Encrypted password changer (for Ascent CMS)

**jang** · 12-06-2008

Hi.
Just modified Ascent CMS component "Password changer" for working with encrypted password.
This script originally made by Bellatrix.

PHP Code:


<?php



/*

Feel free to alter or change the layout in any manner you see fit.

I'd appreciate it if you left the 'Made by Bellatrix' line though.

*/

echo "<link href='style.css' type='text/css' rel='stylesheet'>"; 

echo "<html><body>";

echo "<center><table>";

echo "<tr><td colspan=2 align=center><img src='../images/changepass.jpg'></td></tr>";



include_once "./config/configc.php";

global $aHost, $aDatabase, $aPort, $aUsername, $aPass, $cHost, $cDatabase, $cPort, $cUsername, $cPass;



function shitChecker($str)

{

    $var = preg_match('/[^a-zA-Z]/', $str);

    return $var;

}

function shitCheckerNum($str)

{

  $var = preg_match('/[^a-zA-Z0-9]/', $str);

  return $var;

}



if(isset($_POST['submit']))

{

    //Get all the user inputs

    $account = $_POST['account'];

    $passwordOld = $_POST['passwordOld'];

    $passwordNew = $_POST['passwordNew'];

    $passwordNew1 = $_POST['passwordNew1'];



    //Connect to accounts database

    $con = mysql_connect($aHost.":".$aPort, $aUsername, $aPass) or die(mysql_error());

    mysql_select_db($aDatabase) or die(mysql_error());



    //Remove bullshit from the user inputs(Sorta pointless as i use regex in a second...

    $account = mysql_real_escape_string(html_entity_decode(htmlentities($account)));

    $passwordOld = mysql_real_escape_string(html_entity_decode(htmlentities($passwordOld)));

    $passwordNew = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew)));

    $passwordNew1 = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew1)));



    //Die if account contains non-alphanumeric characters

    if(shitCheckerNum($account) == 1)

    {

      die("Error: Account contains invalid characters!");

    }

    //Die if old password contains non-alphanumeric characters

    elseif(shitCheckerNum($passwordOld) == 1)

    {

      die("Error: Password contains invalid characters!");

    }

    //Die if new password contains non-alphanumeric characters

    elseif(shitCheckerNum($passwordNew) == 1)

    {

      die("Error: New password contains invalid characters!");

    }

    //Die if new password(confirm) contains non-alphanumeric characters

    elseif(shitCheckerNum($passwordNew1) == 1)

    {

      die("Error: New password contains invalid characters!");

    }



    //If new pass and new pass(confirm) dont match, die.

    if($passwordNew != $passwordNew1)

    {

        die("New password fields must match!");

    }



    if($passwordNew == $account)

    {

        die("Login and password cannot be the same!");

    }



    //Get acct num from db

    $encriptedOld = SHA1(strtoupper($account).':'.strtoupper($passwordOld));

    

    $query = "SELECT acct FROM accounts WHERE login = '".$account."' AND encrypted_password = '".$encriptedOld."'";



    $result = mysql_query($query) or die(mysql_error());

    $numrows = mysql_num_rows($result);



    echo "<tr><td align=center>";



    //If no rows, means invalid user/pass, die.

    if($numrows == 0)

    {

        die("Invalid username/password!");

    }



    //Change pass to new password

    $encriptedNew = SHA1(strtoupper($account).':'.strtoupper($passwordNew));



    $query = "UPDATE accounts SET encrypted_password = '".$encriptedNew."' WHERE login = '".$account."'";

    $result = mysql_query($query) or die(mysql_error());



    echo "Password for account '".$account."' successfully changed!";



    echo "</td></tr>";



    //close mysql connection

    mysql_close();

}

else

{

    echo "<form name=myform method=post action=".$PHP_SELF.">";

    echo "<tr><td colspan=2 align=center><font size=4>Change Account Password</td></tr>";

    echo "<tr><td width=125>Account Name: </td><td><input type=text name=account value=''></td></tr>";

    echo "<tr><td width=125>Old-Password: </td><td><input type=password name=passwordOld value=''></td></tr>";

    echo "<tr><td width=125>New-Password: </td><td><input type=password name=passwordNew value=''></td></tr>";

    echo "<tr><td width=125>Re-Enter: </td><td><input type=password name=passwordNew1 value=''></td></tr>";

    echo "<tr><td colspan=2 align=center><br><input type=submit name=submit value=Submit></td></tr>";

    echo "</form>";

}



echo "</table></center>";

echo "Made by Bellatrix";

echo "<br>Mod by jang";

echo "<br>You MUST be offline to use this!";

?>

Installation.

Just place this as php file in root/components directory. (for example: passch.php or something)

Credits

Bellatrix

Hint: If using encrypted passwords, leave password column in accounts table blank.

Hope someone will find this useful. :wave:

**bsod-staff14** · 12-06-2008

Definitly good were yo rep at man +rep lawl...Bro really tho...Wanna help me make scripts?

**jang** · 12-07-2008

Sure, I can help...

What kind help for scripts You need?

Shout-Out

User Tag List

Thread: Encrypted password changer (for Ascent CMS)

Thread Tools

Search Thread

Encrypted password changer (for Ascent CMS)

Similar Threads

[Release] Buildings for Ascent/Antrix

Spawn L70ETC for Ascent (Antrix)

A script/fixes section for ascent etc?

A Couple of questions for ascent.

Maps Folder For Ascent

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino