tagbalay Posted September 17, 2012 Share Posted September 17, 2012 hi guys.. i have a problem.. i need a script that can change the password.. the only thing here in my script is making an account and write into a file and update in database.. ------------------------------------------------------------------- $acc = fread($f,7124); $demoid=substr($acc,0,$userlenght); $demopass=substr($acc,52,32); $acc = str_replace($demoid,$UserID,$acc); $acc = str_replace($demopass,$password2,$acc); // echo $accdir."\\".$initial."\\".$UserID; $f2=fopen($accdir."\\".$initial."\\".$UserID.".tad", "a"); fwrite($f2,$acc); fclose($f); echo "<div align='center'><img src='imagenes/bienvenido.jpg' border='0'/></div><br> <FONT FACE='arial' SIZE=3 COLOR=red>Tú Account has been registered successfully!.</FONT>"; mssql_query("INSERT INTO Account VALUES ('$Email', '$UserID', '$Password' , '$UserKey', '0', NULL, NULL, NULL, '$SecretQuestion', '$Answer', '$FirstName', '$MI', '$LastName', '$Month/$Day/$Year 00:00:00', '$Sex', '$Addresss', NULL, NULL, '$Country', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '$_SERVER[REMOTE_ADDR]', newid(), GETDATE(), 1, NULL, 0, 0, 0, NULL, 0, 1, NULL, 0, 0, NULL, NULL, 0)"); ------------------------------------------------------------------- i hope someone help me... thanks for advance Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted September 17, 2012 Share Posted September 17, 2012 What's the problem here? Your script uses half a dozen variables that don't exist, and selects randomly from files to get variables it never uses. We need a lot more information than a random snippet from the middle of your code. Quote Link to comment Share on other sites More sharing options...
tagbalay Posted September 17, 2012 Author Share Posted September 17, 2012 sorry.. here i thought thats the only important.. here is the full code in registration and creating of the file.. ----------------------------------------- $accdir="C:\\Server\\DBSrV\\account"; $initial="etc"; $Email = $_POST['txtEmail']; $UserID = $_POST['txtUser']; $Password = $_POST['txtPass']; $CPassword = $_POST['txtPass2']; $UserKey = $_POST['txtKey']; $SecretQuestion = $_POST['txtQuest']; $Answer = $_POST['txtAnswer']; $FirstName = $_POST['txtName']; $MI = substr($UserID,0,1); $LastName = $_POST['txtLastName']; $Month = $_POST['txtMonth']; $Day = $_POST['txtDay']; $Year = $_POST['txtYear']; $Sex = $_POST['txtSex']; $Addresss = $_POST['txtAddress']; $Country = $_POST['txtCountry']; $password2=strtoupper(md5(trim($Password))); $initial=substr($UserID,0,1); $userlenght=strlen(trim($UserID)); $result = "It has successfully registered!"; $f=fopen("./inc/sample.tad", "r"); $acc = fread($f,7124); $demoid=substr($acc,0,$userlenght); $demopass=substr($acc,52,32); $acc = str_replace($demoid,$UserID,$acc); $acc = str_replace($demopass,$password2,$acc); // echo $accdir."\\".$initial."\\".$UserID; $f2=fopen($accdir."\\".$initial."\\".$UserID.".tad", "a"); fwrite($f2,$acc); fclose($f); echo "<div align='center'><img src='imagenes/bienvenido.jpg' border='0'/></div><br> <FONT FACE='arial' SIZE=3 COLOR=red>Tú Account has been registered successfully!.</FONT>"; mssql_query("INSERT INTO Account VALUES ('$Email', '$UserID', '$Password' , '$UserKey', '0', NULL, NULL, NULL, '$SecretQuestion', '$Answer', '$FirstName', '$MI', '$LastName', '$Month/$Day/$Year 00:00:00', '$Sex', '$Addresss', NULL, NULL, '$Country', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '$_SERVER[REMOTE_ADDR]', newid(), GETDATE(), 1, NULL, 0, 0, 0, NULL, 0, 1, NULL, 0, 0, NULL, NULL, 0)"); mssql_query("DECLARE @return_value int, @NCashResult int, @NCashMsg nvarchar(100) EXEC @return_value = [dbo].[AccountInsertUserInBilling] @Email = N'".$Email."', @NCashResult = @NCashResult OUTPUT, @NCashMsg = @NCashMsg OUTPUT"); } that is the script... my request is only to update/change the password of that same account.. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted September 17, 2012 Share Posted September 17, 2012 And now we come back to my first sentence: What's the problem here? What's your question? Are you asking me to write something for you? Quote Link to comment Share on other sites More sharing options...
tagbalay Posted September 17, 2012 Author Share Posted September 17, 2012 just a request or guide in creating how to change the password of the current file... Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted September 17, 2012 Share Posted September 17, 2012 This script is very insecure, and doesn't actually do validation on the password or check for things like duplicate usernames in the database. That being said, what's the problem when you tried to write the change password page? Enter your username, old password, and new password. Validate the data, and update the row. You're going to have to explain why you're even using all these flat files, and what's inside them. You should also probably not use md5, especially if you're logging passwords in plaintext to the filesystem. Use a real hashing function like phppass. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.