Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Levels:
- 0 - Admin
- 1 - Reviewer
- 2 - Regular User
- 3 - Banned
- */
- session_start();
- include("database.php");
- function IsLoggedIn($con) {
- global $con;
- if(isset($_SESSION["id"])) {
- $id = mysql_escape_string($_SESSION["id"]); // Added protection.
- $result = mysql_query("SELECT * FROM Sessions WHERE id=$id", $con);
- if ($result && ($_SERVER["REMOTE_ADDR"] === $result["IP"])) {
- return $result;
- }
- return false;
- }
- return false;
- }
- function Login($username, $password, $con) {
- global $con;
- $username = mysql_escape_string($username);
- $result = mysql_query("SELECT Salt, Password FROM Users WHERE Username='$username'", $con);
- if ($result) {
- if ($result["Password"] === (hash("sha512", $password + $result["Salt"]))) {
- return true;
- }
- }
- return false;
- }
- function GenerateSalt() {
- $salt = "";
- $points = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV0123456789.,%^&*()!~";
- $i = 0;
- for($i; $i <= 32; $i++) {
- $salt .= $points{mt_rand(0, 68)};
- }
- return $salt;
- }
- function Register($username, $password, $email, $con) {
- $ip = $_SERVER["REMOTE_ADDR"];
- $user_salt = GenerateSalt();
- $password = hash("sha512", $password + $user_salt);
- mysql_query("INSERT INTO Users(Username, Password, Level, Email, Salt, LastKnownIp) VALUES('$username', '$password', 2, '$email', '$user_salt', '$ip')", $con);
- }
- function RegisterSession($username, $con) {
- $id = microtime() + rand(0, 1000);
- $ip = $_SERVER["REMOTE_ADDR"];
- mysql_query("INSERT INTO Sessions(ID, IP, Username) VALUES('$id', '$ip', '$username')", $con);
- $_SESSION["id"] = $id;
- }
- function RegisterFailedLogin($con) {
- if (isset($_SESSION["id"])) {
- $id = microtime() + rand(0, 1000);
- $_SESSION["FID"] = $id;
- }
- $ip = $_SERVER["REMOTE_ADDR"];
- $ts = time();
- $result = mysql_query("SELECT * FROM FailedLogins WHERE IP='$ip'", $con);
- if ($result) {
- mysql_query("UPDATE FailedLogins SET AttemptNo=AttemptNo+1", $con);
- } else {
- mysql_query("INSERT INTO FailedLogins(ID, IP, TimeStamp, AttemptNo) VALUES('$id', '$ip', $ts, 1)", $con);
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement