Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Users {
- public $username = null;
- public $password = null;
- public $salt = "secret"; //thats working. i just do not want you to see my salt
- public function __construct( $data = array() ) {
- if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] )
- );
- if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] )
- );
- }
- public function storeFormValues( $params ) {
- //store the parameters
- $this->__construct( $params );
- }
- public function userLogin() {
- $success = false;
- try{
- $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
- $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
- //$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT
- 1";
- //mysql_query("SELECT * FROM users WHERE username={$_SESSION['username']} LIMIT 1");
- $mysql_link = mysql_connect("localhost","root","password") or die(mysql_error());
- mysql_select_db("secretdb") or die(mysql_error());
- echo "t";
- $check = mysql_query("SELECT * FROM users WHERE Username = '" . mysql_real_escape_string($_SESSION['Password'])
- . "' AND Username <> '" . mysql_real_escape_string($_SESSION['Username']) . "'") or die(mysql_error());
- $stmt = $con->prepare( $check );
- $stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
- $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt),
- PDO::PARAM_STR );
- $stmt->execute();
- $valid = $stmt->fetchColumn();
- if( $valid ) {
- $success = true;
- echo "validated";
- }
- $con = null;
- return $success;
- }catch (PDOException $e) {
- echo $e->getMessage();
- return $success;
- }
- }
- public function register() {
- $correct = false;
- try {
- $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
- $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
- $sql = "INSERT INTO users(username, password) VALUES(:username, :password)";
- $stmt = $con->prepare( $sql );
- $stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
- $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt),
- PDO::PARAM_STR );
- $stmt->execute();
- return "Registration Successful <br/> <a href='btcplay.me/beta/login'>Login
- Now</a>";
- }catch( PDOException $e ) {
- return $e->getMessage();
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement