Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start ();
- include('INCLUDES/Config.php');
- function shitChecker($str)
- {
- $var = preg_match('/[^a-zA-Z]/', $str);
- return $var;
- }
- function shitCheckerNum($str)
- {
- $var = preg_match('/[^a-zA-Z0-9]/', $str);
- return $var;
- }
- if(isset($_POST['submit']))
- {
- //Get all the user inputs
- $account = $_POST['account'];
- $password = $_POST['password'];
- $con = mysql_connect($Con.":".$aPort, $U, $P) or die(mysql_error());
- mysql_select_db($DB) or die(mysql_error());
- //Remove bullshit from the user inputs(Sorta pointless as i use regex in a second...
- $account = mysql_real_escape_string(html_entity_decode(htmlentities($account)));
- $password = mysql_real_escape_string(html_entity_decode(htmlentities($passwordOld)));
- //Die if account contains non-alphanumeric characters
- if(shitCheckerNum($account) == 1)
- {
- die("Accountname enthält ungültige Buchstaben!");
- }
- //Die if old password contains non-alphanumeric characters
- elseif(shitCheckerNum($passwordOld) == 1)
- {
- die("Passwort enthält ungültige Buchstaben!");
- }
- //If no rows, means invalid user/pass, die.
- if($numrows == 0)
- {
- die("Falscher Accountname oder falsches Passwort!");
- }
- if (mysql_num_rows ($result) > 0)
- {
- // Benutzerdaten in ein Array auslesen.
- $data = mysql_fetch_array ($result);
- // Sessionvariablen erstellen und registrieren
- $_SESSION["user_id"] = $data["Id"];
- header ("Location: index2.php");
- }
- else
- {
- header ("Location: index.php?fehler=1");
- }
- $ppasswort = $_POST["password"];
- $user = strtoupper($account);
- $pwold = strtoupper($ppasswort);
- $shapwold = sha1($user.":".$pwold);
- $query = "SELECT id FROM account WHERE username = '".$account."' AND sha_pass_hash = '".$shapwold."'";
- $result = mysql_query($query) or die(mysql_error());
- $numrows = mysql_num_rows($result);
- echo "</td></tr>";
- //close mysql connection
- mysql_close();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement