Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // database info
- $dbhost = 'localhost';
- $dbname = 'test';
- $dbuser = 'test';
- $dbpass = 'zyuZtKnnzwKejQqw';
- // data sanitization
- function sanitize($data)
- {
- // remove whitespaces (not a must though)
- $data = @trim($data);
- // apply stripslashes if magic_quotes_gpc is enabled
- if(@get_magic_quotes_gpc())
- $data = @stripslashes($data);
- // a mySQL connection is required before using this function
- $data = @mysql_real_escape_string($data);
- return $data;
- }
- //creates a 3 character sequence
- function createSalt()
- {
- $string = @md5(uniqid(rand(), true));
- return @substr($string, 0, 3);
- }
- //retrieve our data from POST
- $username = $_POST['username'];
- $pass1 = $_POST['pwd1'];
- $pass2 = $_POST['pwd2'];
- if( $pass1 != $pass2 )
- @header('Location: login.php');
- if( @strlen($username) > 8 )
- @header('Location: login.php');
- if( @strlen($username) < 6 )
- @header('Location: login.php');
- $hash = @sha1($pass1);
- $salt = createSalt();
- $hash = @sha1($salt . $hash); // salt hash
- // connect to the database
- $conn = @mysql_connect($dbhost, $dbuser, $dbpass);
- @mysql_select_db($dbname, $conn);
- // sanitize username
- $username = @substr($username, 0, 8);
- $username = sanitize($username);
- $query = "
- INSERT INTO `managers` (
- sec_usr, sec_pwd, salt )
- VALUES (
- '$username' , '$hash' , '$salt' );";
- @mysql_query($query);
- @mysql_close();
- @header('Location: login.php');
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement