Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if ($_SERVER['REQUEST_METHOD']=='POST' && $_POST['uname']!='')
- {
- $row = mysql_fetch_array(mysql_query("SELECT id_account, passask FROM forum_accounts f LEFT JOIN (account a) ON a.id = f.id_account WHERE LOWER(username)=LOWER('".$_POST['uname']."')"));
- $passans = mysql_query("SELECT passans FROM forum_accounts WHERE id_account = ".$row['id_account']);
- if ($row['id_account'] == '')
- {
- unset($_POST['uname']);
- errborder('Invalid Account Name.');
- }
- }
- if ($_SERVER['REQUEST_METHOD']=='POST' && $_POST['uname'] != '' && $_POST['passans'] != '')
- {
- if ($_POST['newpass'] == $_POST['passconf'] and $_POST['passans'] == $passans)
- {
- function sha_password($user,$pass)
- {
- $user = strtoupper($user);
- $pass = strtoupper($pass);
- $SHA1P = ($user.':'.$pass);
- return hash('sha1', $SHA1P);
- }
- $newpass = sha_password($_POST['uname'], $_POST['newpass']);
- $sql = "UPDATE account SET sha_pass_hash = '" . $newpass . "' WHERE username = '" . $_POST['uname'] . "'";
- mysql_query($sql) or die("Error: " . mysql_error());
- }
- else if ($_POST['newpass'] !== $_POST['passconf'])
- {
- unset($_POST['newpass']);
- unset($_POST['passconf']);
- unset($_POST['passans']);
- errborder('Passwords did not match!');
- }
- else if ($_POST['passans'] !== $passans)
- {
- unset($_POST['newpass']);
- unset($_POST['passconf']);
- unset($_POST['passans']);
- errborder('Invalid security question answer!');
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
