junx Posted March 12, 2011 Posted March 12, 2011 To help change Administrator, Gamemaster, Developer, Moderator & Player(s) default passwords to make your server more secure after setup. Minimalistic Found and copied from another forum. Forgot who made it. I take no credit. Added & fix a few things. You can change all the '5' to your specific minimal password length. (Watch out for the '15' if you use Find and Replace.) <?php $host = "localhost"; //Your servers IP address $port = "3306"; //Your servers port $user = "root"; //Your database username $pass = "pass"; //Your database password $auth = "auth"; //Your auth database if(isset($_POST['submit'])) { $account = $_POST['account']; $passwordOld = $_POST['passwordOld']; $passwordNew = $_POST['passwordNew']; $passwordNew1 = $_POST['passwordNew1']; $passwordolde = sha1(strtoupper($account) . ":" . strtoupper($passwordOld)); $passwordnewe = sha1(strtoupper($account) . ":" . strtoupper($passwordNew)); $passwordNew1e = sha1(strtoupper($account) . ":" . strtoupper($passwordNew1)); $account = /*mysql_real_escape_string*/($account); $eoldpass = strtoupper($passwordolde); $enewpass = strtoupper($passwordnewe); $enewpass1 = strtoupper($passwordNew1e); $con = mysql_connect("$host", "$user", "$pass") or die(mysql_error()); mysql_select_db("$auth", $con) or die(mysql_error()); $query = "SELECT id FROM account WHERE username = '".$account."' AND sha_pass_hash = '".$eoldpass."'"; $result = mysql_query($query) or die(mysql_error()); $numrows = mysql_num_rows($result); if($enewpass != $enewpass1) { die("<p align='center'>Error:<br><br>New password fields must match!<br><br>Please go back and try again.</p>"); } if(strlen($_POST['passwordNew']) < 5){ $chars = strlen($passwordNew); die("<p align='center'>Error:<br><br>Your new password is too short!<br><br>You entered ".$chars." character(s).<br><br>The minimum length is 5 characters and the maximum length is 15.<br><br>Please go back and try again.</p>"); } if($numrows == 0) { die("<p align='center'>Error:<br><br>Invalid account name/password!<br><br>Please go back and try again.</p>"); } $query = "UPDATE account SET sha_pass_hash = '".$enewpass."' WHERE username = '".$account."'"; $result = mysql_query($query) or die(mysql_error()); echo "<p align='center'>Password for the Account<br><br>'<b>".$account."</b>'<br><br>has been successfully changed!"; //close mysql connection mysql_close($con); } else{ ?> <html> <head> <title>WoW - Password Changer</title> </head> <body> <center><h1><u><b>Password Changer</b></u></h1><br> <form autocomplete="off" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>"> Account/Username:<br><input type="text" name="account"><br><br> Old Password:<br><input type="password" name="passwordOld"><br><br> New Password:<br><input type="password" name="passwordNew"><br><small>(5 or more characters)</small><br><br> Confirm New Password:<br><input type="password" name="passwordNew1"><br><br> <input value="Change my password!" class="form3" type="submit" name="submit"> </form> <small>You <b><u>MUST</u></b> be offline for this tool to successfully work!</small> </center> </body> </html> <?php } ?> Eddie 1 Quote
tabrizadmin Posted May 5, 2011 Posted May 5, 2011 the password change successfully but u can log in to ur account with ur old password not new one. what is the problem??!!!!!! Quote
junx Posted May 5, 2011 Author Posted May 5, 2011 add $query = "UPDATE account SET v = '0' WHERE username = '".$account."'"; $result = mysql_query($query) or die(mysql_error()); $query = "UPDATE account SET s = '0' WHERE username = '".$account."'"; $result = mysql_query($query) or die(mysql_error()); after $query = "UPDATE account SET sha_pass_hash = '".$enewpass."' WHERE username = '".$account."'"; $result = mysql_query($query) or die(mysql_error()); there is probably a cleaner way to do this but i really dont know. tabrizadmin 1 Quote
alexw0w Posted October 15, 2011 Posted October 15, 2011 Thanks for the code and add it to my site Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.