forked from Encrypt-S/navpi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetpass.php
executable file
·60 lines (46 loc) · 1.45 KB
/
setpass.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
include 'header.php' ;
include 'pass.php' ;
?>
<center>
<form name="change password" method="post" action="<?php $_SERVER['PHP_SELF'] ?>">
<table class='table-hover table-condensed table-bordered table'>
<tr>
<td>Enter the new password :</td>
<td><input class="form-control" type="password" name="newpass" maxlength="60" size="30"></td>
</tr>
<tr>
<td>Enter the new password again :</td>
<td><input class="form-control" type="password" name="newpass2" maxlength="60" size="30"></td>
</tr>
</table>
<br />
<input class='btn btn-default' type="submit" value="Change password">
<br />
<br />
</form>
<?php
if (isset($_POST['newpass']))
{
if ($_POST['newpass'] == '') die ('please enter a new password');
if ($_POST['newpass'] != $_POST['newpass2']) die ('your passwords don\'t match');
updatepass($_POST['newpass']) ;
}
function updatepass($new){
global $passwordlocation ;
// chose any type of encryption you like here
$encryptedPassword = crypt($new,'$5$rounds=5000$saltgoeshere$');
if (is_writable($passwordlocation) == FALSE) die ("The password file must be writable.") ;
// Open the file and erase the contents if any
$fp = fopen($passwordlocation, "w");
// Write the data to the file
// CODE INJECTION WARNING!
fwrite($fp, "<?php\n\$passwd='$encryptedPassword';\n// Remember not to change this file\n?>");
// Close the file
fclose($fp);
echo 'Your new password has been saved' ;
}
?>
</div>
<?php include ("footer.php");?>
</center>