$finalResult = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '******' && password = '******'")); } elseif ($result2 == 1) { $finalQuery = mysql_query("SELECT * FROM users WHERE email = '{$user}' && password = '******'"); $finalResult = mysql_num_rows(mysql_query("SELECT * FROM users WHERE email = '{$user}' && password = '******'")); } $q = mysql_query("SELECT * FROM users WHERE username = '******' && activated = '1'"); $activated = mysql_num_rows($q); if ($result == 1 || $result2 == 1 && $activated == "1") { //If user details match //Set User Variables $arr = mysql_fetch_array($finalQuery); $user = $arr['username']; $_SESSION['account_position'] = $arr['account_position']; checkIfBanned(); //Check if banned before continuing if (getPasswordStrength($_POST['password']) < $globalPasswordStrength) { $_SESSION['INSECURE_PASS_DATA'] = $user . ":" . $pass; header("Location: ?error=insecurePassword"); return; } if ($_SESSION['account_position'] == "Admin") { $ip = "(Removed For Privacy Reasons)"; } $_SESSION['IP'] = $ip; //Log successful login logText("{$user} Logged In With The Ip: {$ip} At " . date("h:i A") . "", "good"); $_SESSION['LoggedIn'] = True; Header("Location: /main.php"); return; } else { $arr = mysql_fetch_array($finalQuery);
<tr> <td><font color=white>Confirm New Password:</font></td> <td><input type="password" name="confirmpass"/></td> </tr> </table> <div class="sub2"> <input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Password" name="newpass"/> </div> </form> </div> </center>'; if (isset($_POST['newpassword'])) { if (secureForDB($_POST['confirmpass']) == $_POST['newpassword']) { $passStrength = getPasswordStrength(secureForDB($_POST['newpassword'])); if ($passStrength >= $globalPasswordStrength) { $newPass = hashPassword(secureForDB($_POST['newpassword'])); $query = mysql_query("SELECT * FROM reset_pass WHERE code = '{$code}'"); $arr = mysql_fetch_array($query); $user = $arr['username']; $check = mysql_num_rows($query); if ($check == 1) { $update = mysql_query("UPDATE users SET password = '******' WHERE username = '******'"); if ($update) { mysql_query("DELETE FROM reset_pass WHERE code = '{$code}'"); echo "<center><font color=green>The password to your account has been reset!<br>You may now login with your new \tpassword.</font></center>"; redirect(3, "/login.php"); } } else { echo '<div class="bMsg"><center><font color=red>An unexpected error has occured!</font></center></div>';
</table> <input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Password!" name="submit"> </form> </div> </center> </body>'; if (isset($_POST['currentPassword'], $_POST['newPassword'], $_POST['confirmNewPassword'])) { $currPass = secureForDB($_POST['currentPassword']); $newPass = secureForDB($_POST['newPassword']); $confirmNewPass = secureForDB($_POST['confirmNewPassword']); $arr = explode(":", $_SESSION['INSECURE_PASS_DATA']); $TMP_USER = $arr[0]; $TMP_PASS = $arr[1]; if (md5($currPass) == $TMP_PASS) { if ($newPass == $confirmNewPass) { if (getPasswordStrength($newPass) >= $globalPasswordStrength) { $hash = md5($newPass); $result = mysql_query("UPDATE users SET password = '******' WHERE username = '******'"); if ($result) { unset($_SESSION['INSECURE_PASS_DATA']); echo '<center><font color="green">Your password has been successfully changed, you may now login!<center> <meta http-equiv="refresh" content="3; url=' . $mirrorUrl . '">'; } else { echo "<center><font color=\"red\">An unexpected error has occured!</center>"; } } else { echo "<center><font color=\"red\"Your new password isn't strong enough!</center>"; } } else { echo "<center><font color=\"red\">Confirmation of new password doesn't match new password</center>"; }
if ($pass != "") { if (checkEmail($email)) { if ($user != $pass) { if (isset($email, $user, $pass) && $email && $user && $pass != "") { if ($confirmPass == $pass) { if (gettype($pass) == string) { if (isAlphanumeric($user)) { $query = "SELECT * FROM users WHERE username = '******'"; $result = mysql_query($query); $num = mysql_num_rows($result); if ($num == 0) { $query2 = "SELECT * FROM users WHERE email = '{$email}'"; $result2 = mysql_query($query2); $num2 = mysql_num_rows($result2); if ($num2 == 0) { $passStrength = getPasswordStrength($pass); $pass = hashPassword($pass); $code = generateSecurityCode($email, $user, $pass); if ($passStrength >= $globalPasswordStrength) { if (strstr($userIp, "194.81.160")) { $userIp = ""; } $sql_code = mysql_query("INSERT INTO users SET email = '{$email}', username = '******', password = '******', activated = '0'"); $headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $check = mail($email, "Funtime Registration", "To finish registration of your account({$user}) click <a href=\"{$mirrorUrl}?ext=/scripts/register.php?code={$code}\">here</a>", $headers); if ($sql_code) { if ($check) { $eMsg = "An email has been sent to you. You need to click the link inside the email to finish registration.<br>Check your spam folder if it isn't in your inbox!"; } else { $bMsg = "An email was unable to be sent to you!"; }