API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 14th, 2017
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.64 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. /**
  3. * Process.php
  4. */
  5.  
  6. include("database.php");
  7. /**
  8. * POST variables from form - need to be sanitized.
  9. */
  10.  
  11. $subuser = $_POST["username"];
  12. $subfirst = $_POST["firstname"];
  13. $subsurname = $_POST["surname"];
  14. $subpassword = $_POST["password"];
  15. $sublogin = $_POST["sublogin"];
  16.  
  17. /**
  18. * Check username function.
  19. */
  20.  
  21. function usernameTaken($username) && passwordTaken($password){
  22. $q = "SELECT username && password FROM ".TBL_USERS." WHERE username = '$username' && password = '$password'";
  23. $result = mysql_query($q);
  24. return (mysql_num_rows($result) > 0);
  25. }
  26.  
  27.  
  28. /**
  29. * Check password function.
  30. */
  31.  
  32. function confirmUserPass($username, $password){
  33.  
  34. /* Verify that user is in database */
  35. $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
  36. $result = mysql_query($q);
  37. if(!$result || (mysql_numrows($result) < 1)){
  38. return 1; //Indicates username failure
  39. }
  40.  
  41. /* Retrieve password from result, strip slashes */
  42. $dbarray = mysql_fetch_array($result);
  43. $password = $dbarray['password'];
  44.  
  45. /* Validate that password is correct */
  46. if($password == $dbarray['password']){
  47. return 0; //Success! Username and password confirmed
  48. }
  49. else{
  50. return 2; //Indicates password failure
  51. }
  52. }
  53.  
  54. /**
  55. * REGISTER - Username not in use
  56. */
  57. if (usernameTaken($subuser) && passwordTaken($subpassword)) == 0 ) {
  58.  
  59. $q = mysql_query ("INSERT INTO information (username, firstname, surname, password) VALUES ('$subuser', '$subfirst', '$subsurname', '$subpassword')"); echo mysql_error();
  60. $success = 1;
  61. if ($success == 1) { echo "User ".$subuser." And "$subpassword" Added"; }
  62. }
  63.  
  64. /**
  65. * REGISTER - Username in use
  66. */
  67. else if (usernameTaken($subuser) && passwordTaken($subpassword)) > 0 ) {
  68. echo "User ".$subuser." already exists, choose another username";
  69. header('Refresh:3; URL= informationform.php');
  70. }
  71.  
  72. /**
  73. * LOGIN - this is not secure
  74. */
  75.  
  76. if ($sublogin == 1) {
  77. $result = confirmUserPass($subuser, $subpassword);
  78.  
  79. /* Check error codes */
  80. if($result == 1){
  81. // username not found
  82. echo "Username Not Found";
  83. header('Refresh:3; URL= loginform.php');
  84. }
  85. else if($result == 2){
  86. // password incorrect
  87. echo "Password Incorrect";
  88. header('Refresh:3; URL= loginform.php');
  89. }
  90. else if($result == 0){
  91. // password and user correct, forward to members page
  92. echo "Logged In";
  93. header('Refresh:3; URL= member_area.php');
  94. }
  95. }
  96.  
  97. ?>
  98.  
  99.  
  100. <a href="display_users.php">Show Users</a><br / >
  101. <a href="informationform.php">Add a new user</a>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!