Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function createpasswordhash($user, $raw_pass)
- {
- // this should ONLY be used to create NEW passwords, as
- // the salt is based on the time
- $salt = sha1($user . array_sum(explode(' ', microtime())));
- $raw = $salt . sha1(sha1($user) . sha1($salt . $raw_pass));
- return $raw;
- }
- function checkpassword($user, $pass, $hash)
- {
- $salt = substr($hash, 0, 40);
- $check = $salt . sha1(sha1($user) . sha1($salt . $pass));
- if($check == $hash) return true;
- return false;
- }
- function checkLogin($user, $rawpass)
- {
- $user = mysql_real_escape_string($user);
- if(isUserBanned($user)) return 'User is banned.';
- global $DB;
- $query = $DB->Query("SELECT `password`, `active`, `enabled` FROM `users` WHERE `username` = '{$user}' LIMIT 1", __FILE__, __LINE);
- if(!$query) return 'Username or password not found.';
- $row = $DB->Fetch($query);
- if(checkpassword($user, $rawpass, $row['password']))
- {
- if($row['active'] == 0) return 'This account is not yet activated.';
- if($row['enabled'] == 0) return 'This account has been disabled.';
- return '';
- }
- return 'Invalid username/password combination.';
- }
- function validpassword($user, $pass)
- {
- // i dont really use this...basically, it checks for some normal characters
- // and also that the username isnt in the password, or too similar
- $pa = 0;
- $matches = array();
- preg_match('/[^a-zA-Z0-9_\.]/', $user, $matches);
- if(isset($matches[0])) return 1;
- if(strlen($pass) < 6) return 2;
- if(strpos($pass, $user)) return 3;
- similar_text($user, $pass, $pa);
- if($pa >= 40) return 4;
- return 0;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement