Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Eksempel 1: login script
- <?php
- //including sql connection for web database
- require_once("../sql/conn.php");
- //Using escape string to prevent user input from injecting the database
- if(isset($_POST['uname'])) $username = mysqli_real_escape_string($conn, $_POST['uname']);
- if(isset($_POST['psw'])) $password = mysqli_real_escape_string($conn, $_POST['psw']);
- //Encrypting the user password using a custom salt key and then hashing it with sha512 encryption
- $salted = $hashPre.$password.$hashPost;
- $hashed = hash('sha512', $salted);
- //Checking for length of username and password since my minimum requirement for both lengths is 6
- //so anything less than 6 characters long is either a typing error or an attempt at brute force entry
- if(strlen($username) > 5) {
- if (strlen($password) > 5) {
- //generating the sql query
- $sql = "SELECT * FROM `users` WHERE `username` = '".$username."'";
- $result = mysqli_query($conn,$sql);
- //checking if there is any users by the entered username
- if($result->num_rows > 0) {
- while ($row = mysqli_fetch_assoc($result)) {
- //checking if the entered password match the password for entered user
- if($row['password'] == $hashed) {
- //generating a session after authenticating the user
- session_start();
- $_SESSION["id"] = $row['id'];
- $_SESSION['username'] = $row['username'];
- }
- }
- }
- }
- }
- //re-directing the user after session is created or if it fails to create
- header("Location: ../index.php")
- ?>
- Eksempel 2: Registrerings script fra samme projekt
- <?php
- //including sql connection
- require_once("../sql/conn.php");
- //escaping all the form posted data to prevent sql injections
- if(isset($_POST['fornavn'])) $fornavn = mysqli_real_escape_string($conn, $_POST['fornavn']);
- if(isset($_POST['efternavn'])) $efternavn = mysqli_real_escape_string($conn, $_POST['efternavn']);
- if(isset($_POST['brugernavn'])) $brugernavn = mysqli_real_escape_string($conn, $_POST['brugernavn']);
- if(isset($_POST['email'])) $email = mysqli_real_escape_string($conn, $_POST['email']);
- if(isset($_POST['psw'])) $password = mysqli_real_escape_string($conn, $_POST['psw']);
- if(isset($_POST['pswRepeat'])) $passwordRepeat = mysqli_real_escape_string($conn, $_POST['pswRepeat']);
- //checking to make sure that both entered passwords are identical to make sure no type errors occured
- if($password != $passwordRepeat) {
- header("Location: ../index.php?err=psw");
- }
- else
- {
- //checking to see if the desired username should already be taken
- $sql = "SELECT * FROM `users` WHERE `username` = '".$brugernavn."'";
- $result = mysqli_query($conn,$sql);
- if($result->num_rows > 0) {
- header("Location: ../index.php?err=username");
- }
- //checking to see if the used email is already registered
- else {
- $sql = "SELECT * FROM `users` WHERE `email` = '".$email."'";
- $result = mysqli_query($conn,$sql);
- if ($result->num_rows > 0) {
- header("Location: ../index.php?err=email");
- }
- // Encrypting the selected password in the php before parsing the data to the database for extra safety
- else {
- $salted = $hashPre.$password.$hashPost;
- $hashed = hash('sha512', $salted);
- //generating the sql string used to create the users account
- $sql = "INSERT INTO `web`.`users` (`username`, `password`, `products`, `firstName`, `lastName`, `email`) VALUES ('".$brugernavn."', '".$hashed."', 'none', '".$fornavn."', '".$efternavn."', '".$email."')";
- //sending the information to the database, and in case something goes wrong with the connection outputs an error
- if(mysqli_query($conn,$sql)) {
- header("Location: ../index.php");
- }
- else {
- echo ("Something went horribly wrong");
- }
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement