<?php/*Feel free to alter or change the layout in any manner you see fit.

1. <?php
2.  
3. /*
4. Feel free to alter or change the layout in any manner you see fit.
5. I'd appreciate it if you left the 'Made by Bellatrix' line though.
6. */
7. echo "<link href='style.css' type='text/css' rel='stylesheet'>";
8. echo "<html><body>";
9. echo "<center><table>";
10. echo "<tr><td colspan=2 align=center><img src='../images/changepass.jpg'></td></tr>";
11.  
12. //include_once "./config/configc.php";
13. //global $aHost, $aDatabase, $aPort, $aUsername, $aPass, $cHost, $cDatabase, $cPort, $cUsername, $cPass;
14. $aHost = "localhost";
15. $aDatabase = "azian";
16. $aPort = "3307";
17. $aUsername = "root";
18. $aPass = "usbw";
19.  
20. function shitChecker($str)
21. {
22. $var = preg_match('/[^a-zA-Z]/', $str);
23. return $var;
24. }
25. function shitCheckerNum($str)
26. {
27. $var = preg_match('/[^a-zA-Z0-9]/', $str);
28. return $var;
29. }
30.  
31. if(isset($_POST['submit']))
32. {
33. //Get all the user inputs
34. $account = $_POST['account'];
35. $passwordOld = $_POST['passwordOld'];
36. $passwordNew = $_POST['passwordNew'];
37. $passwordNew1 = $_POST['passwordNew1'];
38.  
39. $passkey=$_GET['passkey'];
40.  
41. //Connect to accounts database
42. $con = mysql_connect($aHost.":".$aPort, $aUsername, $aPass) or die(mysql_error());
43. mysql_select_db($aDatabase) or die(mysql_error());
44.  
45. if ($passkey != ""){
46. $query = "SELECT confirm_code FROM pwchange_db WHERE confirm_code = '".$passkey"'";
47. $result1=mysql_query($query);
48.  
49. if($result1) {
50. //Change pass to new password
51. $query = "UPDATE accounts SET password = '".$passwordNew."' WHERE login = '".$account."'";
52. $result = mysql_query($query) or die(mysql_error());
53.  
54. echo "Password for account '".$account."' successfully changed!";
55.  
56. echo "</td></tr>";
57.  
58. mysql_close();
59.  
60. }
61.  
62. //Remove bullshit from the user inputs(Sorta pointless as i use regex in a second...
63. $account = mysql_real_escape_string(html_entity_decode(htmlentities($account)));
64. $passwordOld = mysql_real_escape_string(html_entity_decode(htmlentities($passwordOld)));
65. $passwordNew = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew)));
66. $passwordNew1 = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew1)));
67.  
68. //Die if account contains non-alphanumeric characters
69. if(shitCheckerNum($account) == 1)
70. {
71. die("Error: Account contains invalid characters!");
72. }
73. //Die if old password contains non-alphanumeric characters
74. elseif(shitCheckerNum($passwordOld) == 1)
75. {
76. die("Error: Password contains invalid characters!");
77. }
78. //Die if new password contains non-alphanumeric characters
79. elseif(shitCheckerNum($passwordNew) == 1)
80. {
81. die("Error: New password contains invalid characters!");
82. }
83. //Die if new password(confirm) contains non-alphanumeric characters
84. elseif(shitCheckerNum($passwordNew1) == 1)
85. {
86. die("Error: New password contains invalid characters!");
87. }
88.  
89. //If new pass and new pass(confirm) dont match, die.
90. if($passwordNew != $passwordNew1)
91. {
92. die("New password fields must match!");
93. }
94.  
95. //Get acct num from db
96. $query = "SELECT acct FROM accounts WHERE login = '".$account."' AND password = '".$passwordOld."'";
97.  
98. $result = mysql_query($query) or die(mysql_error());
99. $numrows = mysql_num_rows($result);
100.  
101. echo "<tr><td align=center>";
102.  
103. //If no rows, means invalid user/pass, die.
104. if($numrows == 0)
105. {
106. die("Invalid username/password!");
107. }
108.  
109.  
110. //close mysql connection
111. mysql_close();
112. }
113. else
114. {
115. echo "<form name=myform method=post action=passchanger.php>";
116. echo "<tr><td colspan=2 align=center><font size=4>Change Account Password</td></tr>";
117. echo "<tr><td width=125>Account Name: </td><td><input type=text name=account value=''></td></tr>";
118. echo "<tr><td width=125>Old-Password: </td><td><input type=password name=passwordOld value=''></td></tr>";
119. echo "<tr><td width=125>New-Password: </td><td><input type=password name=passwordNew value=''></td></tr>";
120. echo "<tr><td width=125>Re-Enter: </td><td><input type=password name=passwordNew1 value=''></td></tr>";
121. echo "<tr><td colspan=2 align=center><br><input type=submit name=submit value=Submit></td></tr>";
122. echo "</form>";
123. }
124.  
125. echo "</table></center>";
126. echo "Made by Bellatrix";
127. echo "<br>You MUST be offline to use this!";
128. ?>