reg.php

1. <?php
2. //retrieve our data from POST
3. $username = $_POST['username'];
4. $pass1 = $_POST['pass1'];
5. $pass2 = $_POST['pass2'];
6. if($pass1 != $pass2)
7.     header('Location: register_form.php');
8. if(strlen($username) > 30)
9.     header('Location: register_form.php');
10.     $hash = hash('sha256', $pass1);
11.     //creates a 3 character sequence
12. function createSalt()
13. {
14.     $string = md5(uniqid(rand(), true));
15.     return substr($string, 0, 3);
16. }
17. $salt = createSalt();
18. $hash = hash('sha256', $salt . $hash);
19. $dbhost = 'localhost';
20. $dbname = 'db_10053670';
21. $dbuser = 'user_10053670';
22. $dbpass = 'Ch33s3cob'; //not really
23. $conn = mysql_connect($dbhost, $dbuser, $dbpass);
24. mysql_select_db($dbname, $conn);
25. //sanitize username
26. $username = mysql_real_escape_string($username);
27. $query = "INSERT INTO users ( username, password, salt )
28.        VALUES ( '$username' , '$hash' , '$salt' );";
29. mysql_query($query);
30. mysql_close();
31. header('Location: register.html');
32. $username = $_POST['username'];
33. $password = $_POST['password'];
34. //connect to the database here
35. $username = mysql_real_escape_string($username);
36. $query = "SELECT password, salt
37.        FROM users
38.        WHERE username = '$username';";
39. $result = mysql_query($query);
40. if(mysql_num_rows($result) < 1) //no such user exists
41. {
42.     header('Location: login_form.php');
43. }
44. $userData = mysql_fetch_array($result, MYSQL_ASSOC);
45. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
46. if($hash != $userData['password']) //incorrect password
47. {
48.     header('Location: register.html');
49. }
50. //login successful
51. ?>
52.