API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 3rd, 2018
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.32 KB | None | 0 0
raw download clone embed print report
  1. Eksempel 1: login script
  2.  
  3.  
  4.  
  5. <?php
  6.  
  7. //including sql connection for web database
  8.  
  9. require_once("../sql/conn.php");
  10.  
  11.  
  12.  
  13. //Using escape string to prevent user input from injecting the database
  14.  
  15. if(isset($_POST['uname'])) $username = mysqli_real_escape_string($conn, $_POST['uname']);
  16.  
  17. if(isset($_POST['psw'])) $password = mysqli_real_escape_string($conn, $_POST['psw']);
  18.  
  19.  
  20.  
  21. //Encrypting the user password using a custom salt key and then hashing it with sha512 encryption
  22.  
  23. $salted = $hashPre.$password.$hashPost;
  24.  
  25. $hashed = hash('sha512', $salted);
  26.  
  27.  
  28.  
  29. //Checking for length of username and password since my minimum requirement for both lengths is 6
  30.  
  31. //so anything less than 6 characters long is either a typing error or an attempt at brute force entry
  32.  
  33. if(strlen($username) > 5) {
  34.  
  35. if (strlen($password) > 5) {
  36.  
  37.  
  38.  
  39. //generating the sql query
  40.  
  41. $sql = "SELECT * FROM `users` WHERE `username` = '".$username."'";
  42.  
  43. $result = mysqli_query($conn,$sql);
  44.  
  45. //checking if there is any users by the entered username
  46.  
  47. if($result->num_rows > 0) {
  48.  
  49. while ($row = mysqli_fetch_assoc($result)) {
  50.  
  51. //checking if the entered password match the password for entered user
  52.  
  53. if($row['password'] == $hashed) {
  54.  
  55. //generating a session after authenticating the user
  56.  
  57. session_start();
  58.  
  59. $_SESSION["id"] = $row['id'];
  60.  
  61. $_SESSION['username'] = $row['username'];
  62.  
  63. }
  64.  
  65. }
  66.  
  67. }
  68.  
  69. }
  70.  
  71. }
  72.  
  73. //re-directing the user after session is created or if it fails to create
  74.  
  75. header("Location: ../index.php")
  76.  
  77. ?>
  78.  
  79.  
  80.  
  81. Eksempel 2: Registrerings script fra samme projekt
  82.  
  83.  
  84.  
  85. <?php
  86.  
  87. //including sql connection
  88.  
  89. require_once("../sql/conn.php");
  90.  
  91. //escaping all the form posted data to prevent sql injections
  92.  
  93. if(isset($_POST['fornavn'])) $fornavn = mysqli_real_escape_string($conn, $_POST['fornavn']);
  94.  
  95. if(isset($_POST['efternavn'])) $efternavn = mysqli_real_escape_string($conn, $_POST['efternavn']);
  96.  
  97. if(isset($_POST['brugernavn'])) $brugernavn = mysqli_real_escape_string($conn, $_POST['brugernavn']);
  98.  
  99. if(isset($_POST['email'])) $email = mysqli_real_escape_string($conn, $_POST['email']);
  100.  
  101. if(isset($_POST['psw'])) $password = mysqli_real_escape_string($conn, $_POST['psw']);
  102.  
  103. if(isset($_POST['pswRepeat'])) $passwordRepeat = mysqli_real_escape_string($conn, $_POST['pswRepeat']);
  104.  
  105.  
  106.  
  107. //checking to make sure that both entered passwords are identical to make sure no type errors occured
  108.  
  109. if($password != $passwordRepeat) {
  110.  
  111. header("Location: ../index.php?err=psw");
  112.  
  113. }
  114.  
  115. else
  116.  
  117. {
  118.  
  119. //checking to see if the desired username should already be taken
  120.  
  121. $sql = "SELECT * FROM `users` WHERE `username` = '".$brugernavn."'";
  122.  
  123. $result = mysqli_query($conn,$sql);
  124.  
  125. if($result->num_rows > 0) {
  126.  
  127. header("Location: ../index.php?err=username");
  128.  
  129. }
  130.  
  131. //checking to see if the used email is already registered
  132.  
  133. else {
  134.  
  135. $sql = "SELECT * FROM `users` WHERE `email` = '".$email."'";
  136.  
  137. $result = mysqli_query($conn,$sql);
  138.  
  139. if ($result->num_rows > 0) {
  140.  
  141. header("Location: ../index.php?err=email");
  142.  
  143. }
  144.  
  145. // Encrypting the selected password in the php before parsing the data to the database for extra safety
  146.  
  147.  
  148.  
  149. else {
  150.  
  151. $salted = $hashPre.$password.$hashPost;
  152.  
  153. $hashed = hash('sha512', $salted);
  154.  
  155.  
  156.  
  157. //generating the sql string used to create the users account
  158.  
  159. $sql = "INSERT INTO `web`.`users` (`username`, `password`, `products`, `firstName`, `lastName`, `email`) VALUES ('".$brugernavn."', '".$hashed."', 'none', '".$fornavn."', '".$efternavn."', '".$email."')";
  160.  
  161. //sending the information to the database, and in case something goes wrong with the connection outputs an error
  162.  
  163. if(mysqli_query($conn,$sql)) {
  164.  
  165. header("Location: ../index.php");
  166.  
  167. }
  168.  
  169. else {
  170.  
  171. echo ("Something went horribly wrong");
  172.  
  173. }
  174.  
  175. }
  176.  
  177. }
  178.  
  179. }
  180.  
  181. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!