Password Changer

[junx]

To help change Administrator, Gamemaster, Developer, Moderator & Player(s) default passwords to make your server more secure after setup.

Minimalistic

Found and copied from another forum. Forgot who made it. I take no credit. Added & fix a few things.

You can change all the '5' to your specific minimal password length. (Watch out for the '15' if you use Find and Replace.)

<?php 

$host		= "localhost";	//Your servers IP address
$port		= "3306";	//Your servers port
$user		= "root";	//Your database username 
$pass		= "pass";	//Your database password 
$auth		= "auth";	//Your auth database

if(isset($_POST['submit']))
{
	$account = $_POST['account'];
	$passwordOld = $_POST['passwordOld'];
	$passwordNew = $_POST['passwordNew'];
	$passwordNew1 = $_POST['passwordNew1'];
	$passwordolde = sha1(strtoupper($account) . ":" . strtoupper($passwordOld));
	$passwordnewe = sha1(strtoupper($account) . ":" . strtoupper($passwordNew));
	$passwordNew1e = sha1(strtoupper($account) . ":" . strtoupper($passwordNew1));

	$account = /*mysql_real_escape_string*/($account);
	$eoldpass = strtoupper($passwordolde);
	$enewpass = strtoupper($passwordnewe);
	$enewpass1 = strtoupper($passwordNew1e);
	
	$con = mysql_connect("$host", "$user", "$pass") or die(mysql_error());
	mysql_select_db("$auth", $con) or die(mysql_error());
	$query = "SELECT id FROM account WHERE username = '".$account."' AND sha_pass_hash = '".$eoldpass."'";

	$result = mysql_query($query) or die(mysql_error());
	$numrows = mysql_num_rows($result);

	if($enewpass != $enewpass1) { die("<p align='center'>Error:<br><br>New password fields must match!<br><br>Please go back and try again.</p>"); }

	if(strlen($_POST['passwordNew']) < 5){
		$chars = strlen($passwordNew);
		die("<p align='center'>Error:<br><br>Your new password is too short!<br><br>You entered ".$chars." character(s).<br><br>The minimum length is 5 characters and the maximum length is 15.<br><br>Please go back and try again.</p>");
	}

	if($numrows == 0) { die("<p align='center'>Error:<br><br>Invalid account name/password!<br><br>Please go back and try again.</p>"); }

	$query = "UPDATE account SET sha_pass_hash = '".$enewpass."' WHERE username = '".$account."'";
	$result = mysql_query($query) or die(mysql_error());

	echo "<p align='center'>Password for the Account<br><br>'<b>".$account."</b>'<br><br>has been successfully changed!";

	//close mysql connection
	mysql_close($con);
}
else{
?>

<html>
<head>
<title>WoW - Password Changer</title>
</head>
<body>
<center><h1><u><b>Password Changer</b></u></h1><br>
<form autocomplete="off" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
Account/Username:<br><input type="text" name="account"><br><br>
Old Password:<br><input type="password" name="passwordOld"><br><br>
New Password:<br><input type="password" name="passwordNew"><br><small>(5 or more characters)</small><br><br>
Confirm New Password:<br><input type="password" name="passwordNew1"><br><br>
<input value="Change my password!" class="form3" type="submit" name="submit">
</form>
<small>You <b><u>MUST</u></b> be offline for this tool to successfully work!</small>
</center>
</body>
</html>

<?php
}
?>

[Warpten]

[EDIT]Nevermind.

[tabrizadmin]

the password change successfully but u can log in to ur account with ur old password not new one. what is the problem??!!!!!!

[junx]

add

$query = "UPDATE account SET v = '0' WHERE username = '".$account."'";
	$result = mysql_query($query) or die(mysql_error());

	$query = "UPDATE account SET s = '0' WHERE username = '".$account."'";
	$result = mysql_query($query) or die(mysql_error());

after

$query = "UPDATE account SET sha_pass_hash = '".$enewpass."' WHERE username = '".$account."'";
	$result = mysql_query($query) or die(mysql_error());

there is probably a cleaner way to do this but i really dont know.

[tabrizadmin]

It works now. thanks a lot

[xavi]

dont work!! the pass no change!!

[alexw0w]

Thanks for the code and add it to my site