API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 11th, 2018
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.28 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if(isset($_POST['register'])) {
  3. // cek jika filed kosong langsung exit
  4. if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
  5. echo "filed tidak boleh kosong!";
  6. exit();
  7. }
  8. $query = "SELECT * FROM users WHERE username=:username";
  9. // query_params di array buat ngatasi sql injeksi
  10. $query_params = array(':username' => $_POST['username']);
  11. try {
  12. // mecoba eksekusi SQL dan garap database
  13. $stmt = $db->prepare($query);
  14. $result = $stmt->execute($query_params);
  15. } catch (PDOException $er) {
  16. // jika gagal matikan program
  17. die("Failed to run query");
  18. }
  19. // fetch data ke pada row
  20. $row = $stmt->fetch();
  21. // cek jika row ada langsung exit
  22. if ($row) {
  23. echo "username sudah di pakai";
  24. exit();
  25. }
  26.  
  27.  
  28. // cek apakah post email berformat email
  29. if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
  30. echo "bukan format email";
  31. exit();
  32. }
  33. $query = "SELECT * FROM users WHERE email=:email";
  34. $query_params = array(':email' => $_POST['email']);
  35. try {
  36. $stmt = $db->prepare($query);
  37. $result = $stmt->execute($query_params);
  38. } catch (PDOException $er) {
  39. die("Failed to run query");
  40. }
  41. $row = $stmt->fetch();
  42. if ($row) {
  43. echo "email sudah di pakai";
  44. exit();
  45. }
  46.  
  47.  
  48. // salt untuk scure password dengan type 8 byte
  49. $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
  50. // hash password + salt tadi dengan bentu sha256 32 byte
  51. $password = hash('sha256', $_POST['password'] . $salt);
  52. //kita looping lagi sebanyak 65536 kali biar nagis si attacks, nested loop ?
  53. for ($round=0; $round < 65536; $round++) {
  54. $password = hash('sha256', $password . $salt);
  55. }
  56.  
  57.  
  58. // jika semua OK masukan ke database
  59. $query = "INSERT INTO users (username, password, salt, email) VALUES (:username, :password, :salt, :email)";
  60. $query_params = array(
  61. ':username' => $_POST['username'],
  62. ':password' => $password,
  63. ':salt' => $salt,
  64. ':email' => $_POST['email'],
  65. );
  66. try {
  67. $stmt = $db->prepare($query);
  68. $result = $stmt->execute($query_params);
  69. } catch (PDOException $er) {
  70. die("Failed to run query");
  71. }
  72. print "<script>window.location.href = '../login';</script>";
  73. die("Redirecting...");
  74. }
  75. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!