Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(isset($_POST['submit'])){
- ///////////////////////DATABASE/////////////////////////////////
- $servername = "localhost";
- $username = "root";
- $password = "";
- $dbName="exc1";
- // Create connection
- $conn = new mysqli($servername, $username, $password,$dbName);
- // Check connection
- if (!$conn) {
- die("Connection failed: " . mysqli_connect_error());
- }
- $dbUserInputName=fnSanitizeUserInputString($_POST["input-UserName"]); /////////////////////// USERNAME INPUT////////////////////////////
- $dbUserInputPassword=fnPasswordHash(fnSanitizeUserInputString($_POST["input-Password"]));
- echo("<br>".$dbUserInputPassword);
- ////////////////// PASSWORD INPUT//////////////////////
- fnCompareLogin($dbUserInputName,$dbUserInputPassword,$conn);
- }
- else{
- fnPrintHtml();
- }
- function fnPasswordHash($input){
- $peper="best project ever!";
- $hash= password_hash($input.$peper,PASSWORD_DEFAULT);
- return $hash;
- }
- function fnBlockCount($username,$conn){// count wrong attempts and insert time to database after 3rd time
- $sql="SELECT blockCounter, timeBlock FROM users WHERE username='$username'";
- $result=$conn->query($sql);
- while ($row = mysqli_fetch_object($result)) {
- $result = $row->blockCounter;
- if($result>=3){
- $sql="UPDATE `users` SET `timeBlock`=NOW(), blockCounter=0 WHERE username='$username'";
- $conn->query($sql);
- return True;
- }
- else{
- return False;
- }
- }
- }
- function fnCheckTime($usernameee,$conn){// check if its 5 minutes after the block time
- $now = date("Y-m-d H:i:s");
- $sql1="SELECT * FROM users WHERE username='$usernameee'";
- $result1=$conn->query($sql1);
- while ($row = mysqli_fetch_object($result1)) {
- $result = $row->timeBlock;
- $dResult = explode(":", $result);
- $pointer=true;
- $dResult[1]=$dResult[1]+5;
- $dResult=join(":",$dResult);
- if($dResult>=$now){
- $pointer=False;
- }
- else{
- $pointer=True;
- }
- return $pointer;
- }
- }
- function fnCompareLogin($inputUsername,$inputPassword,$conn){
- $isBlocked=fnCheckTime($inputUsername,$conn);
- if($isBlocked==False){
- echo("blocked");
- fnPrintHtml();
- }
- else{
- $blocker=fnBlockCount($inputUsername,$conn);
- if($blocker){
- echo("blocked");
- fnPrintHtml();
- }
- else{
- $sql="SELECT * FROM users WHERE username='$inputUsername' and password='$inputPassword'";
- $result=$conn->query($sql);
- $result=$result->num_rows;
- if($result==0){
- $sql="UPDATE `users` SET `blockCounter`=blockCounter+1,`timeBlock`=timeBlock WHERE username='$inputUsername'";
- $conn->query($sql);
- echo("incorrect credentials");
- fnPrintHtml();
- }
- elseif ($result==1){
- echo("correct credentials");
- }
- else{
- echo("error");
- }
- }
- }
- }
- function fnSanitizeUserInputString($input){
- $newstr = filter_var($input, FILTER_SANITIZE_STRING);
- return $newstr;
- }
- function fnPrintHtml(){
- echo('<form action="" method="POST">
- <label for="input-UserName">Username:</label>
- <input id="input-UserName" name="input-UserName" type="text" value="test1">
- <label for="input-Password">Password:</label>
- <input id="input-Password" name="input-Password" type="password" value="tes1">
- <input name="submit" value="Send" type="submit">
- </form>');
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement