API tools faq
paste
Guest User

Untitled

a guest
Oct 14th, 2018
110
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.46 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. // CONNECTIONS =========================================================
  3. $host = "localhost"; //put your host here
  4. $user = "myuser"; //in general is root
  5. $password = "mypassword"; //use your password here
  6. $dbname = "mydatabase"; //your database
  7. mysql_connect($host, $user, $password) or die("Cant connect into database");
  8. mysql_select_db($dbname)or die("Cant connect into database");
  9. // =============================================================================
  10. // PROTECT AGAINST SQL INJECTION and CONVERT PASSWORD INTO MD5 formats
  11. function anti_injection_login_senha($sql, $formUse = true)
  12. {
  13. $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
  14. $sql = trim($sql);
  15. $sql = strip_tags($sql);
  16. if(!$formUse || !get_magic_quotes_gpc())
  17.   $sql = addslashes($sql);
  18.   $sql = md5(trim($sql));
  19. return $sql;
  20. }
  21. // THIS ONE IS JUST FOR THE NICKNAME PROTECTION AGAINST SQL INJECTION
  22. function anti_injection_login($sql, $formUse = true)
  23. {
  24. $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
  25. $sql = trim($sql);
  26. $sql = strip_tags($sql);
  27. if(!$formUse || !get_magic_quotes_gpc())
  28.   $sql = addslashes($sql);
  29. return $sql;
  30. }
  31. // =============================================================================
  32. $unityHash = anti_injection_login($_POST["myform_hash"]);
  33. $phpHash = "hashcode"; // same code in here as in your Unity game
  34.  
  35. $nick = anti_injection_login($_POST["myform_nick"]); //I use that function to protect against SQL injection
  36. $pass = anti_injection_login_senha($_POST["myform_pass"]);
  37. /*
  38. you can also use this:
  39. $nick = $_POST["myform_nick"];
  40. $pass = $_POST["myform_pass"];
  41. */
  42. if(!$nick || !$pass) {
  43.     echo "Login or password cant be empty.";
  44. } else {
  45.     if ($unityHash != $phpHash){
  46.         echo "HASH code is diferent from your game, you infidel.";
  47.     } else {
  48.         $SQL = "SELECT * FROM scores WHERE name = '" . $nick . "'";
  49.         $result_id = @mysql_query($SQL) or die("DATABASE ERROR!");
  50.         $total = mysql_num_rows($result_id);
  51.         if($total) {
  52.             $datas = @mysql_fetch_array($result_id);
  53.             if(!strcmp($pass, $datas["password"])) {
  54.                 echo "LOGADO - PASSWORD CORRECT";
  55.             } else {
  56.                 echo "Nick or password is wrong.";
  57.             }
  58.         } else {
  59.             echo "Data invalid - cant find name.";
  60.         }
  61.     }
  62. }
  63.  
  64. // Close mySQL Connection
  65. mysql_close();
  66. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!