API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 14th, 2017
140
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.65 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. /**
  3.  * Process.php
  4.  */
  5.  
  6. include("database.php");
  7.  /**
  8.  * POST variables from form - need to be sanitized.
  9.  */
  10.  
  11. if(isset($_POST["sublogin"] )) {
  12. $subuser = $_POST["username"];
  13. $subpassword = $_POST["password"];
  14. $sublogin = $_POST["sublogin"];
  15. }
  16.  
  17. if(isset($_POST["subregister"] )) {
  18.  
  19. $subuser = $_POST["username"];
  20. $subfirst = $_POST["firstname"];
  21. $subsurname = $_POST["surname"];
  22. $subpassword = $_POST["password"];
  23. $subregister = $_POST["subregister"];
  24.  
  25. }
  26.  
  27. /**
  28. * Check username function.
  29. */
  30.  
  31. function usernameTaken($username){
  32.     $q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'";
  33.     $result = mysql_query($q);
  34.     return (mysql_num_rows($result) > 0);
  35.     }
  36.    
  37.  
  38.  /**
  39.  * Check password function.
  40.  */
  41.  
  42.    function confirmUserPass($username, $password){
  43.  
  44.     /* Verify that user is in database */
  45.       $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
  46.       $result = mysql_query($q);
  47.       if(!$result || (mysql_numrows($result) < 1)){
  48.          return 1; //Indicates username failure
  49.       }  
  50.      
  51.       /* Retrieve password from result */
  52.       $dbarray = mysql_fetch_array($result);
  53.      
  54.      
  55.       /* Validate that password is correct */
  56.       if($password == $dbarray['password']){
  57.          return 0; //Success! Username and password confirmed
  58.       }
  59.       else{
  60.          return 2; //Indicates password failure
  61.       }
  62.    }
  63.      
  64. /**
  65.  * REGISTER - Username not in use
  66.  */
  67.   if (isset ($subregister)) {
  68. if (usernameTaken($subuser) == 0 ) {
  69.  
  70.     $q = mysql_query ("INSERT INTO information (username, firstname, surname, password) VALUES ('$subuser', '$subfirst', '$subsurname', '$subpassword')");  echo mysql_error();
  71.     $success = 1;
  72.     if ($success == 1) { echo "User ".$subuser." Added"; }
  73.     }
  74.  
  75. /**
  76.  * REGISTER - Username in use
  77.  */
  78. else if (usernameTaken($subuser)) {
  79.     echo "User ".$subuser." already exists, choose another username";
  80.     header('Refresh:3; URL= informationform.php');
  81.         }  
  82.         }
  83.  /**
  84.  * LOGIN - this is not secure
  85.  */
  86.  
  87.  if ($sublogin == 1) {
  88.       $result = confirmUserPass($subuser, $subpassword);
  89.     //echo $result;
  90.      
  91.       /* Check error codes */
  92.       if($result == 1){
  93.     // username not found
  94.     echo "Username Not Found";
  95.     header('Refresh:3; URL= login.html');
  96.     }
  97.       else if($result == 2){
  98.     // password incorrect
  99.     echo "Password Incorrect";
  100.     header('Refresh:3; URL= login.html');
  101.     }
  102.       else if($result == 0){
  103.     // password and user correct, forward to members page
  104.     echo "Logged In";
  105.     header('Refresh:3; URL= display_users.php');
  106.       }
  107.  }
  108.        
  109. ?>
  110.  
  111.  
  112. <a href="display_users.php">Show Users</a><br / >
  113. <a href="register.php">Add a new user</a>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!