Aphex
-
Posts
6 -
Joined
-
Last visited
Posts posted by Aphex
-
-
Yeah thanks ncurran, may be the lack of sleep I've been dealing with for the past week now as this is a gaming community I've been working on for GTA San Andreas Multiplayer (SA-MP)
-
Update.
I forgot to use "UPDATE" query instead of "INSERT" as the user would have already been added in order for the change pass function to work, so I got that working where it changes the password to SHA1 and adds it to the database successfully.
Now it's just the matter of it detecting whether all fields have been filled in even if two has and one hasn't.
else if($_POST['submit']=='Doit') { // Checking whether the Change Pass form has been submitted $err = array(); // Will hold our errors if(!count($err)) { $_POST['password2'] = mysql_real_escape_string($_POST['password2']); $_POST['password3'] = mysql_real_escape_string($_POST['password3']); $_POST['password4'] = mysql_real_escape_string($_POST['password4']); // Escaping all input data } if(!$_POST['password2'] || !$_POST['password3'] || !$_POST['password4']) { $err[] = 'All fields are required.'; } $pass = $_POST['password3']; $row = mysql_fetch_assoc(mysql_query("SELECT * FROM playerdata WHERE user='{$_SESSION['user']}' AND password='".sha1($_POST['password2'])."'")); if($row['user']) { if($_POST['password3'] == $_POST['password4']) { mysql_query("UPDATE playerdata SET password='".sha1($_POST['password3'])."' WHERE user='{$_SESSION['user']}'"); $_SESSION['msg']['change-success']='Your password has been successfully changed to '.$pass; } else $err[] = 'Your new passwords do not match.'; // Store some data in the session } else $err[]='You have entered an invalid existing password.'; if($err) $_SESSION['msg']['change-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: http://127.0.0.1/"); exit; }This works when no fields are filled in:
if(!$_POST['password2'] || !$_POST['password3'] || !$_POST['password4']) { $err[] = 'All fields are required.'; }But I need this to happen if only one or two fields have been filled in (there's three fields altogether, "Existing Password, New Password and Confirm New Password")
-
Hello. I have this change password script but when I type something into the existing password box and leave the new password and confirm new password box blank it says the password has been changed. If I leave all boxes blank it says all fields are required (which is what I want it to say unless ALL boxes have been filled in). Also, if I do type in all 3 boxes it says the password has been changed but it doesn't even change it. I have set it as SHA1 but still no luck, it still allows me to log in with the existing password.
else if($_POST['submit']=='Doit') { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!count($err)) { $_POST['password2'] = mysql_real_escape_string($_POST['password2']); $_POST['password3'] = mysql_real_escape_string($_POST['password3']); $_POST['password4'] = mysql_real_escape_string($_POST['password4']); // Escaping all input data } if(!$_POST['password2'] || !$_POST['password3'] || !$_POST['password4']) { $err[] = 'All fields are required.'; } $row = mysql_fetch_assoc(mysql_query("SELECT * FROM playerdata WHERE user='{$_SESSION['user']}' AND password='".sha1($_POST['password2'])."'")); if($row['user']) { if($_POST['password3'] == $_POST['password4']) { // If everything is OK login $pass = substr(sha1($_POST['password3'])); mysql_query(" INSERT INTO playerdata(user,password) VALUES( '".$_SESSION['user']."', '".sha1($_POST['password3'])."' )"); $_SESSION['msg']['change-success']='Your existing password has been changed. '.$pass; } else $err[] = 'Your new passwords do not match.'; // Store some data in the session } else $err[]='You have entered an invalid existing password.'; if($err) $_SESSION['msg']['change-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: http://127.0.0.1/"); exit; } -
Anyone able to help here?
-
Hello. I was wondering whether I could request some help about adding a change pass function to my login / register script on PHP/JQuery/MySQL. I have started the change pass function a little (the form is fully done and checks whether the required fields are filled in) but the rest is way above my current knowledge that involves PHP, I am more of a HTML person.
Also, I would highly appreciate it if you could let me know whether this is vulnerable to SQL injection, I doubt it is because I've added some extra "mysql_real_escape_string();" to the script but all comments would help. I am useless at PHP <.<
I have marked in the code where I have started the change pass function to make it a little easier to find.
Here is the code:
<?php error_reporting(E_ALL ^ E_NOTICE); define('INCLUDE_CHECK',true); require 'connect.php'; require 'functions.php'; // Those two files can be included only if INCLUDE_CHECK is defined session_name('tzLogin'); // Starting the session session_set_cookie_params(2*7*24*60*60); // Making the cookie live for 2 weeks session_start(); if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe']) { // If you are logged in, but you don't have the tzRemember cookie (browser restart) // and you have not checked the rememberMe checkbox: $_SESSION = array(); session_destroy(); // Destroy the session } if(isset($_GET['logoff'])) { $_SESSION = array(); session_destroy(); header("Location: http://127.0.0.1/"); exit; } if($_POST['submit']=='Login') { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['logusername'] || !$_POST['password']) $err[] = 'All fields are required.'; if(!count($err)) { $_POST['logusername'] = mysql_real_escape_string($_POST['logusername']); $_POST['password'] = mysql_real_escape_string($_POST['password']); $_POST['rememberMe'] = (int)$_POST['rememberMe']; // Escaping all input data $row = mysql_fetch_assoc(mysql_query("SELECT * FROM playerdata WHERE user='{$_POST['logusername']}' AND password='".sha1($_POST['password'])."'")); if($row['user']) { // If everything is OK login $_SESSION['user'] = $row['user']; $_SESSION['id'] = $row['id']; $_SESSION['rememberMe'] = $_POST['rememberMe']; // Store some data in the session setcookie('tzRemember',$_POST['rememberMe']); } else $err[]='You have entered an invalid username or password.'; } if($err) $_SESSION['msg']['login-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: http://127.0.0.1/"); exit; } else if($_POST['submit']=='Register') { // If the Register form has been submitted $err = array(); if (!preg_match('/^[A-Za-z]{4,9}_{1}[A-Za-z]{4,9}$/', $_POST['username'])) { $err[] = 'Your username must be in the format of "John_Smith" (include the underscore) with a maximum of 19 characters and a minimum of 9. No other special characters are allowed.'; } $email = $_POST['email']; $query = sprintf("SELECT * FROM playerdata WHERE email='%s'", mysql_real_escape_string($email)); $result = mysql_query($query); if(!$result) { $err[]='There has been an error with your connection, please refresh the page and try again.'; } else { if(mysql_num_rows($result) > 0) { $err[]='That email address already exists.'; } } if(!checkEmail($_POST['email'])) { $err[]='Your email address is not valid.'; } if(!count($err)) { // If there are no errors $pass = substr(sha1($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000).rand(170000,200000)),0,6); // Generate a random password $_POST['email'] = mysql_real_escape_string($_POST['email']); $_POST['username'] = mysql_real_escape_string($_POST['username']); // Escape the input data mysql_query(" INSERT INTO playerdata(user,password,level,money,email,ip,datetime) VALUES( '".$_POST['username']."', '".sha1($pass)."', '1', '20', '".$_POST['email']."', '".$_SERVER['REMOTE_ADDR']."', NOW() )"); if(mysql_affected_rows($link)== 1) { send_mail( 'bugsyccfc@googlemail.com', $_POST['email'], 'Welcome to Domination Roleplay.', 'Your password is: '.$pass); $_SESSION['msg']['reg-success']='An email has been sent containing your password. '.$pass; } else $err[]='That username has already been taken.'; } if(count($err)) { $_SESSION['msg']['reg-err'] = implode('<br />',$err); } header("Location: http://127.0.0.1/"); exit; } else if($_POST['submit']=='Confirm') // [size=4][b]Change Pass Starts Here[/b][/size] { $err = array(); // Will hold our errors if(!$_POST['password2'] || !$_POST['password3']) $err[] = 'All fields are required.'; header("Location: http://127.0.0.1/"); exit; } // [size=4][b]Change Pass Ends Here[/b][/size] (No idea what to do now) [b]Change pass form is below[/b] $script = ''; if($_SESSION['msg']) { // The script below shows the sliding panel on page load $script = ' <script type="text/javascript"> $(function(){ $("div#panel").show(); $("#toggle a").toggle(); }); </script>'; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>Domination Roleplay UCP - Home</title> <!-- CCS Links --> <link rel="stylesheet" type="text/css" href="data/css/register.css" media="screen" /> <link rel="stylesheet" type="text/css" href="data/css/slide.css" media="screen" /> <!-- End of CCS Links --> <!-- Javascript Links --> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <!-- PNG FIX for IE6 --> <!-- http://24ways.org/2007/supersleight-transparent-png-in-ie6 --> <!--[if lte IE 6]> <script type="text/javascript" src="http://127.0.0.1/data/js/supersleight-min.js"></script> <![endif]--> <script src="data/js/slide.js" type="text/javascript"></script> <?php echo $script; ?> <!-- End of Javascript Links --> </head> <!-- Login/Register UCP --> <div id="toppanel"> <div id="panel"> <div class="content clearfix"> <div class="left"> <h1>The Sliding jQuery Panel</h1> <h2>A register/login solution</h2> <p class="grey">You are free to use this login and registration system in you sites!</p> <h2>A Big Thanks</h2> <p class="grey">This tutorial was built on top of <a href="http://web-kreation.com/index.php/tutorials/nice-clean-sliding-login-panel-built-with-jquery" title="Go to site">Web-Kreation</a>'s amazing sliding panel.</p> </div> <?php if(!$_SESSION['id']): ?> <div class="left"> <!-- Login Form --> <form class="clearfix" action="" method="post"> <h1>Member Login</h1> <?php if($_SESSION['msg']['login-err']) { echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>'; unset($_SESSION['msg']['login-err']); } ?> <label class="grey" for="username">Username:</label> <input class="field" type="text" name="logusername" id="logusername" value="" size="23" maxlength="19" /> <label class="grey" for="password">Password:</label> <input class="field" type="password" name="password" id="password" size="23" maxlength="13" /> <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label> <div class="clear"></div> <input type="submit" name="submit" value="Login" class="bt_login" /> </form> </div> <div class="left right"> <!-- Register Form --> <form action="" method="post"> <h1>Not a member yet? Sign Up!</h1> <?php if($_SESSION['msg']['reg-err']) { echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>'; unset($_SESSION['msg']['reg-err']); } if($_SESSION['msg']['reg-success']) { echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>'; unset($_SESSION['msg']['reg-success']); } ?> <label class="grey" for="username">Username:</label> <input class="field" type="text" name="username" id="username" value="" size="23"maxlength="19" /> <label class="grey" for="email">Email:</label> <input class="field" type="text" name="email" id="email" size="23" /> <label>A password will be sent to your email address provided.</label> <input type="submit" name="submit" value="Register" class="bt_register" /> </form> </div> <?php else: ?> <div class="left"> <?php $query = sprintf("SELECT * FROM `playerdata` WHERE `user` = '%s'", mysql_real_escape_string($_SESSION['user'])); $result = mysql_query($query)or die(mysql_error()); echo '<h1><b><font color="#FFFFFF">'.$_SESSION['user'].'s User Control Panel</font></h1></b>'; echo '<p><b><font color="#FF0000">IP Address</font>: <font color="#FFFFFF">'.$_SERVER['REMOTE_ADDR'].'</font></p></b>'; while($row = mysql_fetch_array($result)) { echo '<p><b><font color="#FF0000">Registered</font>: <font color="#FFFFFF">'.$row['datetime'].'</font></p></b>'; echo '<p><b><font color="#FF0000">Cash</font>: <font color="#009933">$'.$row['money'].'</font></p></b>'; echo '<p><b><font color="#FF0000">Level</font>: <font color="#FFFFFF">'.$row['level'].'</font></p></b>'; } ?> <a href="?logoff">Log Out</a> </div> <div class="left right"> <h1>Your Account Settings</h1> <?php echo '<h2><font color="#FFFFFF">Change Password</font></h2>' [b][size=4]// Change Pass Form[/size][/b] ?> <form action="" method="post"><br /> <label class="grey" for="password">Existing Password:</label> <input class="field" type="password" name="password2" id="password2" size="23" maxlength="13" /> <label class="grey" for="password">New Password:</label> <input class="field" type="password" name="password3" id="password3" size="23" maxlength="13" /> <label class="grey" for="password">Confirm Password:</label> <input class="field" type="password" name="password4" id="password4" size="23" maxlength="13" /> <input type="submit" name="submit" value="Confirm" class="bt_changepass" /> </div> <?php endif; ?> </div> </div> <!-- /login --> <!-- The tab on top --> <div class="tab"> <ul class="login"> <li class="left"> </li> <li>Welcome <?php echo $_SESSION['user'] ? $_SESSION['user'] : 'Guest';?>!</li> <li class="sep">|</li> <li id="toggle"> <a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a> <a id="close" style="display: none;" class="close" href="#">Close Panel</a> </li> <li class="right"> </li> </ul> </div> <!-- / top --> </div> <!--Login/Register UCP --> </body> </html>Thanks a lot for taking your time to help!
Change Password Half Working
in PHP Coding Help
Posted
Please close this topic I've solved it.