Witam,


Mam oto taki skrypt:

[PHP] pobierz, plaintext 
  1. <? include("config.php"); ?>
  2.     <?
  3.     function encode($password)
  4.     {
  5.         $EncTable = array('!'=>'95', '"'=>'88', '#'=>'9D', '$'=>'4C', '%'=>'F2',
  6.     '&'=>'3E', '\''=>'BB', '('=>'C0', ')'=>'7F', '*'=>'18', '+'=>'70',
  7.     ','=>'A6', '-'=>'E2', '.'=>'EC', '/'=>'77',
  8.                             '0'=>'2C', '1'=>'3A', '2'=>'4A', '3'=>'91',
  9.     '4'=>'5D', '5'=>'7A', '6'=>'29', '7'=>'BC', '8'=>'6E', '9'=>'D4', ':'=>'40',
  10.     ';'=>'17', '<'=>'2E', '='=>'CB', '>'=>'72', '?'=>'9C',
  11.                             '@'=>'A1', 'A'=>'FF', 'B'=>'F3', 'C'=>'F8',
  12.     'D'=>'9B', 'E'=>'50', 'F'=>'51', 'G'=>'6D', 'H'=>'E9', 'I'=>'9A', 'J'=>'B8',
  13.     'K'=>'84', 'L'=>'A8', 'M'=>'14', 'N'=>'38', 'O'=>'CE',
  14.                             'P'=>'92', 'Q'=>'5C', 'R'=>'F5', 'S'=>'EE',
  15.     'T'=>'B3', 'U'=>'89', 'V'=>'7B', 'W'=>'A2', 'X'=>'AD', 'Y'=>'71', 'Z'=>'E3',
  16.     '['=>'D5', '\\'=>'BF', ']'=>'53', '^'=>'28', '_'=>'44',
  17.                             '`'=>'33', 'a'=>'48', 'b'=>'DB', 'c'=>'FC',
  18.     'd'=>'09', 'e'=>'1F', 'f'=>'94', 'g'=>'12', 'h'=>'73', 'i'=>'37', 'j'=>'82',
  19.     'k'=>'81', 'l'=>'39', 'm'=>'C2', 'n'=>'8D', 'o'=>'7D',
  20.                             'p'=>'08', 'q'=>'4F', 'r'=>'B0', 's'=>'FE',
  21.     't'=>'79', 'u'=>'0B', 'v'=>'D6', 'w'=>'23', 'x'=>'7C', 'y'=>'4B', 'z'=>'8E',
  22.     '{'=>'06', '|'=>'5A', '}'=>'CC', '~'=>'62');
  23.  
  24.         $Encode = "0x";
  25.  
  26.         for ($i = 0; $i < strlen($password); $i++)
  27.             $Encode .= $EncTable[$password[$i]];
  28.  
  29.         return $Encode;
  30.     }
  31.  
  32.     function decode($password)
  33.     {
  34.         $DecTable = array('95'=>'!', '88'=>'"', '9D'=>'#', '4C'=>'$', 'F2'=>'%',
  35.     '3E'=>'&', 'BB'=>'\'', 'C0'=>'(', '7F'=>')', '18'=>'*', '70'=>'+',
  36.     'A6'=>',', 'E2'=>'-', 'EC'=>'.', '77'=>'/',
  37.                             '2C'=>'0', '3A'=>'1', '4A'=>'2', '91'=>'3',
  38.     '5D'=>'4', '7A'=>'5', '29'=>'6', 'BC'=>'7', '6E'=>'8', 'D4'=>'9', '40'=>':',
  39.     '17'=>';', '2E'=>'<', 'CB'=>'=', '72'=>'>', '9C'=>'?',
  40.                             'A1'=>'@', 'FF'=>'A', 'F3'=>'B', 'F8'=>'C',
  41.     '9B'=>'D', '50'=>'E', '51'=>'F', '6D'=>'G', 'E9'=>'H', '9A'=>'I', 'B8'=>'J',
  42.     '84'=>'K', 'A8'=>'L', '14'=>'M', '38'=>'N', 'CE'=>'O',
  43.                             '92'=>'P', '5C'=>'Q', 'F5'=>'R', 'EE'=>'S',
  44.     'B3'=>'T', '89'=>'U', '7B'=>'V', 'A2'=>'W', 'AD'=>'X', '71'=>'Y', 'E3'=>'Z',
  45.     'D5'=>'[', 'BF'=>'\\', '53'=>']', '28'=>'^', '44'=>'_',
  46.                             '33'=>'`', '48'=>'a', 'DB'=>'b', 'FC'=>'c',
  47.     '09'=>'d', '1F'=>'e', '94'=>'f', '12'=>'g', '73'=>'h', '37'=>'i', '82'=>'j',
  48.     '81'=>'k', '39'=>'l', 'C2'=>'m', '8D'=>'n', '7D'=>'o',
  49.                             '08'=>'p', '4F'=>'q', 'B0'=>'r', 'FE'=>'s',
  50.     '79'=>'t', '0B'=>'u', 'D6'=>'v', '23'=>'w', '7C'=>'x', '4B'=>'y', '8E'=>'z',
  51.     '06'=>'{', '5A'=>'|', 'CC'=>'}', '62'=>'~');
  52.  
  53.  
  54.         for ($i = 0; $i < strlen($password); $i++)
  55.        {
  56.           $Hex = sprintf("%02x", ord($password[$i]));
  57.             $Decode .= $DecTable[strtoupper($Hex)];
  58.        }
  59.  
  60.         return $Decode;
  61.     }
  62.     function auth($ID, $PWD)
  63.     {
  64.        $connect = mssql_connect('127.0.0.1', 'sa', '');
  65.        $db = mssql_select_db('kal_auth', $connect);
  66.  
  67.        $q = mssql_query("SELECT [PWD] FROM Login WHERE [ID] = '$ID'", $connect);
  68.        $r = mssql_fetch_array($q);
  69.        $pwd = decode($r['PWD']);
  70.  
  71.        if($pwd == $PWD)
  72.           return true;
  73.        else
  74.           return false;
  75.     }
  76.  
  77.     function authsn($ID, $SN)
  78.     {
  79.        $connect = mssql_connect('127.0.0.1', 'sa', '');
  80.        $db = mssql_select_db('kal_auth', $connect);
  81.  
  82.        $q = mssql_query("SELECT [SN] FROM Login WHERE [ID] = '$ID'", $connect);
  83.        $r = mssql_fetch_array($q);
  84.        $SN = $r['SN'];
  85.  
  86.        if($SN == $sn)
  87.           return true;
  88.        else
  89.           return false;
  90.     }
  91.  
  92.  
  93.     function change($ID, $PWD)
  94.     {
  95.        $connect = mssql_connect('127.0.0.1', 'sa', '');
  96.        $db = mssql_select_db('kal_auth', $connect);
  97.  
  98.        $EPWD = encode($PWD);
  99.  
  100.        mssql_query("UPDATE [Login] SET [PWD] = ".$EPWD." WHERE [ID] = '{$ID}'",
  101.     $connect);
  102.     }
  103.  
  104.     if( isset($_POST['change']) )
  105.     {
  106.        $id = $_POST['id'];
  107.        $oldpwd = $_POST['oldpwd'];
  108.        $sn = $_POST['SN'];
  109.        $pwd1 = $_POST['pwd1'];
  110.        $pwd2 = $_POST['pwd2'];
  111.  
  112.  
  113.     if(!ctype_alnum($id)) {
  114.         echo "<br /><strong><font color=#1A4D80>Please type in your id! (a-z, 0-9)</font></strong>";
  115.           return;
  116. 	}
  117.  
  118.     if(!ctype_alnum($sn)) {
  119.         echo "<br /><strong><font color=#1A4D80>Please type in your S/N! (a-z, 0-9)</font></strong>";
  120.           return;
  121. 	}
  122.     if(!ctype_alnum($oldpwd)) {
  123.         echo "<br /><strong><font color=#1A4D80>Please type in your old password!(a-z, 0-9)</font></strong>";
  124.           return;
  125. 	}
  126.  
  127.     if(!ctype_alnum($pwd1)) {
  128.         echo "<br /><strong><font color=#1A4D80>Please type in your password!(a-z, 0-9)</font></strong>";
  129.           return;
  130. 	}
  131.  
  132.     if(!ctype_alnum($pwd2)) {
  133.         echo "<br /><strong><font color=#1A4D80>Please type in your password!(a-z, 0-9)</font></strong>";
  134.           return;
  135. 	}
  136.  
  137.        if($id == "")
  138.        {
  139.           echo "<br /><strong><font color=#1A4D80>Please type in your id!</font></strong>";
  140.           return;
  141.        }
  142.  
  143.        if($oldpwd == "")
  144.        {
  145.           echo "<br /><strong><font color=#1A4D80>Please type in your password!</font></strong>";
  146.           return;
  147.        }
  148.  
  149.        if($pwd1 == "")
  150.        {
  151.           echo "<br /><strong><font color=#1A4D80>Please type in your new password!</font></strong>";
  152.           return;
  153.        }
  154.  
  155.        if($sn == "")
  156.        {
  157.           echo "<br /><strong><font color=#1A4D80>Please type in your S/N!</font></strong>";
  158.           return;
  159.        }
  160.  
  161.        if(auth($id, $oldpwd))
  162.        {
  163.  
  164. 	if($pwd1 != $pwd2)
  165.           {
  166.              echo "<br /><strong><font color=#1A4D80>Passwords do not match!</font></strong>";
  167.           }	
  168.           else
  169.           {
  170.              change($id, $pwd2);
  171.              echo "<br /><strong><font color=#1A4D80>Password changed successfully!</font></strong>";
  172.           }
  173.        }
  174.        else
  175.        {
  176.           echo "<br /><strong><font color=#1A4D80>Wrong user id or password!</font></strong>";
  177.        }
  178.  
  179.  
  180.        return;
  181.     }
  182.     ?>
  183.     <style type="text/css">
  184. <!--
  185. .styl3 {font-family: Arial, Helvetica, sans-serif; font-size: 12px; }
  186. -->
  187.     </style>
  188.  
  189.     <br /><br />
  190. <style type="text/css">
  191. <!--
  192. #login {
  193. 	background-image: url(images/login-1.jpg);
  194. 	background-position: 152px 26px;
  195. 	background-repeat: repeat;
  196. 	font-family: Verdana, Arial, Helvetica, sans-serif;
  197. 	font-size: 11px;
  198. 	color: #0066CC;
  199. 	border: 0px;
  200. }
  201. #button {
  202. 	background-image: url(images/login-2.jpg);
  203. 	background-position: 76px 28px;
  204. 	font-size: 1px;
  205. 	height: 28px;
  206. 	width: 76px;
  207. 	border: 0px;
  208. }
  209. -->
  210. </style>
  211. <form action="" method="post">
  212.   <label>  </label>
  213.   <table width="360" height="80" border="0" align="center">
  214.     <tr>
  215.       <td width="206" height="24"><span class="styl3">ID:</span></td>
  216.       <td width="144"><input name="id" type="password" id="login" maxlength="8"></td>
  217.     </tr>
  218.     <tr>
  219.  
  220.       <td height="24"><span class="styl3">Old Password:</span></td>
  221.       <td><p>
  222.         <input name="oldpwd" type="password" id="login" maxlength="8">
  223.       </p>      </td>
  224.     </tr>
  225.           <td height="24"><span class="styl3">New Password:</span></td>
  226.       <td><p>
  227.         <input name="pwd1" type="password" id="login" maxlength="8">
  228.       </p>      </td>
  229.     </tr>
  230.           <td height="32"><span class="styl3">Again New Passowrd:</span></td>
  231.       <td><p>
  232.         <input name="pwd2" type="password" id="login" maxlength="8">
  233.       </p>      </td>
  234.     </tr>
  235.           <td height="24"><span class="styl3">Secret Number:</span></td>
  236.       <td><p>
  237.         <input name="sn" id="login" maxlength="16">
  238.       </p>      </td>
  239.     </tr>
  240.     <tr>
  241.       <td height="24"> </td>
  242.       <td><label>
  243.  
  244.       <input type="submit" name="change" value="Change Password" />
  245.       </label></td>
  246.     </tr>
  247.   </table>
  248.   <div align="center"></div>
  249.   <label></label>
  250.   <p> </p>
  251. </form>
[PHP] pobierz, plaintext


Jego zadaniem jest ZMIANA hasła użytkownika będącego w bazie. Jednakże zabezpieczeniem przed zmianą jest tzw. Secret Number, który automatycznie generuje się w tle podczas rejestracji, wysyłany jest do bazy i na adres E-mail użytkownika.

Mógłby mi ktoś powiedzieć co jest źle, dlaczego skrypt nie sprawdza czy S/N jest poprawny? tongue.gif

Pozdrawiam

btw chyba powinienem opublikować ten temat w PHP ;p przepraszam za pomylke haha.gif