Jump to content

PHP fwrite help


tagbalay

Recommended Posts

hi guys.. i have a problem.. i need a script that can change the password..

 

the only thing here in my script is making an account and write into a file and update in database..

 

 

-------------------------------------------------------------------

 

 

 

$acc = fread($f,7124);

        $demoid=substr($acc,0,$userlenght);

        $demopass=substr($acc,52,32);

        $acc = str_replace($demoid,$UserID,$acc);

        $acc = str_replace($demopass,$password2,$acc);

//        echo $accdir."\\".$initial."\\".$UserID;

        $f2=fopen($accdir."\\".$initial."\\".$UserID.".tad", "a");

        fwrite($f2,$acc);

        fclose($f);

        echo "<div align='center'><img src='imagenes/bienvenido.jpg' border='0'/></div><br>

<FONT FACE='arial' SIZE=3 COLOR=red>Tú Account has been registered successfully!.</FONT>";

       

     

        mssql_query("INSERT INTO Account VALUES ('$Email', '$UserID', '$Password' , '$UserKey', '0', NULL, NULL, NULL, '$SecretQuestion', '$Answer', '$FirstName', '$MI', '$LastName', '$Month/$Day/$Year 00:00:00', '$Sex', '$Addresss', NULL, NULL, '$Country', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '$_SERVER[REMOTE_ADDR]', newid(), GETDATE(), 1, NULL, 0, 0, 0, NULL, 0, 1, NULL, 0, 0, NULL, NULL, 0)");

     

 

 

 

-------------------------------------------------------------------

 

i hope someone help me... thanks for advance

Link to comment
https://forums.phpfreaks.com/topic/268468-php-fwrite-help/
Share on other sites

sorry.. here i thought thats the only important..

 

here is the full code in registration and creating of the file..

 

-----------------------------------------

 

 

$accdir="C:\\Server\\DBSrV\\account";

 

$initial="etc";

    $Email = $_POST['txtEmail'];

    $UserID = $_POST['txtUser'];

    $Password = $_POST['txtPass'];

    $CPassword = $_POST['txtPass2'];

    $UserKey = $_POST['txtKey'];

    $SecretQuestion = $_POST['txtQuest'];

    $Answer = $_POST['txtAnswer'];

    $FirstName = $_POST['txtName'];

    $MI = substr($UserID,0,1);

    $LastName = $_POST['txtLastName'];

    $Month = $_POST['txtMonth'];

    $Day = $_POST['txtDay'];

    $Year = $_POST['txtYear'];

    $Sex = $_POST['txtSex'];

$Addresss = $_POST['txtAddress'];

    $Country = $_POST['txtCountry'];

 

 

$password2=strtoupper(md5(trim($Password)));

        $initial=substr($UserID,0,1);

        $userlenght=strlen(trim($UserID));

 

        $result = "It has successfully registered!";

        $f=fopen("./inc/sample.tad", "r");

        $acc = fread($f,7124);

        $demoid=substr($acc,0,$userlenght);

        $demopass=substr($acc,52,32);

        $acc = str_replace($demoid,$UserID,$acc);

        $acc = str_replace($demopass,$password2,$acc);

//        echo $accdir."\\".$initial."\\".$UserID;

        $f2=fopen($accdir."\\".$initial."\\".$UserID.".tad", "a");

        fwrite($f2,$acc);

        fclose($f);

        echo "<div align='center'><img src='imagenes/bienvenido.jpg' border='0'/></div><br>

<FONT FACE='arial' SIZE=3 COLOR=red>Tú Account has been registered successfully!.</FONT>";

       

     

        mssql_query("INSERT INTO Account VALUES ('$Email', '$UserID', '$Password' , '$UserKey', '0', NULL, NULL, NULL, '$SecretQuestion', '$Answer', '$FirstName', '$MI', '$LastName', '$Month/$Day/$Year 00:00:00', '$Sex', '$Addresss', NULL, NULL, '$Country', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '$_SERVER[REMOTE_ADDR]', newid(), GETDATE(), 1, NULL, 0, 0, 0, NULL, 0, 1, NULL, 0, 0, NULL, NULL, 0)");

        mssql_query("DECLARE @return_value int,

@NCashResult int,

@NCashMsg nvarchar(100)

 

EXEC @return_value = [dbo].[AccountInsertUserInBilling]

@Email = N'".$Email."',

@NCashResult = @NCashResult OUTPUT,

@NCashMsg = @NCashMsg OUTPUT");

 

    }

 

 

that is the script... my request is only to update/change the password of that same account..

Link to comment
https://forums.phpfreaks.com/topic/268468-php-fwrite-help/#findComment-1378696
Share on other sites

This script is very insecure, and doesn't actually do validation on the password or check for things like duplicate usernames in the database.

 

That being said, what's the problem when you tried to write the change password page?  Enter your username, old password, and new password.  Validate the data, and update the row. 

 

You're going to have to explain why you're even using all these flat files, and what's inside them.

 

You should also probably not use md5, especially if you're logging passwords in plaintext to the filesystem.  Use a real hashing function like phppass.

Link to comment
https://forums.phpfreaks.com/topic/268468-php-fwrite-help/#findComment-1378719
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.