Location: PHPKode > scripts > password420 > password420/addpw.php
<?php
include 'inc/mysql.class.php';
$mysql = new MySQL();

switch(@$_GET['a']) {
	case "addpw":
		if(isset($_GET['uid']) && strlen($_GET['key']) == 4 && isset($_GET['key'])) {
			//this is to prevent flood with requests
			//request will simply be ignored if it comes in too fast
			if (!isset($_SESSION)) session_start();
			if($_SESSION['last_session_request'] > time() - 2) die();
			$_SESSION['last_session_request'] = time();

			$user = str_replace(" ", "+", strtoupper(urldecode($_GET['uid'])));
			$key = str_replace(" ", "+", strtoupper(urldecode($_GET['key'])));
			$password = str_replace(" ", "+", urldecode($_GET['pw']));
			$userdb = hash('sha256', $user.$key);
			
			$data['User'] = MySQL::SQLValue($userdb);
			$data['Password'] = " HEX(AES_ENCRYPT('$password', '$key')) ";
			
			$mysql->InsertRow("password", $data);
		}
	break;
	case "remake":
		if(isset($_GET['uid']) && strlen($_GET['key']) == 4 && isset($_GET['key'])) {
			$user = str_replace(" ", "+", strtoupper(urldecode($_GET['uid'])));
			$key = str_replace(" ", "+", strtoupper(urldecode($_GET['key'])));
			$password = str_replace(" ", "+", urldecode($_GET['pw']));
			$userdb = hash('sha256', $user.$key);
			
			$where['User'] = MySQL::SQLValue($userdb);
			$data['Password'] = " HEX(AES_ENCRYPT('$password', '$key')) ";
			echo $where['User'];
			
			$mysql->UpdateRows('password', $data, $where);
		}
	break;
	case "retreive":
		if(isset($_GET['uid']) && strlen($_GET['key']) == 4 && isset($_GET['key'])) {
			$ip = $_SERVER['REMOTE_ADDR'];
			$mysql->Query("DELETE FROM attempts where (NOW() - at_time) > 3600"); //cron query; clear old records
			
			$mysql->Query("SELECT attempts FROM attempts where (NOW() - at_time) < 3600 and ip = '$ip'");
			$a = ($mysql->rowCount() > 0) ? $mysql->RowArray(null, MYSQL_ASSOC) : array('attempts'=>0);
			if($a['attempts'] >= 5) {
				echo '<h4>You have exceeded the maximum allowed incorrect attempts. Please try again later.</h4>';
			} else {
		
		
			$user = str_replace(" ", "+", strtoupper(urldecode($_GET['uid'])));
			$key = str_replace(" ", "+", strtoupper(urldecode($_GET['key'])));
			$userdb = hash('sha256', $user.$key);
			
			$where['User'] = $userdb;
			
			$mysql->Query("SELECT AES_DECRYPT(UNHEX(Password), '$key') as pw FROM password WHERE User = '$userdb'");
			if($mysql->rowCount() == 0) {
				if($a['attempts'] == 0) { 
					$mysql->Query("INSERT INTO attempts (ip, attempts, at_time) VALUES ('$ip', '1', NOW())");
				} else {
					$mysql->Query("UPDATE attempts SET attempts = attempts+1 WHERE ip = '$ip'");
				}
			
				echo '<h3 align="center" id="errmsgh3">Incorrect User ID or Passkey</h3><p align="center">Please try again</p><label for="userid">
            User ID</label>
		<input id="retreive_login" type="text" name="userid" maxlength="20" />
		<label for="key">
            Passkey</label>
		<input id="retreive_key" type="text" name="key" maxlength="4" />
		<p align="center"><a href="javascript:void(0);" onclick="retreivePassword();">Click to retreive</a></p>';
			} else {
				$a = $mysql->RowArray(null, MYSQL_ASSOC);
				echo '<h3 align="center">Your password is:</h3><h2 align="center">'.$a['pw'].'</h2>';
			}
			}
			//RecordsArray();
		} else echo 'error';
	break;
}
?>
Return current item: password420