SHARE
TWEET

Untitled

a guest Oct 23rd, 2017 103 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. session_start();
  4.  
  5. // To log into the database
  6. $dbuser = "t2015t16";
  7. $dbpass = "7Badeore";
  8.  
  9. // For creating/using database
  10. $dbname = "t2015t16";
  11. $serverLoc = "homepages.cs.ncl.ac.uk:3306";
  12. // Connect to database with these parameters
  13. // If fail, display message
  14. $connect = mysql_connect("homepages.cs.ncl.ac.uk", $dbuser, $dbpass) or die("Connection to database failed");
  15. // Use database with name $dbname if fail display message.
  16. // period ( . ) is used for string concatenation(spelling?)
  17. mysql_select_db($dbname, $connect) or die($dbname . " database not found " . $dbuser);
  18.  
  19. @$username="$_POST[userName]";
  20. @$password="$_POST[userPassword]";
  21.  
  22.  
  23. $sql = '
  24.    SELECT
  25.        U.userPassword
  26.    FROM cf_users U
  27.        WHERE U.userName = "' . mysql_real_escape_string($username) . '"
  28.    LIMIT 1
  29.    ;';
  30.  
  31. $r = mysql_fetch_assoc(mysql_query($sql));
  32.  
  33. $sql = '
  34.    SELECT
  35.        U.userSalt
  36.    FROM cf_users U
  37.        WHERE U.userName = "' . mysql_real_escape_string($username) . '"
  38.    LIMIT 1
  39.    ;';
  40.  
  41. $r2 = mysql_fetch_assoc(mysql_query($sql));
  42.  
  43. // Get salt
  44. $salt = $r2['userSalt'];
  45.  
  46. $hash = $salt . $password; //Passwords are stored as a salt appended to the hash of the users password (it is hashed clientside before being sent, so no hashing of password is done here)
  47.  
  48. // Hash the password as we did before
  49. $hash = hash('sha256', $hash);
  50.  
  51.  
  52. if ( $hash == $r['userPassword'] )
  53. {
  54.     $_SESSION["username"]=$username;
  55.     $sql = '
  56.    SELECT
  57.        U.userID, U.departmentID, U.position, U.accessLevel
  58.    FROM cf_users U
  59.        WHERE U.userName = "' . mysql_real_escape_string($username) . '"
  60.    LIMIT 1
  61.    ;';
  62.     $r2 = mysql_fetch_assoc(mysql_query($sql));
  63.     echo "userID=$r2[userID]&departmentID=$r2[departmentID]&position=$r2[position]&accessLevel=$r2[accessLevel]&sid=".session_id()."&questionnaireComp=".questionnaireCompleted();
  64. } else
  65. {
  66.     echo "INVALID_LOGIN";
  67. }
  68.  
  69.  
  70. mysql_close($connect);
  71.  
  72. function questionnaireCompleted()
  73. {
  74.     $sql = '
  75.    SELECT
  76.        U.postCode
  77.    FROM cf_users U
  78.        WHERE U.userName = "' . mysql_real_escape_string($_POST['userName']) . '"
  79.    LIMIT 1
  80.    ;';
  81.     $r1 = mysql_fetch_assoc(mysql_query($sql));
  82.    
  83.     if($r1['postCode']=="")
  84.     {
  85.         return "false";
  86.     } else
  87.     {
  88.         return "true";
  89.     }
  90. }
  91. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top