Page 1 of 1

MSSQL php script

Posted: Wed Aug 12, 2009 9:50 pm
by fantastik
I run a online game, and am trying to create a script that allows the players to change their password that is stored on the database.

I wanted the player to enter their ingame login and password, and if it matches with the login and password stored in the game database, then it would update the table with the new password.

I have a script working:

Code: Select all

<?php
     include("config.php");
  error_reporting ( E_PARSE );
 
  if ('submit')
           if (!eregi("^[a-zA-Z0-9]*$",$_POST['loginID'])) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
         if (!eregi("^[a-zA-Z0-9]*$",$_POST['Password'])) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
         if (!eregi("^[a-zA-Z0-9]*$",$_POST['Password2'])) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
      if (!eregi("^[a-zA-Z0-9]*$",$_POST['NewPassword'])) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
      if (!eregi("^[a-zA-Z0-9]*$",$_POST['NewPassword2'])) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
            if (strlen($_POST['NewPassword']) > 16) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
         if (strlen($_POST['NewPassword2']) > 16) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
           if (strlen($_POST['loginID']) > 16) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
         if (strlen($_POST['Password']) > 16) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
         if (strlen($_POST['Password2']) > 16) {
      echo "hack attempt by  ". $_SERVER['REMOTE_ADDR'] . "!!!!";
      exit;
   }
           $test = $_POST['test'];
  if (isset($_POST['Create'])) {
    if ($_POST['loginID'] > ""  &&  $_POST['Password'] > ""  &&  $_POST['Password2'] > ""  &&  $_POST['NewPassword'] > ""  &&  $_POST['NewPassword2'] > "" ) {
   $validchars = "abcdefghijklmnopqrstuvwxyz0123456789@";
   $valid = true;
   for ($i = 0; $i < strlen($_POST['loginID']); $i++) {
   if (strpos($validchars,strtolower(substr($_POST['loginID'],$i,1))) === false){
   $valid = false;
   }
   }
 
   for ($i = 0; $i < strlen($_POST['Password']); $i++) {
   if (strpos($validchars,strtolower(substr($_POST['Password'],$i,1))) === false){
   $valid = false;
   }
   }
      for ($i = 0; $i < strlen($_POST['NewPassword']); $i++) {
   if (strpos($validchars,strtolower(substr($_POST['NewPassword'],$i,1))) === false){
   $valid = false;
   }
   }
      for ($i = 0; $i < strlen($_POST['NewPassword2']); $i++) {
   if (strpos($validchars,strtolower(substr($_POST['NewPassword2'],$i,1))) === false){
   $valid = false;
   }
   }
   if ($_POST['Password'] != $_POST['Password2']){
   $valid=false;
   }
      if ($_POST['NewPassword'] != $_POST['NewPassword2']){
   $valid=false;
   }
    if ($valid == true) {
 
            $accquery = "UPDATE tblBillID set Password = '".$_POST['NewPassword']."' where BillID = '".$_POST['loginID']."' and Password = '".$_POST['Password']."'";
            $accresult = odbc_exec($conn,$accquery);
            odbc_close($conn);
            echo "<b>Account Has Been Updated</b>";
            exit;
         }
      
      
      if ($valid == false) {
      echo "<b>Please type your information again, make sure it matches!</b>";}
      
 
}
}
?>
 
<script type="text/javascript">
<!--
var letters='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz '
var numbers='1234567890'
var custom='@.?'
 
function alpha(e,allow) {
var k;
k=document.all?parseInt(e.keyCode): parseInt(e.which);
return (allow.indexOf(String.fromCharCode(k))!=-1);
}
//form clear function
function clearDefault(el) {
  if (el.defaultValue==el.value) el.value = ""
}
// -->
</script>
 
            <form action="" method="post">
<table><tr><td>
 
Login:</td><td>
<input name="loginID" type="text" maxlength="14" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>
 
Password:</td><td>
<input name="Password" type="password" maxlength="28" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>
 
Retype Password:</td><td>
<input name="Password2" type="password" width="100" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>
 
 New Password:</td><td>
<input name="NewPassword" type="text" maxlength="30" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
<tr><td>
 
Retype New Password:</td><td>
<input name="NewPassword2" type="text" width="100" onkeypress="return alpha(event,letters+numbers+custom)" ONFOCUS="clearDefault(this)"></td></tr>
 
<tr>
 
<td><input type="submit" name="Create" value="Update Account!"></td>
                  </tr>
               </table>
            </form>
     
The only problem is, If the player enters a incorrect password, then no row in the table is updated but it still will echo "Account has been updated" since the query is completing even though its not updating anything.

Is there any way I can have it echo "Account has been updated" only if rows have been affected, or is there a better way I could achieve the same results that Im after.

Thanks

Re: MSSQL php script

Posted: Thu Aug 13, 2009 4:29 am
by robnet
Hi fantastik,
You probably just need a conditional statement to check whether a row has been changed -
http://us2.php.net/manual/en/function.odbc-num-rows.php. Something like:

Code: Select all

if(odbc_num_rows()==1){
 // Success, written new password
} else {
 // Fail, return error
}