session_start();include("includes/resume.config.php");// make sure form field

1. session_start();
2. include("includes/resume.config.php");
3.  
4. // make sure form fields have a value and strip them
5. function check_input($data, $problem='')
6. {
7. $data = trim($data);
8. $data = stripslashes($data);
9. $data = htmlspecialchars($data);
10. if ($problem && strlen($data) == 0)
11. {
12. die($problem);
13. }
14. return $data;
15. }
16.  
17. // get form values, escape them and apply the check_input function
18. $name = $link->real_escape_string(check_input($_POST['name'], "Please enter a name!"));
19. $email = $link->real_escape_string(check_input($_POST['email'], "Please enter an email!"));
20. $password = $link->real_escape_string(check_input($_POST['password'], "Please enter a password!"));
21.  
22. // generate a random salt for converting passwords into MD5
23. $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
24. $saltedPW = $password . $salt;
25. $hashedPW = sha1($saltedPW);
26.  
27. mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
28. // select the db
29. mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
30.  
31. // our sql query
32. $sql = "INSERT INTO admins (name, email, password, salt) VALUES ('$name', '$email', '$hashedPW', '$salt');";
33.  
34. //save the updated information to the database
35. mysqli_query($link, $sql) or die("Error in Query: " . mysqli_error($link));
36.  
37. if (!mysqli_error($link))
38. {
39. header("Location: file_insert.php");
40. }
41.  
42. function check_input($data, $problem='')
43. {
44. $data = trim($data);
45. $data = stripslashes($data);
46. $data = htmlspecialchars($data);
47. if ($problem && strlen($data) == 0)
48. {
49. die($problem);
50. }
51. return $data;
52. }
53.  
54. if(isset($_POST['submitLogin'])) { //form submitted?
55.  
56. // get form values, escape them and apply the check_input function
57. $name = $link->real_escape_string(check_input($_POST['name'], "Please enter a name!"));
58. $password = $link->real_escape_string(check_input($_POST['password'], "Please enter a password!"));
59.  
60. $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
61.  
62. $salt = mysqli_fetch_assoc($saltQuery);
63. $saltedPW = $password . $salt;
64. $hashedPW = sha1($saltedPW);
65.  
66. mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
67. // select the db
68. mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
69.  
70. $validate_user = $link->query('SELECT id, name, password FROM admins WHERE name = "'.$name.'" AND password = "'.$hashedPW.'"');
71.  
72. if ($validate_user->num_rows == 1) {
73. $row = $validate_user->fetch_assoc();
74. $_SESSION['id'] = $row['id'];
75. $_SESSION['loggedin'] = TRUE;
76. Header('Location: file_insert.php');
77. } else {
78. print "<center><p style='margin-top: 200px; font-weight: bold;'>Invalid Login Information</p>";
79. print "<a href='admin-login.php'>Click here</a> to return to the login page.</center>";
80. }
81. }
82.  
83. $saltedPW = $password . $salt;
84.  
85. $saltedPW = $password . $salt['salt'];
86.  
87. if(isset($_POST['submitLogin'])) { //form submitted?
88.  
89. // Here, you didn't connect to database, but you are expecting to fetch salt!
90. $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
91.  
92. $salt = mysqli_fetch_assoc($saltQuery);
93.  
94. if(isset($_POST['submitLogin'])) { //form submitted?
95.  
96. mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
97. // select the db
98. mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
99.  
100. // Here, you didn't connect to database, but you are expecting to fetch salt!
101. $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
102.  
103. if(isset($_POST['submitLogin'])) { //form submitted?
104.  
105. mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
106. // select the db
107. mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
108.  
109. // Here, you didn't connect to database, but you are expecting to fetch salt!
110. $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
111. $salt = mysqli_fetch_assoc($saltQuery);
112. $saltedPW = $password . $salt["salt"];
113. $hashedPW = sha1($saltedPW);