SHARE
TWEET

Untitled

a guest Jan 19th, 2017 114 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*************** PHP LOGIN SCRIPT V 2.3*********************
  3. (c) Balakrishnan 2010. All Rights Reserved
  4.  
  5. Usage: This script can be used FREE of charge for any commercial or personal projects. Enjoy!
  6.  
  7. Limitations:
  8. - This script cannot be sold.
  9. - This script should have copyright notice intact. Dont remove it please...
  10. - This script may not be provided for download except from its original site.
  11.  
  12. For further usage, please contact me.
  13.  
  14. /******************** MAIN SETTINGS - PHP LOGIN SCRIPT V2.1 **********************
  15. Please complete wherever marked xxxxxxxxx
  16.  
  17. /************* MYSQL DATABASE SETTINGS *****************
  18. 1. Specify Database name in $dbname
  19. 2. MySQL host (localhost or remotehost)
  20. 3. MySQL user name with ALL previleges assigned.
  21. 4. MySQL password
  22.  
  23. Note: If you use cpanel, the name will be like account_database
  24. *************************************************************/
  25. error_reporting (E_ALL & ~ E_NOTICE & ~ E_DEPRECATED);
  26. define ("DB_HOST", "localhost"); // set database host
  27. define ("DB_USER", "flypr908_inv4"); // set database user
  28. define ("DB_PASS","647229abc"); // set database password
  29. define ("DB_NAME","flypr908_invoice4"); // set database name
  30. header('Content-Type: text/html; charset=utf-8');
  31.  
  32. $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
  33. $db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database");
  34.  
  35. /* Registration Type (Automatic or Manual)
  36.  1 -> Automatic Registration (Users will receive activation code and they will be automatically approved after clicking activation link)
  37.  0 -> Manual Approval (Users will not receive activation code and you will need to approve every user manually)
  38. */
  39. $user_registration = 1;  // set 0 or 1
  40.  
  41. define("COOKIE_TIME_OUT", 10); //specify cookie timeout in days (default is 10 days)
  42. define('SALT_LENGTH', 9); // salt for password
  43.  
  44. //define ("ADMIN_NAME", "admin"); // sp
  45.  
  46. /* Specify user levels */
  47. define ("ADMIN_LEVEL", 5);
  48. define ("USER_LEVEL", 1);
  49. define ("GUEST_LEVEL", 0);
  50.  
  51.  
  52.  
  53. /*************** reCAPTCHA KEYS****************/
  54. $publickey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
  55. $privatekey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
  56.  
  57.  
  58. /**** PAGE PROTECT CODE  ********************************
  59. This code protects pages to only logged in users. If users have not logged in then it will redirect to login page.
  60. If you want to add a new page and want to login protect, COPY this from this to END marker.
  61. Remember this code must be placed on very top of any html or php page.
  62. ********************************************************/
  63.  
  64. function page_protect() {
  65. session_start();
  66.  
  67. global $db;
  68.  
  69. /* Secure against Session Hijacking by checking user agent */
  70. if (isset($_SESSION['HTTP_USER_AGENT']))
  71. {
  72.     if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
  73.     {
  74.         logout();
  75.         exit;
  76.     }
  77. }
  78.  
  79. // before we allow sessions, we need to check authentication key - ckey and ctime stored in database
  80.  
  81. /* If session not set, check for cookies set by Remember me */
  82. if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) )
  83. {
  84.     if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){
  85.     /* we double check cookie expiry time against stored in database */
  86.    
  87.     $cookie_user_id  = filter($_COOKIE['user_id']);
  88.     $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
  89.     list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
  90.     // coookie expiry
  91.     if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {
  92.  
  93.         logout();
  94.         }
  95. /* Security check with untrusted cookies - dont trust value stored in cookie.      
  96. /* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
  97.  
  98.      if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)  ) {
  99.           session_regenerate_id(); //against session fixation attacks.
  100.    
  101.           $_SESSION['user_id'] = $_COOKIE['user_id'];
  102.           $_SESSION['user_name'] = $_COOKIE['user_name'];
  103.         /* query user level from database instead of storing in cookies */ 
  104.           list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'"));
  105.  
  106.           $_SESSION['user_level'] = $user_level;
  107.           $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
  108.          
  109.        } else {
  110.        logout();
  111.        }
  112.  
  113.   } else {
  114.     header("Location: login.php");
  115.     exit();
  116.     }
  117. }
  118. }
  119.  
  120.  
  121.  
  122. function filter($data) {
  123.     $data = trim(htmlentities(strip_tags($data)));
  124.    
  125.     if (get_magic_quotes_gpc())
  126.         $data = stripslashes($data);
  127.    
  128.     $data = mysql_real_escape_string($data);
  129.    
  130.     return $data;
  131. }
  132.  
  133.  
  134.  
  135. function EncodeURL($url)
  136. {
  137. $new = strtolower(ereg_replace(' ','_',$url));
  138. return($new);
  139. }
  140.  
  141. function DecodeURL($url)
  142. {
  143. $new = ucwords(ereg_replace('_',' ',$url));
  144. return($new);
  145. }
  146.  
  147. function ChopStr($str, $len)
  148. {
  149.     if (strlen($str) < $len)
  150.         return $str;
  151.  
  152.     $str = substr($str,0,$len);
  153.     if ($spc_pos = strrpos($str," "))
  154.             $str = substr($str,0,$spc_pos);
  155.  
  156.     return $str . "...";
  157. }  
  158.  
  159. function isEmail($email){
  160.   return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
  161. }
  162.  
  163. function isUserID($username)
  164. {
  165.     if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
  166.         return true;
  167.     } else {
  168.         return false;
  169.     }
  170.  } 
  171.  
  172. function isURL($url)
  173. {
  174.     if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
  175.         return true;
  176.     } else {
  177.         return false;
  178.     }
  179. }
  180.  
  181. function checkPwd($x,$y)
  182. {
  183. if(empty($x) || empty($y) ) { return false; }
  184. if (strlen($x) < 4 || strlen($y) < 4) { return false; }
  185.  
  186. if (strcmp($x,$y) != 0) {
  187.  return false;
  188.  }
  189. return true;
  190. }
  191.  
  192. function GenPwd($length = 7)
  193. {
  194.   $password = "";
  195.   $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels
  196.  
  197.   $i = 0;
  198.    
  199.   while ($i < $length) {
  200.  
  201.    
  202.     $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
  203.        
  204.    
  205.     if (!strstr($password, $char)) {
  206.       $password .= $char;
  207.       $i++;
  208.     }
  209.  
  210.   }
  211.  
  212.   return $password;
  213.  
  214. }
  215.  
  216. function GenKey($length = 7)
  217. {
  218.   $password = "";
  219.   $possible = "0123456789abcdefghijkmnopqrstuvwxyz";
  220.  
  221.   $i = 0;
  222.    
  223.   while ($i < $length) {
  224.  
  225.    
  226.     $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
  227.        
  228.    
  229.     if (!strstr($password, $char)) {
  230.       $password .= $char;
  231.       $i++;
  232.     }
  233.  
  234.   }
  235.  
  236.   return $password;
  237.  
  238. }
  239.  
  240.  
  241. function logout()
  242. {
  243. global $db;
  244. session_start();
  245.  
  246. $sess_user_id = strip_tags(mysql_real_escape_string($_SESSION['user_id']));
  247. $cook_user_id = strip_tags(mysql_real_escape_string($_COOKIE['user_id']));
  248.  
  249. if(isset($sess_user_id) || isset($cook_user_id)) {
  250. mysql_query("update `users`
  251.             set `ckey`= '', `ctime`= ''
  252.             where `id`='$sess_user_id' OR  `id` = '$cook_user_id'") or die(mysql_error());
  253. }      
  254.  
  255. /************ Delete the sessions****************/
  256. unset($_SESSION['user_id']);
  257. unset($_SESSION['user_name']);
  258. unset($_SESSION['user_level']);
  259. unset($_SESSION['HTTP_USER_AGENT']);
  260. session_unset();
  261. session_destroy();
  262.  
  263. /* Delete the cookies*******************/
  264. setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
  265. setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
  266. setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
  267.  
  268. header("Location: login.php");
  269. }
  270.  
  271. // Password and salt generation
  272. function PwdHash($pwd, $salt = null)
  273. {
  274.     if ($salt === null)     {
  275.         $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
  276.     }
  277.     else     {
  278.         $salt = substr($salt, 0, SALT_LENGTH);
  279.     }
  280.     return $salt . sha1($pwd . $salt);
  281. }
  282.  
  283. function checkAdmin() {
  284.  
  285. if($_SESSION['user_level'] == ADMIN_LEVEL) {
  286. return 1;
  287. } else { return 0 ;
  288. }
  289.  
  290. }
  291.  
  292. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top