Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- session_start();
- include("includes/resume.config.php");
- // make sure form fields have a value and strip them
- function check_input($data, $problem='')
- {
- $data = trim($data);
- $data = stripslashes($data);
- $data = htmlspecialchars($data);
- if ($problem && strlen($data) == 0)
- {
- die($problem);
- }
- return $data;
- }
- // get form values, escape them and apply the check_input function
- $name = $link->real_escape_string(check_input($_POST['name'], "Please enter a name!"));
- $email = $link->real_escape_string(check_input($_POST['email'], "Please enter an email!"));
- $password = $link->real_escape_string(check_input($_POST['password'], "Please enter a password!"));
- // generate a random salt for converting passwords into MD5
- $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
- $saltedPW = $password . $salt;
- $hashedPW = sha1($saltedPW);
- mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
- // select the db
- mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
- // our sql query
- $sql = "INSERT INTO admins (name, email, password, salt) VALUES ('$name', '$email', '$hashedPW', '$salt');";
- //save the updated information to the database
- mysqli_query($link, $sql) or die("Error in Query: " . mysqli_error($link));
- if (!mysqli_error($link))
- {
- header("Location: file_insert.php");
- }
- function check_input($data, $problem='')
- {
- $data = trim($data);
- $data = stripslashes($data);
- $data = htmlspecialchars($data);
- if ($problem && strlen($data) == 0)
- {
- die($problem);
- }
- return $data;
- }
- if(isset($_POST['submitLogin'])) { //form submitted?
- // get form values, escape them and apply the check_input function
- $name = $link->real_escape_string(check_input($_POST['name'], "Please enter a name!"));
- $password = $link->real_escape_string(check_input($_POST['password'], "Please enter a password!"));
- $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
- $salt = mysqli_fetch_assoc($saltQuery);
- $saltedPW = $password . $salt;
- $hashedPW = sha1($saltedPW);
- mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
- // select the db
- mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
- $validate_user = $link->query('SELECT id, name, password FROM admins WHERE name = "'.$name.'" AND password = "'.$hashedPW.'"');
- if ($validate_user->num_rows == 1) {
- $row = $validate_user->fetch_assoc();
- $_SESSION['id'] = $row['id'];
- $_SESSION['loggedin'] = TRUE;
- Header('Location: file_insert.php');
- } else {
- print "<center><p style='margin-top: 200px; font-weight: bold;'>Invalid Login Information</p>";
- print "<a href='admin-login.php'>Click here</a> to return to the login page.</center>";
- }
- }
- $saltedPW = $password . $salt;
- $saltedPW = $password . $salt['salt'];
- if(isset($_POST['submitLogin'])) { //form submitted?
- // Here, you didn't connect to database, but you are expecting to fetch salt!
- $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
- $salt = mysqli_fetch_assoc($saltQuery);
- if(isset($_POST['submitLogin'])) { //form submitted?
- mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
- // select the db
- mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
- // Here, you didn't connect to database, but you are expecting to fetch salt!
- $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
- if(isset($_POST['submitLogin'])) { //form submitted?
- mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
- // select the db
- mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
- // Here, you didn't connect to database, but you are expecting to fetch salt!
- $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
- $salt = mysqli_fetch_assoc($saltQuery);
- $saltedPW = $password . $salt["salt"];
- $hashedPW = sha1($saltedPW);
Add Comment
Please, Sign In to add comment