function do_pass_change() { global $ir, $c, $userid, $h; $oldpw = stripslashes($_POST['oldpw']); $newpw = stripslashes($_POST['newpw']); $newpw2 = stripslashes($_POST['newpw2']); if (!verify_user_password($oldpw, $ir['pass_salt'], $ir['userpass'])) { echo "\n\t\tThe current password you entered was wrong.<br />\n\t\t<a href='preferences.php?action=passchange'>> Back</a>\n \t\t"; } else { if ($newpw !== $newpw2) { echo "The new passwords you entered did not match!<br />\n\t\t<a href='preferences.php?action=passchange'>> Back</a>"; } else { // Re-encode password $new_psw = mysql_real_escape_string(encode_password($newpw, $ir['pass_salt']), $c); mysql_query("UPDATE `users`\n SET `userpass` = '{$new_psw}'\n WHERE `userid` = {$ir['userid']}", $c); echo "Password changed!<br />\n > <a href='preferences.php'>Go Back</a>"; } } }
} else { $mem = mysql_fetch_assoc($uq); $login_failed = false; // Pass Salt generation: autofix if (empty($mem['pass_salt'])) { if (md5($raw_password) != $mem['userpass']) { $login_failed = true; } $salt = generate_pass_salt(); $enc_psw = encode_password($mem['userpass'], $salt, true); $e_salt = mysql_real_escape_string($salt, $c); // in case of changed salt function $e_encpsw = mysql_real_escape_string($enc_psw, $c); // ditto for password encoder mysql_query("UPDATE `users`\n \t\t SET `pass_salt` = '{$e_salt}', `userpass` = '{$e_encpsw}'\n \t\t WHERE `userid` = {$mem['userid']}", $c); } else { $login_failed = !verify_user_password($raw_password, $mem['pass_salt'], $mem['userpass']); } if ($login_failed) { die("<h3>{GAME_NAME} Error</h3>\n\t\tInvalid username or password!<br />\n\t\t<a href='login.php'>> Back</a>"); } if ($mem['userid'] == 1 && file_exists('./installer.php')) { die("<h3>{GAME_NAME} Error</h3>\n The installer still exists! You need to delete installer.php immediately.<br />\n <a href='login.php'>> Back</a>"); } session_regenerate_id(); $_SESSION['loggedin'] = 1; $_SESSION['userid'] = $mem['userid']; $loggedin_url = 'http://' . determine_game_urlbase() . '/loggedin.php'; header("Location: {$loggedin_url}"); exit; }