less secure than the POST request. Neither offers true bank-grade security by itself; using POST requests will not magically make your website secure against malicious attacks by a noticeable amount. However, using GET requests can make an otherwise secure application insecure.

The mantra that you "must not use GET requests to make changes" is still very much valid, but this has little to do with malicious behaviour. Login forms are the ones most sensitive to being sent using the wrong request type.
ismokedrow is offline  
Old   #7
 
elite*gold: 0
Join Date: Aug 2012
Posts: 312
Received Thanks: 252
Quote:
Originally Posted by ismokedrow View Post
Quoted From Stack-Overflow:

The GET request is marginally less secure than the POST request.
You know you jsut have to download a plugin for FF or chrome and you can easy change the value of the POST data as i say POST = the same security than GET
gr4ph0s is offline  
Old   #8
 
elite*gold: 0
Join Date: Aug 2011
Posts: 91
Received Thanks: 9
Thanks Man !! very very nicccce ^^
ssagar is offline  
Old   #9
 
elite*gold: 0
Join Date: Oct 2010
Posts: 2,557
Received Thanks: 2,411
Actually I remember now why I had originally chosen to go with the $_SESSION method, it was because the form I had in ck_ was a dev form only mean't to inform me that everything had occurred correctly. So I have edited ck_ to just switch header location after it sessions the data. As $_SESSION variables are much safer than either post/get in most scenarios especially when shifting variables between several scripts.

Quote:
Originally Posted by Stack Overflow
Indeed, (assuming sensibility on behalf of the web programmer) it couldn't. The data for $_SESSION is kept on the server itself, and it's looked up by a key stored as a cookie. There's no way to actually permute data in $_SESSION itself, but a user could possibly guess the session ID of another session and send the appropriate session cookie. But for all intents and purposes, to you (the web programmer), they'd be exactly the same as the other user, so it's not your responsibility to protect against them anyway. Firesheep


ismokedrow is offline  
Thanks
1 User
Reply



« Previous Thread | Next Thread »

Similar Threads
[RELEASE] Simple SQLSRV Registration
Warnings! This script will only function with the following requirements met: PHP 5.3+ SQLSRV api e.g PHP Driver 3.0+ Properly configured...
4 Replies - Rappelz Private Server
[RELEASE]: SQLSRV Rappelz Website...
Thanks to the FUNENTRY team for releasing the previuos version of this web site, here you can find its sqlsrv version... Microsoft SQLSRV TechNote...
1 Replies - Rappelz Private Server
Automatic Password Changer
Hallo, mir ist vor langem eine Idee fr ein sehr ntzliches Programm gekommen. Ich hoffe sowas gehrt hier rein ;) Wre es mglich ein...
4 Replies - General Coding
<3 Password and Info Changer <3
Hey Guys, Ive just had a little &#39;Brain Fart&#39;. I&#39;ve got a 130 archer on Mausoleum server and of course i make RB&#39;s for the Gems and occasionally...
8 Replies - CO2 Main - Discussions / Questions



All times are GMT +2. The time now is 12:25.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.