[MSSQL][PHP] Zmiana hasła

Forum PHP.pl > Forum > Bazy danych > Microsoft SQL Server / MSDE

[MSSQL][PHP] Zmiana hasła

dagets Zobacz profil	28.08.2009, 00:16:35 Post #1
Grupa: Zarejestrowani Postów: 1 Pomógł: 0 Dołączył: 28.08.2009 Ostrzeżenie: (0%)	Witam, Mam oto taki skrypt: [PHP] pobierz, plaintext <? include("config.php"); ?> <? function encode($password) { $EncTable = array('!'=>'95', '"'=>'88', '#'=>'9D', '$'=>'4C', '%'=>'F2', '&'=>'3E', '\''=>'BB', '('=>'C0', ')'=>'7F', ''=>'18', '+'=>'70', ','=>'A6', '-'=>'E2', '.'=>'EC', '/'=>'77', '0'=>'2C', '1'=>'3A', '2'=>'4A', '3'=>'91', '4'=>'5D', '5'=>'7A', '6'=>'29', '7'=>'BC', '8'=>'6E', '9'=>'D4', ':'=>'40', ';'=>'17', '<'=>'2E', '='=>'CB', '>'=>'72', '?'=>'9C', '@'=>'A1', 'A'=>'FF', 'B'=>'F3', 'C'=>'F8', 'D'=>'9B', 'E'=>'50', 'F'=>'51', 'G'=>'6D', 'H'=>'E9', 'I'=>'9A', 'J'=>'B8', 'K'=>'84', 'L'=>'A8', 'M'=>'14', 'N'=>'38', 'O'=>'CE', 'P'=>'92', 'Q'=>'5C', 'R'=>'F5', 'S'=>'EE', 'T'=>'B3', 'U'=>'89', 'V'=>'7B', 'W'=>'A2', 'X'=>'AD', 'Y'=>'71', 'Z'=>'E3', '['=>'D5', '\\'=>'BF', ']'=>'53', '^'=>'28', '_'=>'44', '`'=>'33', 'a'=>'48', 'b'=>'DB', 'c'=>'FC', 'd'=>'09', 'e'=>'1F', 'f'=>'94', 'g'=>'12', 'h'=>'73', 'i'=>'37', 'j'=>'82', 'k'=>'81', 'l'=>'39', 'm'=>'C2', 'n'=>'8D', 'o'=>'7D', 'p'=>'08', 'q'=>'4F', 'r'=>'B0', 's'=>'FE', 't'=>'79', 'u'=>'0B', 'v'=>'D6', 'w'=>'23', 'x'=>'7C', 'y'=>'4B', 'z'=>'8E', '{'=>'06', '\|'=>'5A', '}'=>'CC', '~'=>'62'); $Encode = "0x"; for ($i = 0; $i < strlen($password); $i++) $Encode .= $EncTable[$password[$i]]; return $Encode; } function decode($password) { $DecTable = array('95'=>'!', '88'=>'"', '9D'=>'#', '4C'=>'$', 'F2'=>'%', '3E'=>'&', 'BB'=>'\'', 'C0'=>'(', '7F'=>')', '18'=>'', '70'=>'+', 'A6'=>',', 'E2'=>'-', 'EC'=>'.', '77'=>'/', '2C'=>'0', '3A'=>'1', '4A'=>'2', '91'=>'3', '5D'=>'4', '7A'=>'5', '29'=>'6', 'BC'=>'7', '6E'=>'8', 'D4'=>'9', '40'=>':', '17'=>';', '2E'=>'<', 'CB'=>'=', '72'=>'>', '9C'=>'?', 'A1'=>'@', 'FF'=>'A', 'F3'=>'B', 'F8'=>'C', '9B'=>'D', '50'=>'E', '51'=>'F', '6D'=>'G', 'E9'=>'H', '9A'=>'I', 'B8'=>'J', '84'=>'K', 'A8'=>'L', '14'=>'M', '38'=>'N', 'CE'=>'O', '92'=>'P', '5C'=>'Q', 'F5'=>'R', 'EE'=>'S', 'B3'=>'T', '89'=>'U', '7B'=>'V', 'A2'=>'W', 'AD'=>'X', '71'=>'Y', 'E3'=>'Z', 'D5'=>'[', 'BF'=>'\\', '53'=>']', '28'=>'^', '44'=>'_', '33'=>'`', '48'=>'a', 'DB'=>'b', 'FC'=>'c', '09'=>'d', '1F'=>'e', '94'=>'f', '12'=>'g', '73'=>'h', '37'=>'i', '82'=>'j', '81'=>'k', '39'=>'l', 'C2'=>'m', '8D'=>'n', '7D'=>'o', '08'=>'p', '4F'=>'q', 'B0'=>'r', 'FE'=>'s', '79'=>'t', '0B'=>'u', 'D6'=>'v', '23'=>'w', '7C'=>'x', '4B'=>'y', '8E'=>'z', '06'=>'{', '5A'=>'\|', 'CC'=>'}', '62'=>'~'); for ($i = 0; $i < strlen($password); $i++) { $Hex = sprintf("%02x", ord($password[$i])); $Decode .= $DecTable[strtoupper($Hex)]; } return $Decode; } function auth($ID, $PWD) { $connect = mssql_connect('127.0.0.1', 'sa', ''); $db = mssql_select_db('kal_auth', $connect); $q = mssql_query("SELECT [PWD] FROM Login WHERE [ID] = '$ID'", $connect); $r = mssql_fetch_array($q); $pwd = decode($r['PWD']); if($pwd == $PWD) return true; else return false; } function authsn($ID, $SN) { $connect = mssql_connect('127.0.0.1', 'sa', ''); $db = mssql_select_db('kal_auth', $connect); $q = mssql_query("SELECT [SN] FROM Login WHERE [ID] = '$ID'", $connect); $r = mssql_fetch_array($q); $SN = $r['SN']; if($SN == $sn) return true; else return false; } function change($ID, $PWD) { $connect = mssql_connect('127.0.0.1', 'sa', ''); $db = mssql_select_db('kal_auth', $connect); $EPWD = encode($PWD); mssql_query("UPDATE [Login] SET [PWD] = ".$EPWD." WHERE [ID] = '{$ID}'", $connect); } if( isset($_POST['change']) ) { $id = $_POST['id']; $oldpwd = $_POST['oldpwd']; $sn = $_POST['SN']; $pwd1 = $_POST['pwd1']; $pwd2 = $_POST['pwd2']; if(!ctype_alnum($id)) { echo "<br /><strong><font color=#1A4D80>Please type in your id! (a-z, 0-9)</font></strong>"; return; } if(!ctype_alnum($sn)) { echo "<br /><strong><font color=#1A4D80>Please type in your S/N! (a-z, 0-9)</font></strong>"; return; } if(!ctype_alnum($oldpwd)) { echo "<br /><strong><font color=#1A4D80>Please type in your old password!(a-z, 0-9)</font></strong>"; return; } if(!ctype_alnum($pwd1)) { echo "<br /><strong><font color=#1A4D80>Please type in your password!(a-z, 0-9)</font></strong>"; return; } if(!ctype_alnum($pwd2)) { echo "<br /><strong><font color=#1A4D80>Please type in your password!(a-z, 0-9)</font></strong>"; return; } if($id == "") { echo "<br /><strong><font color=#1A4D80>Please type in your id!</font></strong>"; return; } if($oldpwd == "") { echo "<br /><strong><font color=#1A4D80>Please type in your password!</font></strong>"; return; } if($pwd1 == "") { echo "<br /><strong><font color=#1A4D80>Please type in your new password!</font></strong>"; return; } if($sn == "") { echo "<br /><strong><font color=#1A4D80>Please type in your S/N!</font></strong>"; return; } if(auth($id, $oldpwd)) { if($pwd1 != $pwd2) { echo "<br /><strong><font color=#1A4D80>Passwords do not match!</font></strong>"; } else { change($id, $pwd2); echo "<br /><strong><font color=#1A4D80>Password changed successfully!</font></strong>"; } } else { echo "<br /><strong><font color=#1A4D80>Wrong user id or password!</font></strong>"; } return; } ?> <style type="text/css"> <!-- .styl3 {font-family: Arial, Helvetica, sans-serif; font-size: 12px; } --> </style> <br /><br /> <style type="text/css"> <!-- #login { background-image: url(images/login-1.jpg); background-position: 152px 26px; background-repeat: repeat; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 11px; color: #0066CC; border: 0px; } #button { background-image: url(images/login-2.jpg); background-position: 76px 28px; font-size: 1px; height: 28px; width: 76px; border: 0px; } --> </style> <form action="" method="post"> <label> </label> <table width="360" height="80" border="0" align="center"> <tr> <td width="206" height="24"><span class="styl3">ID:</span></td> <td width="144"><input name="id" type="password" id="login" maxlength="8"></td> </tr> <tr> <td height="24"><span class="styl3">Old Password:</span></td> <td><p> <input name="oldpwd" type="password" id="login" maxlength="8"> </p> </td> </tr> <td height="24"><span class="styl3">New Password:</span></td> <td><p> <input name="pwd1" type="password" id="login" maxlength="8"> </p> </td> </tr> <td height="32"><span class="styl3">Again New Passowrd:</span></td> <td><p> <input name="pwd2" type="password" id="login" maxlength="8"> </p> </td> </tr> <td height="24"><span class="styl3">Secret Number:</span></td> <td><p> <input name="sn" id="login" maxlength="16"> </p> </td> </tr> <tr> <td height="24"> </td> <td><label> <input type="submit" name="change" value="Change Password" /> </label></td> </tr> </table> <div align="center"></div> <label></label> <p> </p> </form> [PHP] pobierz, plaintext Jego zadaniem jest ZMIANA hasła użytkownika będącego w bazie. Jednakże zabezpieczeniem przed zmianą jest tzw. Secret Number, który automatycznie generuje się w tle podczas rejestracji, wysyłany jest do bazy i na adres E-mail użytkownika. Mógłby mi ktoś powiedzieć co jest źle, dlaczego skrypt nie sprawdza czy S/N jest poprawny? (IMG:style_emoticons/default/tongue.gif) Pozdrawiam btw chyba powinienem opublikować ten temat w PHP ;p przepraszam za pomylke (IMG:style_emoticons/default/haha.gif) Ten post edytował dagets 28.08.2009, 00:35:22