API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 2nd, 2017
511
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.94 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(E_ALL); //DEBUG ONLY
  3. ob_start();
  4. session_start();
  5. require_once 'settings.php';
  6.  
  7. function toKey($length = 6) {
  8. $characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  9. $charactersLength = strlen($characters);
  10. $addToKey = '';
  11. for ($i = 0; $i < $length; $i++) {
  12. $addToKey .= $characters[rand(0, $charactersLength - 1)];
  13. }
  14. return $addToKey;
  15. }
  16. function generateKey() {
  17. for ($i = 0; $i < 6; $i++) {
  18. if ($i == 5) {
  19. $key .= toKey();
  20. } else {
  21. $key .= toKey() . '-';
  22. }
  23. }
  24. }
  25. if ( isset($_POST['createKey']) ) {
  26. $keyHash = hash('sha512', $key);
  27. $sqlStmt = $pdo->prepare("INSERT INTO pkeys(pkey, username) VALUES(:pkey, :username)");
  28. $stmt->bindParam(':pkey', $keyHash);
  29. $stmt->bindParam(':username', $_SESSION['user']);
  30. if ($sqlStmt->execute()) {
  31. $MSG = "Key: " .$key;
  32. unset($key);
  33. } else {
  34. $MSG = "Error";
  35. }
  36. }
  37.  
  38. if ( isset($_POST['loginKey']) ) {
  39. $keyHash = hash('sha512', htmlspecialchars(strip_tags(trim($_POST['loginFieldKey']))));
  40.  
  41. $sqlStmt = $pdo->prepare('SELECT id, pkey, keyStatus FROM pkeys WHERE pkey = :pkey');
  42. $sqlStmt->execute(array(':pkey' => $keyHash));
  43. $sqlResult = $sqlStmt->fetchAll(\PDO::FETCH_ASSOC);
  44. if (!empty($sqlResult)) {
  45. foreach($sqlResult as $row) {
  46. if ($row['pkey'] == $keyHash) {
  47. if( $row['keyStatus'] != 1) {
  48. $MSG = "Key already used!";
  49. echo "Key not valid";
  50. ?>
  51. <script type="text/javascript">
  52. $('#loginMask').modal('show');
  53. </script>
  54. <?php
  55. } else {
  56. $sqlStmt = $pdo->prepare("UPDATE pkeys SET keyStatus=0, keyUsed=:currentTimestamp WHERE id = :id");
  57. $sqlStmt->execute(array(':currentTimestamp' => date('Y-m-d G:i:s'),':id' => $row['id']));
  58. $_SESSION['loginMethod'] = 'key';
  59. ?>
  60. <script type="text/javascript">
  61. $('#loginMask').modal('hide');
  62. </script>
  63. <?php
  64. }
  65. }
  66. }
  67. } else {
  68. $MSG = "Key not found!";
  69. //echo '<script type="text/javascript">$(\'#loginMask\').modal(\'show\')</script>';
  70. }
  71. unset($sqlResult);
  72. unset($sqlStmt);
  73. }
  74.  
  75. if ( isset($_POST['loginUser']) ) {
  76. $username = htmlspecialchars(strip_tags(trim($_POST['loginFieldUsername'])));
  77. $password = hash('sha512', htmlspecialchars(strip_tags(trim($_POST['loginFieldPasswd']))));
  78.  
  79. $stmt = $pdo->prepare('SELECT id, username, passwd FROM login WHERE username = :username');
  80. $stmt->bindParam(':username', $username);
  81. $stmt->execute();
  82. $sqlResult = $stmt->fetchAll(\PDO::FETCH_ASSOC);
  83. if (!empty($sqlResult)) {
  84. foreach($sqlResult as $row) {
  85. if ($row['passwd'] == $password) {
  86. if( $row['status'] == 1) {
  87. $MSG = "Bitte verifizieren sie zuerst ihre E-Mail.";
  88. } else {
  89. $_SESSION['user'] = $username;
  90. header("Location: index.php");
  91. }
  92. } else {
  93. $MSG = "Wrong credentials!";
  94. }
  95. }
  96. }
  97. unset($sqlResult);
  98. unset($stmt);
  99. }
  100.  
  101. if ( isset($_POST['register']) ) {
  102. if (! isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
  103. $ipAddr = $_SERVER['REMOTE_ADDR'];
  104. } else {
  105. $ipAddr = $_SERVER['HTTP_X_FORWARDED_FOR'];
  106. }
  107. $username = htmlspecialchars(strip_tags(trim($_POST['registerFieldUser'])));
  108. $email = htmlspecialchars(strip_tags(trim($_POST['registerFieldEmail'])));
  109. $password = hash('sha512', htmlspecialchars(strip_tags(trim($_POST['registerFieldPasswd']))));
  110. if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){
  111. $MSG = "Ungültige E-Mail Adresse!";
  112. } else {
  113. $characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  114. $charactersLength = strlen($characters);
  115. $verficationHash = '';
  116. for ($i = 0; $i < 8; $i++) {
  117. $verficationHash .= $characters[rand(0, $charactersLength - 1)];
  118. }
  119. $stmt = $pdo->prepare("INSERT INTO login(username,email,passwd,verificationHash) VALUES(:username,:email,:password,:verificationHash)");
  120. $stmt->bindParam(':username', $username);
  121. $stmt->bindParam(':email', $email);
  122. $stmt->bindParam(':password', $password);
  123. $stmt->bindParam(':verificationHash', $verficationHash);
  124. if ($stmt->execute()) {
  125. $message = '
  126. Hallo '.$username.',
  127. Ihr Account wurde erstellt, er wird aktiviert nachdem sie den untenstehenden Link gedrückt haben.
  128. Die Registrierung kam von der IP Adresse: '.$ipAddr.'
  129.  
  130. Bitte klicken sie auf den Link, um ihren Account zu aktivieren
  131. http://chirpa.de/verify.php?email='.$email.'&hash='.$verficationHash.'
  132. ';
  133. if ( mail($email, 'Chirpa Verification E-Mail', $message, 'From:noreply@chirpa.de' . "\r\n") ) {
  134. $MSG = "Die Registrierung war erfolgreich, eine E-Mail wurde zur Verifizierung der E-Mail Adresse an sie geschickt.";
  135. unset($username);
  136. unset($email);
  137. unset($password);
  138. } else {
  139. $MSG = "Die E-Mail konnte nicht gesendet werden.";
  140. }
  141. } else {
  142. $MSG = "Es ist ein Fehler aufgetreten, bitte versuchen sie es später erneut.";
  143. }
  144. unset($stmt);
  145. }
  146. }
  147. ?>
  148. <html>
  149.  
  150. <head>
  151. <title>Herzlich Willkommen</title>
  152. <meta charset="utf-8" />
  153. <meta name="viewport" content="width=device-width, initial-scale=1" />
  154. <link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
  155. <link rel="stylesheet" href="assets/css/main.css" type="text/css" />
  156. <script src="assets/js/jquery.min.js"></script>
  157. <script src="assets/js/jquery.scrolly.min.js"></script>
  158. <script src="assets/js/jquery.dropotron.min.js"></script>
  159. <script src="assets/js/bootstrap.min.js"></script>
  160. <script src='https://www.google.com/recaptcha/api.js'></script>
  161. </head>
  162. <body>
  163. <nav class="navbar navbar-default">
  164. <div class="container-fluid">
  165. <!-- Brand and toggle get grouped for better mobile display -->
  166. <div class="navbar-header">
  167. <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
  168. <span class="sr-only">Toggle navigation</span>
  169. <span class="icon-bar"></span>
  170. <span class="icon-bar"></span>
  171. <span class="icon-bar"></span>
  172. </button>
  173. <a class="navbar-brand" href="index.php">Herzlich Willkommen</a>
  174. </div>
  175.  
  176. <!-- Services Menu -->
  177. <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
  178. <ul class="nav navbar-nav">
  179. <li class="dropdown">
  180. <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Services <span class="caret"></span></a>
  181. <ul class="dropdown-menu">
  182. <li><a href="https://chirpa.de/owncloud">ownCloud</a></li>
  183. <li role="separator" class="divider"></li>
  184. <li><a href="https://chirpa.de:8888">GitLab</a></li>
  185. <li role="separator" class="divider"></li>
  186. <li><a href="https://chirpa.de/dokuwiki">Dokuwiki</a></li>
  187. <li role="separator" class="divider"></li>
  188. <li><a href="ts3server://chirpa.de?port=9987">Connect to TeamSpeak 3 Server</a></li>
  189. <?php if( isset($_SESSION['user'])!="" ) : ?>
  190. <li role="separator" class="divider"></li>
  191. <li><a data-toggle="modal" href="#generateKeyMask">Generate a new Key</a></li>
  192. <?php endif; ?>
  193. </ul>
  194. <li>
  195. </li>
  196.  
  197. <!--Project Menu-->
  198.  
  199. <li class="dropdown">
  200. <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Projects <span class="caret"></span></a>
  201. <ul class="dropdown-menu">
  202. <li><a href="https://chirpa.de/patchliste.html">Patchliste</a></li>
  203. <!--<li role="separator" class="divider"></li>-->
  204. </ul>
  205. <li>
  206. </li>
  207.  
  208. <!--Administrative Menu-->
  209.  
  210. <?php if( isset($_SESSION['user'])!="" || isset($_SESSION['loginMethod'])=="key" ) : ?>
  211. <li class="dropdown">
  212. <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Administration <span class="caret"></span></a>
  213. <ul class="dropdown-menu">
  214. <li><a href="https://chirpa.de/phpmyadmin">PHPmyAdmin</a></li>
  215. <li role="separator" class="divider"></li>
  216. <li><a href="https://chirpa.de/ts3webinterface">TeamSpeak 3 Webinterface</a></li>
  217. </ul>
  218. </li>
  219. <?php endif; ?>
  220. </ul>
  221.  
  222. <!--Login/Logout/Register buttons on the right side.-->
  223.  
  224. <ul class="nav navbar-nav navbar-right">
  225. <?php if( isset($_SESSION['user'])!="" ) : ?>
  226. <li><a href="logout.php?logout"> Logout</a></li>
  227. <?php else : ?>
  228. <?php if(isset($_SESSION['loginMethod'])=="key") : ?>
  229. <li><a data-toggle="modal" href="#registerMask"> Register</a></li>
  230. <li><a href="logout.php?logout"> Logout</a></li>
  231. <?php else :?>
  232. <li><a data-toggle="modal" href="#loginMask">Login</a></li>
  233. <?php endif; ?>
  234. <?php endif; ?>
  235. </ul>
  236. </div>
  237. </div>
  238. </nav>
  239.  
  240. <!--Login Mask-->
  241. <div class="modal fade" id="loginMask" tabindex="-1" role="dialog">
  242. <div class="modal-dialog" role="document">
  243. <div class="modal-content">
  244. <div class="modal-header">
  245. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
  246. <h4 class="modal-title">Login</h4>
  247. </div>
  248. <form method="post" autocomplete="off">
  249. <div class="modal-body">
  250. <div id="login-form">
  251. <div class="col-md-12">
  252. <?php
  253. if ( isset($MSG) ) {
  254. ?>
  255. <div class="form-group">
  256. <div class="alert alert-danger">
  257. <?php echo $MSG; ?>
  258. </div>
  259. </div>
  260. <?php
  261. }
  262. ?>
  263. <div class="form-group">
  264. <div class="input-group">
  265. <span class="input-group-addon" class="glyphicon glyphicon-lock"></span>
  266. <input type="text" name="loginFieldKey" class="form-control" placeholder="Key" />
  267. </div>
  268. </div>
  269. <div class="form-group">
  270. <div class="input-group">
  271. <span class="input-group-addon" class="glyphicon glyphicon-user"></span>
  272. <input type="text" name="loginFieldUser" class="form-control" placeholder="Username" />
  273. </div>
  274. </div>
  275. <div class="form-group">
  276. <div class="input-group">
  277. <span class="input-group-addon" class="glyphicon glyphicon-lock"></span>
  278. <input type="password" name="loginFieldPasswd" class="form-control" placeholder="Password" />
  279. </div>
  280. </div>
  281. </div>
  282. </div>
  283. </div>
  284. <div class="modal-footer">
  285. <div id="login-form">
  286. <div class="form-group">
  287. <button type="submit" class="btn btn-block btn-primary" name="loginKey">Use key</button>
  288. <button type="submit" class="btn btn-block btn-primary" name="loginUser">Use credentials</button>
  289. </div>
  290. </div>
  291. </div>
  292. </form>
  293. </div>
  294. </div>
  295. </div>
  296.  
  297. <!--Register Mask-->
  298. <div class="modal fade" id="registerMask" tabindex="-1" role="dialog">
  299. <div class="modal-dialog" role="document">
  300. <div class="modal-content">
  301. <div class="modal-header">
  302. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
  303. <h4 class="modal-title">Register</h4>
  304. </div>
  305. <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
  306. <div class="modal-body">
  307. <div id="login-form">
  308. <div class="col-md-12">
  309. <?php
  310. if ( isset($errMSG) ) {
  311. ?>
  312. <div class="form-group">
  313. <div class="alert alert-success">
  314. <span class="glyphicon glyphicon-info-sign"></span> <?php echo $MSG; ?>
  315. </div>
  316. </div>
  317. <?php
  318. }
  319. ?>
  320. <div class="form-group">
  321. <div class="input-group">
  322. <span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
  323. <input type="text" name="registerFieldUser" class="form-control" placeholder="Username" required />
  324. </div>
  325. </div>
  326. <div class="form-group">
  327. <div class="input-group">
  328. <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
  329. <input type="email" name="registerFieldEmail" class="form-control" placeholder="E-Mail" maxlength="40" required />
  330. </div>
  331. </div>
  332. <div class="form-group">
  333. <div class="input-group">
  334. <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
  335. <input type="password" name="registerFieldPasswd" class="form-control" placeholder="Password" maxlength="30" required />
  336. </div>
  337. </div>
  338. </div>
  339. </div>
  340. </div>
  341. <div class="modal-footer">
  342. <div id="login-form">
  343. <div class="form-group">
  344. <button type="submit" class="btn btn-block btn-primary" data-sitekey="6LcLEhsUAAAAAEmGkaQMHepzeJUv3lLhh49xfnMl" name="register">Register</button>
  345. </div>
  346. </div>
  347. </div>
  348. </form>
  349. </div>
  350. </div>
  351. </div>
  352.  
  353. <!--Generate a new Key Mask-->
  354. <div class="modal fade" id="generateKeyMask" tabindex="-1" role="dialog">
  355. <div class="modal-dialog" role="document">
  356. <div class="modal-content">
  357. <div class="modal-header">
  358. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
  359. <h4 class="modal-title">Generate a new key</h4>
  360. </div>
  361. <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
  362. <div class="modal-body">
  363. <div id="login-form">
  364. <div class="col-md-12">
  365. <?php
  366. if ( isset($MSG) ) {
  367. ?>
  368. <div class="form-group">
  369. <div class="alert alert-success">
  370. <?php echo $MSG; ?>
  371. </div>
  372. </div>
  373. <?php
  374. }
  375. ?>
  376. </div>
  377. </div>
  378. </div>
  379. <div class="modal-footer">
  380. <div class="form-group">
  381. <button type="submit" class="btn btn-block btn-primary" name="createKey">Create a new key</button>
  382. </div>
  383. </div>
  384. </form>
  385. </div>
  386. </div>
  387. </div>
  388.  
  389. </body>
  390. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!