<?php/*Feel free to alter or change the layout in any manner you see fit.

1. <?php
2.  
3. /*
4. Feel free to alter or change the layout in any manner you see fit.
5. I'd appreciate it if you left the 'Made by Bellatrix' line though.
6. */
7. echo "<link href='style.css' type='text/css' rel='stylesheet'>";
8. echo "<html><body>";
9. echo "<center><table>";
10. echo "<tr><td colspan=2 align=center><img src='../images/changepass.jpg'></td></tr>";
11.  
12. //include_once "./config/configc.php";
13. //global $aHost, $aDatabase, $aPort, $aUsername, $aPass, $cHost, $cDatabase, $cPort, $cUsername, $cPass;
14. $aHost = "localhost";
15. $aDatabase = "azian";
16. $aPort = "3307";
17. $aUsername = "root";
18. $aPass = "usbw";
19.  
20. function shitChecker($str)
21. {
22. $var = preg_match('/[^a-zA-Z]/', $str);
23. return $var;
24. }
25. function shitCheckerNum($str)
26. {
27. $var = preg_match('/[^a-zA-Z0-9]/', $str);
28. return $var;
29. }
30.  
31. if(isset($_POST['submit']))
32. {
33. //Get all the user inputs
34. $account = $_POST['account'];
35. $passwordOld = $_POST['passwordOld'];
36. $passwordNew = $_POST['passwordNew'];
37. $passwordNew1 = $_POST['passwordNew1'];
38.  
39. // $passkey=$_GET['passkey'];
40.  
41. //Connect to accounts database
42. $con = mysql_connect($aHost.":".$aPort, $aUsername, $aPass) or die(mysql_error());
43. mysql_select_db($aDatabase) or die(mysql_error());
44.  
45. //Remove bullshit from the user inputs(Sorta pointless as i use regex in a second...
46. $account = mysql_real_escape_string(html_entity_decode(htmlentities($account)));
47. $passwordOld = mysql_real_escape_string(html_entity_decode(htmlentities($passwordOld)));
48. $passwordNew = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew)));
49. $passwordNew1 = mysql_real_escape_string(html_entity_decode(htmlentities($passwordNew1)));
50.  
51. //Die if account contains non-alphanumeric characters
52. if(shitCheckerNum($account) == 1)
53. {
54. die("Error: Account contains invalid characters!");
55. }
56. //Die if old password contains non-alphanumeric characters
57. elseif(shitCheckerNum($passwordOld) == 1)
58. {
59. die("Error: Password contains invalid characters!");
60. }
61. //Die if new password contains non-alphanumeric characters
62. elseif(shitCheckerNum($passwordNew) == 1)
63. {
64. die("Error: New password contains invalid characters!");
65. }
66. //Die if new password(confirm) contains non-alphanumeric characters
67. elseif(shitCheckerNum($passwordNew1) == 1)
68. {
69. die("Error: New password contains invalid characters!");
70. }
71.  
72. //If new pass and new pass(confirm) dont match, die.
73. if($passwordNew != $passwordNew1)
74. {
75. die("New password fields must match!");
76. }
77.  
78. //Get acct num from db
79. $query = "SELECT acct FROM accounts WHERE login = '".$account."' AND password = '".$passwordOld."'";
80.  
81. $result = mysql_query($query) or die(mysql_error());
82. $numrows = mysql_num_rows($result);
83.  
84. echo "<tr><td align=center>";
85.  
86. //If no rows, means invalid user/pass, die.
87. if($numrows == 0)
88. {
89. die("Invalid username/password!");
90. }
91.  
92. //Change pass to new password
93. $query = "UPDATE accounts SET password = '".$passwordNew."' WHERE login = '".$account."'";
94. $result = mysql_query($query) or die(mysql_error());
95.  
96. echo "Password for account '".$account."' successfully changed!";
97.  
98. echo "</td></tr>";
99.  
100. //close mysql connection
101. mysql_close();
102. }
103. else
104. {
105. echo "<form name=myform method=post action=passchanger.php>";
106. echo "<tr><td colspan=2 align=center><font size=4>Change Account Password</td></tr>";
107. echo "<tr><td width=125>Account Name: </td><td><input type=text name=account value=''></td></tr>";
108. echo "<tr><td width=125>Old-Password: </td><td><input type=password name=passwordOld value=''></td></tr>";
109. echo "<tr><td width=125>New-Password: </td><td><input type=password name=passwordNew value=''></td></tr>";
110. echo "<tr><td width=125>Re-Enter: </td><td><input type=password name=passwordNew1 value=''></td></tr>";
111. echo "<tr><td colspan=2 align=center><br><input type=submit name=submit value=Submit></td></tr>";
112. echo "</form>";
113. }
114.  
115. echo "</table></center>";
116. echo "Made by Bellatrix";
117. echo "<br>You MUST be offline to use this!";
118. ?>