View Single Post
  #103  
Old 04-06-2010, 05:22 PM
cubber
Discordant
 
Join Date: Apr 2006
Posts: 374
Default

Here is a password reset tool I whipped up today for use with the SVN Login Server.

Same deal as the account creation tool, I stripped it down so it could be customized easily. Make sure to change the mysql info as well as the admin@somewhere.com to your email address. **Note: admin email is lower in the code.**

This script will email a confirmation to the user as well as Bcc the server admin once you change the Bcc: address. Once you verify it is working you may want to remove the $header from the mail line if you don't want users passwords mailed to you when they change them.


pwreset.php

Code:
<!-- EQEmulator SVN Login Server Account Password Reset Utility - By: Cubber -->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>EQEmulator SVN Login Server Account Password Reset Utility</title>

<meta name="description" content="EQEmulator SVN Login Server Account Password Reset Utility.">

</head>

<body>

                        <h1>Password Reset Utility</h1>
                        <p>Please fill out the form below to change your login server password.</p>
                        <br />
                                
                                        <form method="post" action="insert.php">
                                        Username: <i>(Max 16 chars)</i><br />
                                                <input name="username" type="text" id="username" maxlength="16" />
                                        <br /><br />
                                        Current Password: <i>(Max 16 chars)</i><br />
                                                <input name="pw" type="password" id="pw" maxlength="16" />
                                        <br /><br />
                                        New Password: <i>(Max 16 chars)</i><br />
                                                <input name="npw" type="password" id="npw" maxlength="16" />
                                        <br /><br />
                                        Confirm New Password: <i>(Max 16 chars)</i><br />
                                                <input name="cnpw" type="password" id="cnpw" maxlength="16" />
                                        <br /><br />
                                                <input name="Submit" type="submit" value="Change Password" />
                                        </form>
                                        <br />
</body>
</html>

insert.php

Code:
<!-- EQEmulator SVN Login Server Account Password Reset Utility - By: Cubber  -->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>EQEmulator SVN Login Server Account Password Reset Utility</title>

<meta name="description" content="EQEmulator SVN Login Server Account Password Reset Utility.">

<head>

<body>

                <p>                             
                        <?php
                                $DB_ADDY = "localhost"; //address:port for the MySQL server
                                $DB_USER = "eqemu"; //username to login to MySQL with
                                $DB_PASS = "eqemu"; //password to login to MySQL with
                                $DB_DB = "peq"; //database name to use "peq" for default installation
                                $user = $_POST['username'];
                                $pass = $_POST['pw'];
                                $npass = $_POST['npw'];
                                $cnpass = $_POST['cnpw'];


                                function error_s($text) 
                                        {
                                                echo("<p>" . $text);
                                        };      

                                $user_chars = "#[^a-zA-Z0-9_\-]#";

                                if ( !isset($_POST['username']) || !isset($_POST['pw']) || !isset($_POST['npw']) || !isset($_POST['cnpw']) )
                                        {
                                                echo "User/Pass/Email not passed. Click <a href=pwreset.php>here</a> and try again.";
                                                return;
                                        }

                                $con = @mysql_connect($DB_ADDY, $DB_USER, $DB_PASS);
                                if (!$con)
                                        {
                                                error_s("Unable to connect to database: " . mysql_error());
                                        };

                                if (!empty($_POST)) 
                                        {
                                                if ((empty($_POST["username"]))||(empty($_POST["pw"]))||(empty($_POST["npw"]))||(empty($_POST["cnpw"])) ) 
                                                        {
                                                                error_s("You did not enter all the required information. Click <a href=pwreset.php>here</a> and try again.");
                                                                exit();
                                                        }
                                                else 
                                                        {

                                                                $username = ($_POST["username"]);
                                                                $pw = ($_POST["pw"]);
                                                                $npw = ($_POST["npw"]);
                                                                $cnpw = ($_POST["cnpw"]);
                                                
                                                                if (strlen($username) < 5) 
                                                                        {
                                                                                error_s("Username too short. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };
                                                
                                                                if (strlen($username) > 16) 
                                                                        {
                                                                                error_s("Username too long. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                if (strlen($pw) < 6) 
                                                                        {
                                                                                error_s("Password too short. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };
                                            
                                                                if (strlen($pw) > 16) 
                                                                        {
                                                                                error_s("Password too long. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                if (strlen($npw) < 6) 
                                                                        {
                                                                                error_s("New password too short. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                if (strlen($npw) > 16) 
                                                                        {
                                                                                error_s("New password too long. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };
                                         
                                                                if (strlen($cnpw) < 6) 
                                                                        {
                                                                                error_s("New password too short. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                if (strlen($cnpw) > 16) 
                                                                        {
                                                                                error_s("New password too long. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                if (preg_match($user_chars,$username)) 
                                                                        {
                                                                                error_s("Username contained illegal characters. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                if (preg_match($user_chars,$pw)) 
                                                                        {
                                                                                error_s("Password contained illegal characters. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                if (preg_match($user_chars,$npw)) 
                                                                        {
                                                                                error_s("New password contained illegal characters. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                if (preg_match($user_chars,$cnpw)) 
                                                                        {
                                                                                error_s("New password contained illegal characters. Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        };

                                                                 if ($npw != $cnpw)
                                                                        {
                                                                                error_s("Passwords do not match!  Click <a href=pwreset.php>here</a> and try again.");
                                                                                exit();
                                                                        }

                                                                $username = mysql_real_escape_string($username);
                                                                $pw = mysql_real_escape_string($pw);
                                                                $npw = mysql_real_escape_string($npw);
                                                                $cnpw = mysql_real_escape_string($cnpw);
                                                                $qry = @mysql_query("select AccountName from " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts where AccountName = '" . $username . "'", $con);
                                                                if (!$qry) 
                                                                        {
                                                                                error_s("Error querying database: " . mysql_error());
                                                                        };

                                                                if ($existing_username = mysql_fetch_assoc($qry)) 
                                                                        {
                                                                                foreach ($existing_username as $key => $value) 
                                                                                        {
                                                                                                $existing_username = $value;
                                                                                        };
                                                                        };

                                                                $pwqry = @mysql_query("select AccountPassword from " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts where AccountName = '" . $username . "'", $con);
                                                                if (!$pwqry) 
                                                                        {
                                                                                error_s("Error querying database: " . mysql_error());
                                                                        };
                                                                
                                                                if ($pw_check = mysql_fetch_assoc($pwqry)) 
                                                                        {
                                                                                foreach ($pw_check as $key => $value) 
                                                                                        {
                                                                                                $pw_check = $value;
                                                                                        };
                                                                        };

                                                                $sha_oldpass_hash = sha1(($pw));
                                                                if ($sha_oldpass_hash != $pw_check)
                                                                        {
                                                                                error_s("Your account password was incorrect Click <a href=pwreset.php>here</a> and try again."); 
                                                                                exit(); 
                                                                        }

                                                                $existing_username = ($existing_username);
                                                                if ($existing_username == ($_POST['username'])) 
                                                                        {
                                                                                $sha_pass_hash = sha1(($npw));
                                                                                $register_sql = "UPDATE " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts SET AccountPassword='$sha_pass_hash' WHERE AccountName='$username' ";
                                                                        };

                                                                $mailqry = @mysql_query("select AccountEmail from " . mysql_real_escape_string($DB_DB) . ".tblLoginServerAccounts where AccountName = '" . $username . "'", $con);
                                                                if (!$mailqry) 
                                                                        {
                                                                                error_s("Error querying database: " . mysql_error());
                                                                        };

                                                                if ($acct_email = mysql_fetch_assoc($mailqry)) 
                                                                        {
                                                                                foreach ($acct_email as $key => $value) 
                                                                                        {
                                                                                                $acct_email = $value;
                                                                                        };
                                                                        };

                                                                $headers = 'Bcc: admin@somewhere.com' . "\r\n";
                                                                $sendto = $acct_email;
                                                                $subject = "Your Login Server Password Has Been Changed";
                                                                $message = "Your Login Server password for the EQEmulator game server has been changed.  Account details:\n  username: $user\n  password: $npass\n";
                                                                unset($mailqry);
                                                                unset($qry);
                                                                unset($pwqry);

                                                                $qry = @mysql_query($register_sql, $con);
                                                                if (!$qry) 
                                                                        {
                                                                                error_s("Error changing password: " . mysql_error());
                                                                        }
                                                                else 
                                                                        {
                                                                                mail($sendto, $subject, $message, $headers);
                                                                                echo("Your password was successfully changed!");
                                                                        };

                                                                exit();
                                                       };
                                        } 
                                else 
                                        {
                                                echo($page);
                                        };

                        ?>
                </p>
</body>
</html>
Reply With Quote