Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- require "/functions.php";
- if (isset($_GET['user'])) {
- $user = $_GET['user'];
- }
- if (isset($_GET['key']) && (strlen($_GET['key']) == 32)){
- $key = $_GET['key'];
- }
- if (isset($user) && isset($key)) {
- $sql = <<<SQL
- UPDATE users
- SET validation = NULL
- WHERE username='$user'
- AND validation='$key',
- user_group = 'member'
- SQL;
- $count = $db->affected_rows;
- if ($count == 1)
- {
- echo '<div>Your account is now active. You may now <a href="login.php">Log in</a></div>';
- } else {
- echo '<div>Oops! Your account could not be activated. Please recheck the link or contact the system administrator.</div>';
- }
- ob_end_flush();
- } else {
- echo '<div>Error Occured .</div>';
- }
- ?>
- // Globals & error variable
- require "/functions.php";
- session_start();
- $error = "";
- if (isset( $_POST['Submit'])) {
- if (empty($_POST['username']) || empty($_POST['password'])) {
- $error = "Please fill in all fields!";
- }
- else {
- $username=$_POST['username'];
- $password=$_POST['password'];
- // Injection-protection!
- $username = stripslashes($username);
- $password = stripslashes($password);
- $username = mysqli_real_escape_string($db, $username);
- $password = mysqli_real_escape_string($db, $password);
- $sql = <<<SQL
- SELECT *
- FROM `users`
- WHERE `username`='$username'
- SQL;
- $result = $db->query($sql);
- $count->num_rows;
- if($count==1){
- while ($row = mysqli_fetch_array($result)) {
- $hash = $row['password'];
- $ug = $row['user_group'];
- }
- salt();
- $options=['salt'=>$bcrypt_salt, 'cost'=>12];
- $password=$argv[1];
- if (crypt($password,$hash) == $hash) {
- $_SESSION['login_user']= $username;
- $_SESSION['user_group']= $ug;
- header("location:index.php");
- }
- else {
- $error = "Username or password is invalid!";
- }
- }
- else {
- $error = "That username doesn't exist!";
- }
- ob_end_flush();
- }
- }
- // db connect
- $db = new mysqli('HOST', 'USER', 'PASS', 'DB');
- if($db->connect_errno > 0){
- die('Unable to connect to database [' . $db->connect_error . ']');
- }
- WHERE username='$user'
- AND validation='$key',
- user_group = 'member'
- <?php
- error_reporting(E_ALL);
- ini_set('display_errors', 1);
- // rest of your code
- $key = $_GET['key'];
- $key = trim($key);
- if (isset($_GET['user'])) {
- $user = $_GET['user'];
- }
- if (isset($_GET['key']) && (strlen($_GET['key']) == 32)){
- $key = $_GET['key'];
- }
- if (isset($_GET['user'])) {
- $user = $_GET['user'];
- }
- else{
- echo "User is not set";
- exit; // Stop the entire process, it's not set
- }
- if (isset($_GET['key']) && (strlen($_GET['key']) == 32)){
- $key = $_GET['key'];
- }
- else{
- echo "Key is not set";
- exit; // Stop the entire process, it's not set
- }
- <?php
- $DB_HOST = 'xxx'; // Change those
- $DB_USER = 'xxx'; // to your
- $DB_PASS = 'xxx'; // own
- $DB_NAME = 'xxx'; // credentials
- $db = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
- if($db->connect_errno > 0) {
- die('Connection failed [' . $db->connect_error . ']');
- }
- $activation = md5(uniqid(rand(), true));
- echo $activation . "<br>";
- $user = "test";
- $key = "b5bad6f02c247458e3d888f94b568819 ";
- // deliberate space added at the end of the string, remove it from this when testing.
- $key = trim($key); // trims off the space at the end of the key string.
- echo strlen($key); // yep, gotten 32
- $sql = <<<SQL
- UPDATE users
- SET validation = NULL
- WHERE username='$user'
- AND validation='$key'
- SQL;
- $result = $db->query($sql);
- if($result) {
- echo "Success" . "<br>";
- // This does not always mean it was truly successful. Use affected_rows()
- }
- else{
- echo "Failed" . mysqli_error($db);
- }
- $affected = $db->affected_rows;
- if($affected){
- echo "Affected yes";
- }
- else{
- echo "Not affected";
- }
Add Comment
Please, Sign In to add comment