API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 15th, 2017
111
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.17 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <head>
  3. <link rel="stylesheet" href="layout.css" type="text/css"/>
  4. </head>
  5. <body>
  6.  
  7. <div id="logon">
  8. <h1>Login</h1>
  9. <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
  10. <div><label>Username</label><input type="text" name="l_username" /><br /></div>
  11. <div><label>Password</label><input type="password" name="l_password" /><br /></div>
  12. <div><input type="hidden" name="action" value="login">
  13. <div><input type="submit" value="Login" /></div>
  14. </form>
  15. <div>
  16.  
  17. <hr />
  18.  
  19. <h1>Change Password</h1>
  20. Following rules are enforced:
  21. <ul>
  22. <li>Must not be one of your <em>five</em> previous passwords
  23. <li>Must be at least 7 characters long, contain <em>ALL</em> of the following: uppercase, lowercase, digits, special characters ( ][$^?!+*()@&pound;|\ )
  24. <!-- Expire Date, uncomment below line (remove the <!--) -->
  25. <li>Your password will expire after 70 days.
  26. </ul>
  27. <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
  28. <div><label>Username</label><input type="text" name="c_username" /><br /></div>
  29. <div><label>New Password</label><input type="password" name="c_new_password" /><br /></div>
  30. <div><label>Old Password</label><input type="password" name="c_old_password" /><br /></div>
  31. <div><input type="hidden" name="action" value="change">
  32. <div><input type="submit" value="Change Password" /></div>
  33. </form>
  34.  
  35. <hr />
  36.  
  37. <?php
  38. // database stuff
  39. /*
  40. $db_host = "localhost";
  41. $db_user = "root";
  42. $db_pass = "";
  43. $db_name = "test";
  44. */
  45.  
  46. $db_host = 'studentnet.kingston.ac.uk';
  47. $db_user = 'k0614087';
  48. $db_pass = 'password';
  49. $db_name = 'db_k0614087';
  50.  
  51. $conn = mysql_connect ($db_host, $db_user, $db_pass) or die ('MySQL connect failed. ' . mysql_error());
  52. mysql_select_db($db_name) or die('Cannot select database. ' . mysql_error());
  53.  
  54. if(isset($_POST['action']))
  55. {
  56. if($_POST['action'] == 'login')
  57. {
  58. // do login
  59. if(isset($_POST['l_username']) && strlen($_POST['l_username']) > 0 && isset($_POST['l_password']) && strlen($_POST['l_password']) > 0)
  60. {
  61. $q = "Select * from passwords where username = '" . $_POST['l_username'] . "' order by timestamp desc";
  62. //echo $q . "<br />";
  63. $result = mysql_query($q) or die(mysql_error());
  64. $num = mysql_num_rows($result);
  65. if($num == 0)
  66. {
  67. echo "Username not found";
  68. }
  69. if($num > 0)
  70. {
  71. // check password
  72. $row = mysql_fetch_assoc($result);
  73. //echo $row['password'] . " " . $_POST['l_password'] . "" . $row['timestamp'] . "<br />";
  74. if(strcmp($row['password'],$_POST['l_password']) == 0)
  75. {
  76. // Expire Date, uncomment this (remove the /* and */)
  77.  
  78. $number_of_days = 70;
  79. $expire_time = (24 * 60 * 60) * $number_of_days;
  80. //echo "Current time: " . time() . " : " . date("Y-m-d G:H:s",time()) . "<br />";
  81. //echo "Passwod time: " . strtotime($row['timestamp']) . " : " . date("Y-m-d G:H:s",strtotime($row['timestamp'])) . "<br />";
  82. $a = strtotime($row['timestamp']);
  83. $a = $a + $expire_time;
  84. //echo "Pwd time +7d: " . $a . " : " . date("Y-m-d G:H:s",strtotime($row['timestamp']) + (7 * 24 * 60 * 60)) . "<br />";
  85.  
  86.  
  87. if(time() > $a)
  88. {
  89. echo "Password expired. Please change before logging in";
  90. }
  91. else
  92. {
  93. echo "You are logged in";
  94. }
  95. }
  96. else
  97. {
  98. echo "Your password was incorrect";
  99. }
  100. }
  101. }
  102. else
  103. {
  104. echo "Please enter both a username and a password to login";
  105. }
  106. }
  107.  
  108. // split action methods here
  109.  
  110. if($_POST['action'] == 'change')
  111. {
  112. if(isset($_POST['c_username']) && strlen($_POST['c_username']) > 0 && isset($_POST['c_old_password']) && strlen($_POST['c_old_password']) > 0 && isset($_POST['c_new_password']) && strlen($_POST['c_new_password']) > 0)
  113. {
  114. // check old password and username match first
  115. $q = "Select * from passwords where username = '" . $_POST['c_username'] . "' order by timestamp desc";
  116. $result = mysql_query($q) or die(mysql_error());
  117. $num = mysql_num_rows($result);
  118. if($num == 0)
  119. {
  120. if($_POST['c_old_password'] == "NEW_USER")
  121. {
  122. $q = "Insert into passwords (username,password) values ('" . $_POST['c_username'] . "','" . $_POST['c_new_password'] . "')";
  123. $result = mysql_query($q) or die(mysql_error());
  124. echo "New user added.";
  125. }
  126. else
  127. {
  128. echo "Username not found";
  129. }
  130. }
  131. if($num > 0)
  132. {
  133. // check old password
  134. $row = mysql_fetch_assoc($result);
  135. if(strcmp($row['password'],$_POST['c_old_password']) == 0)
  136. {
  137. $password_score = 0;
  138. $isValid = false;
  139. // check password complexity
  140. // length
  141. $minimum_length = 7;
  142. if(strlen($_POST['c_new_password']) >= $minimum_length)
  143. {
  144. $password_score = $password_score + 1;
  145. //echo $password_score . " Pass min length requirement<br />";
  146. }
  147. // upper case
  148. // if new password does not equal new password all lower case,
  149. // there must have been uppercase! add 1 to score
  150. if($_POST['c_new_password'] != strtolower($_POST['c_new_password']))
  151. {
  152. $password_score = $password_score + 1;
  153. //echo $password_score . " Pass upper case requirement<br />";
  154. }
  155. // lower case
  156. // similar explanation to above
  157. if($_POST['c_new_password'] != strtoupper($_POST['c_new_password']))
  158. {
  159. $password_score = $password_score + 1;
  160. //echo $password_score . " Pass lower case requirement<br />";
  161. }
  162. // specials, this will match ][$^?!+*()@£|\
  163. if(preg_match('{[][$^?!+*()@£|\\]]}',$_POST['c_new_password']))
  164. {
  165. $password_score = $password_score + 1;
  166. //echo $password_score . " Pass specials requirement<br />";
  167. }
  168.  
  169. // digits
  170. if(preg_match('#[0-9]#',$_POST['c_new_password']))
  171. {
  172. $password_score = $password_score + 1;
  173. //echo $password_score . " Pass digit requirement<br />";
  174. }
  175.  
  176. // yes or no this password
  177. if($password_score >= 5)
  178. {
  179. $isValid = true;
  180. }
  181. else
  182. {
  183. echo "Sorry, your password does not meet the minmum requirements<br />";
  184. }
  185. // check password isn't same as last 5
  186. $result = mysql_query($q) or die(mysql_error());
  187. for($i = 0; $i < $num; $i++)
  188. {
  189. $row = mysql_fetch_assoc($result);
  190. $p = "";
  191. similar_text($row['password'], $_POST['c_new_password'], $p);
  192. //echo $i . ":" . $num . " " . $p . " " . $row['password'] . " " . $_POST['l_password'] . "" . $row['timestamp'] . "<br />";
  193. if($p > 70)
  194. {
  195. echo "Your new password is too similar to a previous one.<br />";
  196. $isValid = false;
  197. }
  198. }
  199. // check to make sure history is less than 5
  200. // delete oldest if it isn't
  201. //echo $num . "<br />";
  202. if($num > 4)
  203. {
  204. echo "Trimming password history<br />";
  205. $q = "Select * from passwords where username = '" . $_POST['c_username'] . "' order by timestamp asc";
  206. $result = mysql_query($q) or die(mysql_error());
  207. $row = mysql_fetch_assoc($result);
  208. $q = "Delete from passwords where timestamp = '" . $row['timestamp'] . "' and username = '" . $row['username'] . "'";
  209. //echo $q;
  210. $result = mysql_query($q) or die(mysql_error());
  211. }
  212.  
  213. // set new password
  214. if($isValid)
  215. {
  216. $q = "Insert into passwords (username,password) values ('" . $_POST['c_username'] . "','" . $_POST['c_new_password'] . "')";
  217. //echo $q . "<br />";
  218. $result = mysql_query($q) or die(mysql_error());
  219. echo "Password change successful";
  220. }
  221. }
  222. else
  223. {
  224. echo "Your password was incorrect";
  225. }
  226. }
  227. }
  228. else
  229. {
  230. echo "Please enter your username, old password and new password to change your password";
  231. }
  232. }
  233. }
  234.  
  235. ?>
  236.  
  237. <hr />
  238.  
  239. <?php
  240. if($_POST['action'] == 'login')
  241. {
  242. echo "L_USER: " . $_POST['l_username'] . "<br />";
  243. echo "L_PASS: " . $_POST['l_password']. "<br />";
  244. }
  245. if($_POST['action'] == 'change')
  246. {
  247. echo "USERNAME: " . $_POST['c_username']. "<br />";
  248. echo "OLD_PASS: " . $_POST['c_old_password']. "<br />";
  249. echo "NEW_PASS: " . $_POST['c_new_password']. "<br />";
  250. }
  251.  
  252. ?>
  253. </body>
  254. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!