PHP - Ayuda cre que esta mal mi codigo.

Ayuda cre que esta mal mi codigo.

Publicado por kevin3584 (1 intervención) el 08/04/2017 12:32:51

tengo un juego online, y medienda la web cambian las contrasenas de las demas personas con solo el ID de usuario.... soy novato en esto xD

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

<!DOCTYPE html>

<html lang="en">

<head>

  <title>Tales Runner Latino Change Password</title>

  <meta charset="utf-8">

  <meta name="viewport" content="width=device-width, initial-scale=1">

  <link rel="shortcut icon" href="./tales.ico"/>

  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">

  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>

  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>

  <script>

//Seguridades Adicionales

require_once "assets/seguridad/sql_inject.php";

require_once "assets/seguridad/anti-inject-base64.php";

require_once "assets/seguridad/anti-inject-base64-PHP5.php";

require_once "assets/seguridad/sql_protect.php";

$bDestroy_session = TRUE;

$url_redirect = 'index.php';

$sqlinject = new sql_inject('Eventcore.txt',$bDestroy_session,$url_redirect) ;

  $(function(){

    $("#reg_user").keypress(function(event){

        if ((event.charCode >= 48 && event.charCode <= 57) || // 0-9

            (event.charCode >= 65 && event.charCode <= 90) || // A-Z

            (event.charCode >= 97 && event.charCode <= 122))  // a-z

             {} else{ return false; }

});

    $("#reg_pass").keypress(function(event){

        if ((event.charCode >= 48 && event.charCode <= 57) || // 0-9

            (event.charCode >= 65 && event.charCode <= 90) || // A-Z

            (event.charCode >= 97 && event.charCode <= 122))  // a-z

	    {} else{ return false; }

});

    $("#reg_conf_pass").keypress(function(event){

        if ((event.charCode >= 48 && event.charCode <= 57) || // 0-9

            (event.charCode >= 65 && event.charCode <= 90) || // A-Z

            (event.charCode >= 97 && event.charCode <= 122))  // a-z

             {} else{ return false; }

});

});

  </script>

 <script src='https://www.google.com/recaptcha/api.js'></script>

</head>

<body>

<div id="container">

<?php

$infomsg = "";

                  if(isset($_POST['register']))

                      $host = "";      /// Host Name or IP Address

                      $user = "";                              /// MSSQL Username

                      $pass = "";                       /// MSSQL Password

                      $dbn  = "";                          /// Database Name

                      $dbconnect = mssql_connect($host , $user , $pass) or die ("DATABASE FAILED TO RESPOND.");

                      mssql_select_db($dbn, $dbconnect) or die ("Could Not Connect To Database !");

		      //check query row

			function checkrow($query1)

			    $query = mssql_query($query1);

			    if(mssql_num_rows($query) > 0)

			      return true;

			    else

			      return false;

		    //security

		     function chckifltr($value)//a-z A-Z 0-9 character possible

			  if(preg_match('/^[a-z0-9A-Z]+$/i', $value))

			    return true;

			  else

			    return false;

                      $username = $_POST['reg_user'];

                      $oldpass  = $_POST['reg_oldpass'];

                      $newpw1   = $_POST['reg_newpw1'];

                      $newpw2   = $_POST['reg_newpw2'];

                      $ppass    = $_POST['reg_ppass'];

                      $oldpass3 = md5($oldpass);

                      date_default_timezone_set('Europe/London');

					  $date = date('m/d/Y h:i:s a', time());

		      if(strlen($username) > 50){

			$infomsg = "<p class=\"bg-danger\">UserID max 20 characters</p>";

		      }else{

		      	if(strlen($oldpass) > 50){

			$infomsg = "<p class=\"bg-danger\">Oldpass max 20 characters</p>";

			  }else{

			  	if(strlen($ppass) > 50){

			$infomsg = "<p class=\"bg-danger\">Security PIN max 20 characters</p>";

			  }else{

			      if(strlen($newpw1) > 50){

				$infomsg = "<p class=\"bg-danger\">New Password max 20 characters</p>";

			      }else{

			      	if(strlen($newpw2) > 50){

				$infomsg = "<p class=\"bg-danger\">New Password max 20 characters</p>";

			      }else{

				      if($username != "" && $oldpass != "" && $newpw1 != "" && $newpw2 != "" && $ppass != "")

					if(chckifltr($username) && chckifltr($oldpass) && chckifltr($newpw1) && chckifltr($newpw2) && chckifltr($ppass))

					    if($newpw1 == $newpw2)

					      if(checkrow("SELECT fdUserID FROM UserInfoFromPublisher WHERE fdUserID = '".$username."'") == true)

					      	if(checkrow("SELECT fdPassword FROM UserInfoFromPublisher WHERE fdPassword = '".$oldpass3."'") == true)

					      	  if(checkrow("SELECT fd2Password FROM UserInfoFromPublisher WHERE fd2Password = '".$ppass."'") == true)

						  $Newpw3 = md5($newpw1);

						  mssql_query("UPDATE UserInfoFromPublisher SET fdPassword = '".$Newpw3."' WHERE fdUserID ='".$username."'");

						  mssql_query("INSERT INTO tblLogChangePwFromWeb (fdUserID,fdGameID,fdOldPassword,fdNewPassword,fdDateTime) VALUES ('".$username."','".$username."','".$oldpass3."','".$Newpw3."','".$date."')");

						  $infomsg = "<p class=\"bg-success\">The account ".$username." has been successfully change the password!</p>";

					      else

						$infomsg = "<font color='red'>Current PIN you have entered is Incorrect!</p>";

					    else

						$infomsg = "<font color='red'>Current Password you have entered is Incorrect!</p>";

					    else

						$infomsg = "<font color='red'>Username you have entered is Incorrect!</p>";

					    else

					      $infomsg = "<font color='red'>Passwords don't match!</p>";

					else

					  $infomsg = "<font color='red'>Please enter only letters and numbers!</p>";

				      else

					$infomsg = "<p class=\"bg-danger\">Please fill in all of the fields!</p>";

?>

<form method="post" action="" class="form-horizontal">

<p class="bg-primary">Change Password For Tales Runner Latino</p>

<table id="registertable" class="table table-bordered">

<tr>

<td>

<p>Login ID</p>

</td>

<td>

<input type="text" maxlength="50" class="btn btn-default" id="reg_user" name="reg_user"/>

</td>

</tr>

<tr>

<td>

<p>Current Password</p>

</td>

<td>

<input type="password" maxlength="50" class="btn btn-default" id="reg_oldpass" name="reg_oldpass"/>

</td>

</tr>

<tr>

<td>

<p>New Password</p>

</td>

<td>

<input type="password" maxlength="50" class="btn btn-default" id="reg_newpw1" name="reg_newpw1"/>

</td>

</tr>

<tr>

<td>

<p>Confirmar New Password</p>

</td>

<td>

<input type="password" maxlength="50" class="btn btn-default" id="reg_newpw2" name="reg_newpw2"/>

</td>

</tr>

<tr>

<td>

<p>Security PIN (For pw change and recovery) <a href="https://www.talesrunnerlatino.net.ve/TR/update.php" class="SetPIN" target="_blank">Click here to Set Security PIN on ur account</a></p>

</td>

<td>

<input type="password" maxlength="50" class="btn btn-default" id="reg_ppass" name="reg_ppass"/>

</td>

</tr>

<tr><td><center><?php echo $infomsg;?></center></td><td>

<button type="submit" name="register" class="btn btn-danger">Change Password</button></td>

</tr>

</table>

</form>

<center>

<div class="g-recaptcha" data-sitekey="6Lf4BRoUAAAAAOEcd_8i9wJPV8ek0QJ6mjrkTaEU"></div>

</center>

<br><br>

</div> </body>

Agradesco con todo el alma si me ayudan :c

Valora esta pregunta

Me gusta: Está pregunta es útil y esta clara

No me gusta: Está pregunta no esta clara o no es útil

Responder