function ChangePassword($user, $oldpass, $newpass, $passcon) { $fields = strip_tags($fields); $fields = strip_tags($fields); $fields = strip_tags($fields); $fields = strip_tags($fields); $Table = $GLOBALS['user_table']; $userfield = $GLOBALS['username_field']; $passfield = $GLOBALS['password_field']; $password_query = mysql_query("SELECT * FROM {$Table} WHERE {$userfield}='{$user}'") or die(mysql_error()); while ($row = mysql_fetch_assoc($password_query)) { $db_password = $row[$passfield]; if (HashIt($oldpass) == $db_password) { if ($newpass == $passcon) { $passinsert = HashIt($newpass); $PUQ = mysql_query("UPDATE {$Table} SET {$passfield}='{$passinsert}' WHERE {$userfield}='{$user}'") or die(mysql_error()); echo "Success! Your password has been changed!"; } else { echo "Your confirming password does not match your new password!"; } } else { echo "The old password that you entered is incorrect!"; } } }
function DeleteEntry($username,$password) { $result=0; //hash username $hash = HashUsername($username); //hash key $hashedkey = HashIt($password, $hash); $queryresults = ExecSQLReturnAArray("DELETE FROM btcnames WHERE name='".$hash."' AND key='".$hashedkey."'"); //query went ok if ($queryresults != FALSE) { $result = 1; } else //query went wrong { $result = 3; } }
function AddAccount($Action) { $Email = stripslashes($_POST["D1"]); $UserData = FetchUser($Action, $Email); if ($Email == $UserData['Email']) { if ($UserData['Attempt'] < 5) { AddAttempt($Action, $UserData, $Email); $ActivityMSG = "Account to be locked due to multiple registration attempts."; AddActivity($Action, $Email, $ActivityMSG); echo json_encode("notlocked"); exit; } else { $ActivityMSG = "Account was locked out due to multiple registration attempts."; AddActivity($Action, $Email, $ActivityMSG); echo json_encode("locked"); exit; } } $Password = stripslashes($_POST["D2"]); $HashedPassword = HashIt($Password); $Disabled = 1; $Attempt = 0; $AdminCode = 1; global $PDOconn; $Query = 'CALL AddAccount (?, ?, ?, ?, ?)'; $Statement = $PDOconn->prepare($Query); $Statement->bindParam(1, $Email, PDO::PARAM_STR, 45); $Statement->bindParam(2, $HashedPassword, PDO::PARAM_STR, 64); $Statement->bindParam(3, $Disabled, PDO::PARAM_INT, 1); $Statement->bindParam(4, $Attempt, PDO::PARAM_INT, 1); $Statement->bindParam(5, $AdminCode, PDO::PARAM_INT, 1); Execute($Action, $Statement); $ActivityMSG = "Your account was created."; AddActivity($Action, $Email, $ActivityMSG); mail($Email, "Your account was created", "The following email: " . $Email . " has been created. The account will be activated by an Admin. In the meantime, familiarize yourself with the pet policy. https://petsignin.alibkaba.com/petsignin/petpolicy.pdf"); $AdminAccounts = FetchAdmins($Action); foreach ($AdminAccounts as $AdminEmail) { mail($AdminEmail['Email'], "New account created", "The following email: " . $Email . " has been created. Account is awaiting your approval."); } echo json_encode("refresh"); $PDOconn = null; }
<body> <p>Create Admin</p> <form action="#" method='post'> Email: <input type="text" name="Email"><br> Password: <input type="password" name="Password"><br> <input type="submit" name="add" value="Submit" data-theme="b"/> <?php require_once '../db.php'; require_once '../operations.php'; error_reporting(E_ALL); ini_set('display_errors', 1); if (isset($_POST['add'])) { $Action = "admin.php"; $Email = $_POST['Email']; $Password = $_POST['Password']; $HashedPassword = HashIt($Password); $Disabled = 0; $Attempt = 0; $AdminCode = 2; global $PDOconn; $Query = 'CALL AddAdminAccount (?,?,?,?,?)'; $Statement = $PDOconn->prepare($Query); $Statement->bindParam(1, $Email, PDO::PARAM_STR, 45); $Statement->bindParam(2, $HashedPassword, PDO::PARAM_STR, 255); $Statement->bindParam(3, $Disabled, PDO::PARAM_INT, 1); $Statement->bindParam(4, $Attempt, PDO::PARAM_INT, 1); $Statement->bindParam(5, $AdminCode, PDO::PARAM_INT, 1); $Statement->execute(); $ActivityMSG = "Your account was created by an admin."; AddActivity($Action, $Email, $ActivityMSG); $MSG = "Super Admin created.";