Jump to content

Search the Community

Showing results for tags 'changepass'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to PHP Freaks
    • Announcements
    • Introductions
  • PHP Coding
    • PHP Coding Help
    • Regex Help
    • Third Party Scripts
    • FAQ/Code Snippet Repository
  • SQL / Database
    • MySQL Help
    • PostgreSQL
    • Microsoft SQL - MSSQL
    • Other RDBMS and SQL dialects
  • Client Side
    • HTML Help
    • CSS Help
    • Javascript Help
    • Other
  • Applications and Frameworks
    • Applications
    • Frameworks
    • Other Libraries
  • Web Server Administration
    • PHP Installation and Configuration
    • Linux
    • Apache HTTP Server
    • Microsoft IIS
    • Other Web Server Software
  • Other
    • Application Design
    • Other Programming Languages
    • Editor Help (PhpStorm, VS Code, etc)
    • Website Critique
    • Beta Test Your Stuff!
  • Freelance, Contracts, Employment, etc.
    • Services Offered
    • Job Offerings
  • General Discussion
    • PHPFreaks.com Website Feedback
    • Miscellaneous

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Age


Donation Link

Found 1 result

  1. Hello. I was wondering whether I could request some help about adding a change pass function to my login / register script on PHP/JQuery/MySQL. I have started the change pass function a little (the form is fully done and checks whether the required fields are filled in) but the rest is way above my current knowledge that involves PHP, I am more of a HTML person. Also, I would highly appreciate it if you could let me know whether this is vulnerable to SQL injection, I doubt it is because I've added some extra "mysql_real_escape_string();" to the script but all comments would help. I am useless at PHP <.< I have marked in the code where I have started the change pass function to make it a little easier to find. Here is the code: <?php error_reporting(E_ALL ^ E_NOTICE); define('INCLUDE_CHECK',true); require 'connect.php'; require 'functions.php'; // Those two files can be included only if INCLUDE_CHECK is defined session_name('tzLogin'); // Starting the session session_set_cookie_params(2*7*24*60*60); // Making the cookie live for 2 weeks session_start(); if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe']) { // If you are logged in, but you don't have the tzRemember cookie (browser restart) // and you have not checked the rememberMe checkbox: $_SESSION = array(); session_destroy(); // Destroy the session } if(isset($_GET['logoff'])) { $_SESSION = array(); session_destroy(); header("Location: http://127.0.0.1/"); exit; } if($_POST['submit']=='Login') { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['logusername'] || !$_POST['password']) $err[] = 'All fields are required.'; if(!count($err)) { $_POST['logusername'] = mysql_real_escape_string($_POST['logusername']); $_POST['password'] = mysql_real_escape_string($_POST['password']); $_POST['rememberMe'] = (int)$_POST['rememberMe']; // Escaping all input data $row = mysql_fetch_assoc(mysql_query("SELECT * FROM playerdata WHERE user='{$_POST['logusername']}' AND password='".sha1($_POST['password'])."'")); if($row['user']) { // If everything is OK login $_SESSION['user'] = $row['user']; $_SESSION['id'] = $row['id']; $_SESSION['rememberMe'] = $_POST['rememberMe']; // Store some data in the session setcookie('tzRemember',$_POST['rememberMe']); } else $err[]='You have entered an invalid username or password.'; } if($err) $_SESSION['msg']['login-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: http://127.0.0.1/"); exit; } else if($_POST['submit']=='Register') { // If the Register form has been submitted $err = array(); if (!preg_match('/^[A-Za-z]{4,9}_{1}[A-Za-z]{4,9}$/', $_POST['username'])) { $err[] = 'Your username must be in the format of "John_Smith" (include the underscore) with a maximum of 19 characters and a minimum of 9. No other special characters are allowed.'; } $email = $_POST['email']; $query = sprintf("SELECT * FROM playerdata WHERE email='%s'", mysql_real_escape_string($email)); $result = mysql_query($query); if(!$result) { $err[]='There has been an error with your connection, please refresh the page and try again.'; } else { if(mysql_num_rows($result) > 0) { $err[]='That email address already exists.'; } } if(!checkEmail($_POST['email'])) { $err[]='Your email address is not valid.'; } if(!count($err)) { // If there are no errors $pass = substr(sha1($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000).rand(170000,200000)),0,6); // Generate a random password $_POST['email'] = mysql_real_escape_string($_POST['email']); $_POST['username'] = mysql_real_escape_string($_POST['username']); // Escape the input data mysql_query(" INSERT INTO playerdata(user,password,level,money,email,ip,datetime) VALUES( '".$_POST['username']."', '".sha1($pass)."', '1', '20', '".$_POST['email']."', '".$_SERVER['REMOTE_ADDR']."', NOW() )"); if(mysql_affected_rows($link)== 1) { send_mail( 'bugsyccfc@googlemail.com', $_POST['email'], 'Welcome to Domination Roleplay.', 'Your password is: '.$pass); $_SESSION['msg']['reg-success']='An email has been sent containing your password. '.$pass; } else $err[]='That username has already been taken.'; } if(count($err)) { $_SESSION['msg']['reg-err'] = implode('<br />',$err); } header("Location: http://127.0.0.1/"); exit; } else if($_POST['submit']=='Confirm') // [size=4][b]Change Pass Starts Here[/b][/size] { $err = array(); // Will hold our errors if(!$_POST['password2'] || !$_POST['password3']) $err[] = 'All fields are required.'; header("Location: http://127.0.0.1/"); exit; } // [size=4][b]Change Pass Ends Here[/b][/size] (No idea what to do now) [b]Change pass form is below[/b] $script = ''; if($_SESSION['msg']) { // The script below shows the sliding panel on page load $script = ' <script type="text/javascript"> $(function(){ $("div#panel").show(); $("#toggle a").toggle(); }); </script>'; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>Domination Roleplay UCP - Home</title> <!-- CCS Links --> <link rel="stylesheet" type="text/css" href="data/css/register.css" media="screen" /> <link rel="stylesheet" type="text/css" href="data/css/slide.css" media="screen" /> <!-- End of CCS Links --> <!-- Javascript Links --> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <!-- PNG FIX for IE6 --> <!-- http://24ways.org/2007/supersleight-transparent-png-in-ie6 --> <!--[if lte IE 6]> <script type="text/javascript" src="http://127.0.0.1/data/js/supersleight-min.js"></script> <![endif]--> <script src="data/js/slide.js" type="text/javascript"></script> <?php echo $script; ?> <!-- End of Javascript Links --> </head> <!-- Login/Register UCP --> <div id="toppanel"> <div id="panel"> <div class="content clearfix"> <div class="left"> <h1>The Sliding jQuery Panel</h1> <h2>A register/login solution</h2> <p class="grey">You are free to use this login and registration system in you sites!</p> <h2>A Big Thanks</h2> <p class="grey">This tutorial was built on top of <a href="http://web-kreation.com/index.php/tutorials/nice-clean-sliding-login-panel-built-with-jquery" title="Go to site">Web-Kreation</a>'s amazing sliding panel.</p> </div> <?php if(!$_SESSION['id']): ?> <div class="left"> <!-- Login Form --> <form class="clearfix" action="" method="post"> <h1>Member Login</h1> <?php if($_SESSION['msg']['login-err']) { echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>'; unset($_SESSION['msg']['login-err']); } ?> <label class="grey" for="username">Username:</label> <input class="field" type="text" name="logusername" id="logusername" value="" size="23" maxlength="19" /> <label class="grey" for="password">Password:</label> <input class="field" type="password" name="password" id="password" size="23" maxlength="13" /> <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label> <div class="clear"></div> <input type="submit" name="submit" value="Login" class="bt_login" /> </form> </div> <div class="left right"> <!-- Register Form --> <form action="" method="post"> <h1>Not a member yet? Sign Up!</h1> <?php if($_SESSION['msg']['reg-err']) { echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>'; unset($_SESSION['msg']['reg-err']); } if($_SESSION['msg']['reg-success']) { echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>'; unset($_SESSION['msg']['reg-success']); } ?> <label class="grey" for="username">Username:</label> <input class="field" type="text" name="username" id="username" value="" size="23"maxlength="19" /> <label class="grey" for="email">Email:</label> <input class="field" type="text" name="email" id="email" size="23" /> <label>A password will be sent to your email address provided.</label> <input type="submit" name="submit" value="Register" class="bt_register" /> </form> </div> <?php else: ?> <div class="left"> <?php $query = sprintf("SELECT * FROM `playerdata` WHERE `user` = '%s'", mysql_real_escape_string($_SESSION['user'])); $result = mysql_query($query)or die(mysql_error()); echo '<h1><b><font color="#FFFFFF">'.$_SESSION['user'].'s User Control Panel</font></h1></b>'; echo '<p><b><font color="#FF0000">IP Address</font>: <font color="#FFFFFF">'.$_SERVER['REMOTE_ADDR'].'</font></p></b>'; while($row = mysql_fetch_array($result)) { echo '<p><b><font color="#FF0000">Registered</font>: <font color="#FFFFFF">'.$row['datetime'].'</font></p></b>'; echo '<p><b><font color="#FF0000">Cash</font>: <font color="#009933">$'.$row['money'].'</font></p></b>'; echo '<p><b><font color="#FF0000">Level</font>: <font color="#FFFFFF">'.$row['level'].'</font></p></b>'; } ?> <a href="?logoff">Log Out</a> </div> <div class="left right"> <h1>Your Account Settings</h1> <?php echo '<h2><font color="#FFFFFF">Change Password</font></h2>' [b][size=4]// Change Pass Form[/size][/b] ?> <form action="" method="post"><br /> <label class="grey" for="password">Existing Password:</label> <input class="field" type="password" name="password2" id="password2" size="23" maxlength="13" /> <label class="grey" for="password">New Password:</label> <input class="field" type="password" name="password3" id="password3" size="23" maxlength="13" /> <label class="grey" for="password">Confirm Password:</label> <input class="field" type="password" name="password4" id="password4" size="23" maxlength="13" /> <input type="submit" name="submit" value="Confirm" class="bt_changepass" /> </div> <?php endif; ?> </div> </div> <!-- /login --> <!-- The tab on top --> <div class="tab"> <ul class="login"> <li class="left"> </li> <li>Welcome <?php echo $_SESSION['user'] ? $_SESSION['user'] : 'Guest';?>!</li> <li class="sep">|</li> <li id="toggle"> <a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a> <a id="close" style="display: none;" class="close" href="#">Close Panel</a> </li> <li class="right"> </li> </ul> </div> <!-- / top --> </div> <!--Login/Register UCP --> </body> </html> Thanks a lot for taking your time to help!
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.