Samurai Legend Posted May 18, 2014 Share Posted May 18, 2014 I am trying to make a staff file where I can change peoples passwords just incase. function change_pass() { global $db, $ir, $c, $h, $userid; if ($ir['user_level'] != 2) { echo 'You cannot access this area.<br /> > <a href="staff.php">Go Back</a>'; die($h->endpage()); } $_POST['userid'] = (isset($_POST['userid']) && is_numeric($_POST['userid'])) ? abs(intval($_POST['userid'])) : 0; if (!empty($_POST['userid'])) { staff_csrf_stdverify('staff_password', 'staff_users.php?action=password'); $d = $db->query("SELECT `userid`,`username`,`user_level`,`pass_salt` FROM `users` WHERE `userid` = '{$_POST['userid']}' LIMIT 1"); $r = $db->fetch_row($d); $newpw = stripslashes($_POST['password']); $new_psw = $db->escape(encode_password($newpw, $r['pass_salt'])); $db->query( "UPDATE `users` SET `userpass` = '{$new_psw}' WHERE `userid` = {$r['userid']}"); stafflog_add('Changed password for ' . $r['username'] . ' [' . $r['userid'] . ']'); echo ' Password change for ' . $r['username'] . '. <br /> > <a href="staff.php">Go Staff Page</a> '; } else { $csrf = request_csrf_html('staff_password'); echo " <h3>Change Password</h3> <hr /> Change user password. <form action='staff_users.php?action=password' method='post'> User: " . user_dropdown(NULL, 'userid') . " <br /> Password: <input type='text' name='password' /><br /> {$csrf} <input type='submit' value='Change' /> </form> "; } } However I get no errors...But it doesn't change the password to what I want? No worries! I got it fixed. Quote Link to comment Share on other sites More sharing options...
MysteriousD Posted May 18, 2014 Share Posted May 18, 2014 Mind posting how you fixed it, if you didn't already? I'm sure more people could use a mod like this, if it's foolproof ofc. Quote Link to comment Share on other sites More sharing options...
Samurai Legend Posted May 18, 2014 Author Share Posted May 18, 2014 I realised that I did $ir not $r on $new_psw = $db->escape(encode_password($newpw, $r['pass_salt'])); The post is fixed anyway... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.