Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- function login()
- {
- ?>
- <html>
- <center>
- <u><h1>Login</h1></u>
- <br />
- <form name = "login" action = "" method = "POST" />
- Username :
- <br />
- <input type = "text" name = "username" />
- <br />
- Password :
- <br />
- <input type = "password" name = "password" />
- <br />
- <input type = "submit" value = "Login" />
- <br />
- <br />
- Would you like to be a user?
- <br />
- Check the box below to sign up.
- <br />
- <input type = "checkbox" name = "register" value = "true" />
- </form>
- </center>
- </form>
- </html>
- <?php
- }
- if(!isset($_COOKIE['SkipAlert']))
- {
- echo '<script language = "javascript">alert("Please, When Finished Viewing This Site Use The Logout Button. Thank You - Admin. P.S - This Will Be And Is The Only Alert Box On This Site, If You See Another, Exit And Notify Me Immediately.");</script>';
- }
- $numberset = range(1, 1000);
- $rand_key = array_rand($numberset, 3);
- $numberONE = $numberset[$rand_key[0]];
- $numberTWO = $numberset[$rand_key[1]];
- $numberTHREE = $numberset[$rand_key[2]];
- $random_number = $numberONE.$numberTWO.$numberTHREE;
- $stringset1 = range('A', 'Z');
- $stringset = $stringset1;
- $rand_key = array_rand($stringset, 10);
- $letterONE = $stringset[$rand_key[0]];
- $letterTWO = $stringset[$rand_key[1]];
- $letterTHREE = $stringset[$rand_key[2]];
- $letterFOUR = $stringset[$rand_key[3]];
- $letterFIVE = $stringset[$rand_key[4]];
- $letterSIX = $stringset[$rand_key[5]];
- $letterSEVEN = $stringset[$rand_key[6]];
- $letterEIGHT = $stringset[$rand_key[7]];
- $letterNINE = $stringset[$rand_key[8]];
- $letterTEN = $stringset[$rand_key[9]];
- $random_string = $letterONE.$letterTWO.$letterFIVE.$letterFOUR.$letterTHREE.$letterSEVEN.$letterSIX.$letterEIGHT.$letterNINE.$letterTEN;
- $random = md5($random_number.$random_string);
- if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['register']))
- {
- $con = mysql_connect('localhost', 'root', 'MY_PASS');
- mysql_select_db('database1', $con);
- $query = mysql_query("SELECT * FROM users");
- $flag = false;
- while($rows = mysql_fetch_array($query))
- {
- $user = $rows['username'];
- if($user == $_POST['username'])
- {
- $flag = true;
- }
- // ok the above isn't good i should have done it the way i have below.
- }
- if(!$flag)
- {
- // this is what i'm working on now, trying to sanitize input
- $_POST['username'] = str_replace("'", "", $_POST['username']);
- $_POST['password'] = str_replace("'", "", $_POST['password']);
- mysql_query("INSERT INTO users (username, password) VALUES ('$_POST[username])', '$_POST[password])')");
- $_SESSION['username'] = htmlentities($_POST['username']);
- $_SESSION['fingerprint'] = $random . $_SESSION['username'];
- $_SESSION['login'] = $_SESSION['fingerprint'] . $_SERVER['REMOTE_ADDR'];
- }
- else
- {
- login();
- echo 'Sorry username is already taken';
- }
- }
- elseif(isset($_POST['username']) && isset($_POST['password']) && !isset($_POST['register']))
- {
- // this is the better way of doing it, i'll add it to the top soon
- $con = mysql_connect('localhost', 'root', 'MY_PASSWORD') or die(mysql_error());
- mysql_select_db('database1');
- $checkONE = mysql_query("SELECT * FROM users WHERE username = '$_POST[username]'") or die(mysql_error());
- $checkTWO = mysql_num_rows($checkONE);
- if($checkTWO == 0)
- {
- login();
- die('Sorry, The User/Pass Cobonation Was Incorrect, Please Try Again');
- }
- while($info = mysql_fetch_array($checkONE))
- {
- if($_POST['password'] != $info['password'])
- {
- login();
- die('Sorry, The User/Pass Cobonation Was Incorrect, Please Try Again');
- }
- else
- {
- $_SESSION['username'] = htmlentities($_POST['username']);
- $_SESSION['fingerprint'] = $random . $_SESSION['username'];
- $_SESSION['login'] = $_SESSION['fingerprint'] . $_SERVER['REMOTE_ADDR'];
- }
- }
- }
- else
- {
- login();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement