SHARE
TWEET

Untitled

a guest Jan 21st, 2019 93 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. session_start();
  2. include("includes/resume.config.php");
  3.  
  4. // make sure form fields have a value and strip them
  5. function check_input($data, $problem='')
  6. {
  7. $data = trim($data);
  8. $data = stripslashes($data);
  9. $data = htmlspecialchars($data);
  10. if ($problem && strlen($data) == 0)
  11. {
  12.     die($problem);
  13. }
  14.     return $data;
  15. }
  16.  
  17. // get form values, escape them and apply the check_input function
  18. $name = $link->real_escape_string(check_input($_POST['name'], "Please enter a name!"));
  19. $email = $link->real_escape_string(check_input($_POST['email'], "Please enter an email!"));
  20. $password = $link->real_escape_string(check_input($_POST['password'], "Please enter a password!"));
  21.  
  22. // generate a random salt for converting passwords into MD5
  23. $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
  24. $saltedPW =  $password . $salt;
  25. $hashedPW = sha1($saltedPW);
  26.  
  27. mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
  28. // select the db
  29. mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
  30.  
  31.  // our sql query
  32. $sql = "INSERT INTO admins (name, email, password, salt) VALUES ('$name', '$email', '$hashedPW', '$salt');";
  33.  
  34. //save the updated information to the database          
  35. mysqli_query($link, $sql) or die("Error in Query: " . mysqli_error($link));
  36.  
  37. if (!mysqli_error($link))
  38. {
  39.     header("Location: file_insert.php");
  40. }
  41.    
  42. function check_input($data, $problem='')
  43. {
  44. $data = trim($data);
  45. $data = stripslashes($data);
  46. $data = htmlspecialchars($data);
  47. if ($problem && strlen($data) == 0)
  48. {
  49.     die($problem);
  50. }
  51.     return $data;
  52. }
  53.  
  54. if(isset($_POST['submitLogin'])) { //form submitted?
  55.  
  56. // get form values, escape them and apply the check_input function
  57. $name = $link->real_escape_string(check_input($_POST['name'], "Please enter a name!"));
  58. $password = $link->real_escape_string(check_input($_POST['password'], "Please enter a password!"));
  59.  
  60. $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
  61.  
  62. $salt = mysqli_fetch_assoc($saltQuery);
  63. $saltedPW =  $password . $salt;
  64. $hashedPW = sha1($saltedPW);
  65.  
  66. mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
  67. // select the db
  68. mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
  69.  
  70. $validate_user = $link->query('SELECT id, name, password FROM admins WHERE name = "'.$name.'" AND password = "'.$hashedPW.'"');
  71.  
  72. if ($validate_user->num_rows == 1) {
  73.     $row = $validate_user->fetch_assoc();
  74.     $_SESSION['id'] = $row['id'];
  75.     $_SESSION['loggedin'] = TRUE;
  76.     Header('Location: file_insert.php');
  77. } else {
  78.     print "<center><p style='margin-top: 200px; font-weight: bold;'>Invalid Login Information</p>";
  79.     print "<a href='admin-login.php'>Click here</a> to return to the login page.</center>";
  80. }
  81. }
  82.    
  83. $saltedPW =  $password . $salt;
  84.    
  85. $saltedPW =  $password . $salt['salt'];
  86.    
  87. if(isset($_POST['submitLogin'])) { //form submitted?
  88.  
  89. // Here, you didn't connect to database, but you are expecting to fetch salt!
  90. $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
  91.  
  92. $salt = mysqli_fetch_assoc($saltQuery);
  93.    
  94. if(isset($_POST['submitLogin'])) { //form submitted?
  95.  
  96. mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
  97. // select the db
  98. mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
  99.  
  100. // Here, you didn't connect to database, but you are expecting to fetch salt!
  101. $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
  102.    
  103. if(isset($_POST['submitLogin'])) { //form submitted?
  104.  
  105. mysqli_connect($db_host, $db_user, $db_pass) OR DIE (mysqli_error());
  106. // select the db
  107. mysqli_select_db ($link, $db_name) OR DIE ("Unable to select db".mysqli_error($db_name));
  108.  
  109. // Here, you didn't connect to database, but you are expecting to fetch salt!
  110. $saltQuery = $link->query('SELECT salt FROM admins WHERE name = "'.$name.'"');
  111. $salt = mysqli_fetch_assoc($saltQuery);
  112. $saltedPW =  $password . $salt["salt"];
  113. $hashedPW = sha1($saltedPW);
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top