<?php$dbname = 'auth';// Database name$host_name = 'localhost';// Host addre

1. <?php
2. $dbname = 'auth';// Database name
3. $host_name = 'localhost';// Host address
4. $db_username='root';// DB user
5. $db_pass='password';// DB Pass
6. function sha_password($user,$pass){
7. $user = strtoupper($user);
8. $pass = strtoupper($pass);
9.  
10. return SHA1($user.':'.$pass);
11. }
12. mysql_connect($host_name,$db_username,$db_pass)or die("Could not connect: " . mysql_error());
13. mysql_select_db($dbname);
14.  
15. $username=$_POST['user'];//user name
16. $password = sha_password($_POST['user'],$_POST['pass']);
17. $new_pass = sha_password($_POST['user'],$_POST['npass']);
18.  
19. //user check
20. $result = mysql_query("SELECT * FROM `account` WHERE `username` = '$username' AND `sha_pass_hash` = '$password'");
21. $Nresult = mysql_num_rows($result);
22.  
23. if (!$Nresult){
24. die('wrong username or password');
25. }
26.  
27. //pass update
28. $suc=mysql_query("UPDATE `$dbname`.`account` SET `sha_pass_hash` = '$new_pass' WHERE `account`.`username` = '$username'"); mysql_query("UPDATE `account` SET `v`='0' AND `s`='0' WHERE username='$_POST[user]'");
29. echo 'success';
30.  
31. ?>