require("common.php"); $protect_php = '';if(!empty($_POST)) { // Ensure

1. require("common.php");
2. $protect_php = '';
3. if(!empty($_POST))
4. {
5. // Ensure that the user has entered a non-empty username
6. if(empty($_POST['username']))
7. {
8. die("Please enter a username.");
9. }
10.  
11. // Ensure that the user has entered a non-empty password
12. if(empty($_POST['password']))
13. {
14. die("Please enter a password.");
15. }
16.  
17. if(empty($_POST['email']))
18. {
19. die("Invalid E-Mail Address");
20. }
21.  
22. $query = "
23. SELECT
24. 1
25. FROM users
26. WHERE
27. username = :username
28. ";
29.  
30. $query_params = array(
31. ':username' => $_POST['username']
32. );
33.  
34. try
35. {
36. // These two statements run the query against your database table.
37. $stmt = $db->prepare($query);
38. $result = $stmt->execute($query_params);
39. }
40. catch(PDOException $ex)
41. {
42. // Note: On a production website, you should not output $ex->getMessage().
43. // It may provide an attacker with helpful information about your code.
44. die("Failed to run query: " . $ex->getMessage());
45. }
46.  
47. // The fetch() method returns an array representing the "next" row from
48. // the selected results, or false if there are no more rows to fetch.
49. $row = $stmt->fetch();
50.  
51. // If a row was returned, then we know a matching username was found in
52. // the database already and we should not allow the user to continue.
53. if($row)
54. {
55. $resultArray = array();
56. $resultArray["text"] = "This username is already in use";
57. $resultJSON = json_encode($resultArray);
58. die($resultJSON);
59.  
60. }
61.  
62. // Now we perform the same type of check for the email address, in order
63. // to ensure that it is unique.
64. $query = "
65. SELECT
66. 1
67. FROM users
68. WHERE
69. email = :email
70. ";
71.  
72. $query_params = array(
73. ':email' => $_POST['email']
74. );
75.  
76. try
77. {
78. $stmt = $db->prepare($query);
79. $result = $stmt->execute($query_params);
80. }
81. catch(PDOException $ex)
82. {
83. die("Failed to run query: " . $ex->getMessage());
84. }
85.  
86. $row = $stmt->fetch();
87.  
88. if($row)
89. {
90. $resultArray = array();
91. $resultArray["text"] = "This email address is already registered";
92. $resultJSON = json_encode($resultArray);
93. die($resultJSON);
94. }
95.  
96. // An INSERT query is used to add new rows to a database table.
97. // Again, we are using special tokens (technically called parameters) to
98. // protect against SQL injection attacks.
99. $query = "
100. INSERT INTO users (
101. username,
102. password,
103. salt,
104. email
105. ) VALUES (
106. :username,
107. :password,
108. :salt,
109. :email
110. )
111. ";
112.  
113. // A salt is randomly generated here to protect again brute force attacks
114. // and rainbow table attacks. The following statement generates a hex
115. // representation of an 8 byte salt. Representing this in hex provides
116. // no additional security, but makes it easier for humans to read.
117. // For more information:
118. // http://en.wikipedia.org/wiki/Salt_%28cryptography%29
119. // http://en.wikipedia.org/wiki/Brute-force_attack
120. // http://en.wikipedia.org/wiki/Rainbow_table
121. $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
122.  
123. // This hashes the password with the salt so that it can be stored securely
124. // in your database. The output of this next statement is a 64 byte hex
125. // string representing the 32 byte sha256 hash of the password. The original
126. // password cannot be recovered from the hash. For more information:
127. // http://en.wikipedia.org/wiki/Cryptographic_hash_function
128.  
129.  
130. $password = password_hash($password, PASSWORD_BCRYPT);
131.  
132. // Here we prepare our tokens for insertion into the SQL query. We do not
133. // store the original password; only the hashed version of it. We do store
134. // the salt (in its plaintext form; this is not a security risk).
135. $query_params = array(
136. ':username' => $_POST['username'],
137. ':password' => $password,
138. ':salt' => $salt,
139. ':email' => $_POST['email']
140. );
141.  
142. try
143. {
144. // Execute the query to create the user
145. $stmt = $db->prepare($query);
146. $result = $stmt->execute($query_params);
147. $resultArray = array();
148. $resultArray["text"] = "Go to Login";
149. $resultArray["protectkey"] = $protect_php;
150. $resultJSON = json_encode($resultArray);
151. // This redirects the user back to the login page after they register
152. die($resultJSON);
153. }
154. catch(PDOException $ex)
155. {
156. // Note: On a production website, you should not output $ex->getMessage().
157. // It may provide an attacker with helpful information about your code.
158. die("Failed to run query: " . $ex->getMessage());
159. }
160.  
161. }
162.  
163. <?php
164.  
165.  
166. require("common.php");
167. $submitted_username = '';
168. $protect_php = '';
169. if(!empty($_POST))
170. {
171. $query = "
172. SELECT
173. id,
174. username,
175. password,
176. salt,
177. email
178. FROM users
179. WHERE
180. username = :username
181. ";
182.  
183. // The parameter values
184. $query_params = array(
185. ':username' => $_POST['username']
186. );
187.  
188. try
189. {
190. // Execute the query against the database
191. $stmt = $db->prepare($query);
192. $result = $stmt->execute($query_params);
193. }
194. catch(PDOException $ex)
195. {
196. $resultArray = array();
197. $resultArray["text"] = "Failed to run query: " . $ex->getMessage();
198. $resultJSON = json_encode($resultArray);
199. die($resultJSON);
200.  
201. }
202.  
203.  
204. $login_ok = false;
205. $row = $stmt->fetch();
206. if($row)
207. {
208.  
209. $algo = substr($row['password'], 0, 4); // $2y$ == BLOWFISH
210. $cost = substr($row['password'], 4, 2);
211. $salt = substr($row['password'], 7, 22);
212. $result = password_verify($_POST['password'],substr($row['password'],0,60));
213. $success = ($result) ? 'True': 'False';
214. if($success == 'True')
215. {
216. // If they do, then we flip this to true
217. $login_ok = true;
218. }
219. }
220.  
221. if($login_ok)
222. {
223.  
224.  
225. unset($row['salt']);
226. unset($row['password']);
227. $_SESSION['user'] = $row;
228. $resultArray = array();
229. $resultArray["text"] = "Password Correct";
230. $user_id_present = $_POST['username'] ;
231. $query_score = "SELECT MAX(score) AS HighScore FROM user_scores WHERE user_id = :user_id";
232. // The parameter values
233. $query_params = array(
234. ':user_id' => $_POST['username'] );
235. try
236. {
237. $stmt_score = $db->prepare($query_score);
238. $result = $stmt_score->execute($query_params);
239. $row_score = $stmt_score->fetch();
240. $resultArray["score"] = $row_score['HighScore'];
241. }
242. catch(PDOException $ex)
243. {
244. $resultArray["score"] = "";
245.  
246. }
247.  
248. $resultArray["protectkey"] = $protect_php;
249.  
250. $resultJSON = json_encode($resultArray);
251. // This redirects the user back to the login page after they register
252. die($resultJSON);
253. //die("Password Correct");
254. }
255. else
256. {
257. // Tell the user they failed
258.  
259. $resultArray = array();
260. $resultArray["text"] = password_verify($_POST['password'],substr($row['password'],0,60));
261. $resultJSON = json_encode($resultArray);
262. die($resultJSON);
263. $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
264. }
265. }