SHARE
TWEET

Untitled

a guest Sep 14th, 2017 97 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?
  2. /**
  3.  * Process.php
  4.  */
  5.  
  6. include("database.php");
  7.  /**
  8.  * POST variables from form - need to be sanitized.
  9.  */
  10.  
  11. if(isset($_POST["sublogin"] )) {
  12. $subuser = $_POST["username"];
  13. $subpassword = $_POST["password"];
  14. $sublogin = $_POST["sublogin"];
  15. }
  16.  
  17. if(isset($_POST["subregister"] )) {
  18.  
  19. $subuser = $_POST["username"];
  20. $subfirst = $_POST["firstname"];
  21. $subsurname = $_POST["surname"];
  22. $subpassword = $_POST["password"];
  23. $subregister = $_POST["subregister"];
  24.  
  25. }
  26.  
  27. /**
  28. * Check username function.
  29. */
  30.  
  31. function usernameTaken($username){
  32.     $q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'";
  33.     $result = mysql_query($q);
  34.     return (mysql_num_rows($result) > 0);
  35.     }
  36.    
  37.  
  38.  /**
  39.  * Check password function.
  40.  */
  41.  
  42.    function confirmUserPass($username, $password){
  43.  
  44.     /* Verify that user is in database */
  45.       $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
  46.       $result = mysql_query($q);
  47.       if(!$result || (mysql_numrows($result) < 1)){
  48.          return 1; //Indicates username failure
  49.       }  
  50.      
  51.       /* Retrieve password from result */
  52.       $dbarray = mysql_fetch_array($result);
  53.      
  54.      
  55.       /* Validate that password is correct */
  56.       if($password == $dbarray['password']){
  57.          return 0; //Success! Username and password confirmed
  58.       }
  59.       else{
  60.          return 2; //Indicates password failure
  61.       }
  62.    }
  63.      
  64. /**
  65.  * REGISTER - Username not in use
  66.  */
  67.   if (isset ($subregister)) {
  68. if (usernameTaken($subuser) == 0 ) {
  69.  
  70.     $q = mysql_query ("INSERT INTO information (username, firstname, surname, password) VALUES ('$subuser', '$subfirst', '$subsurname', '$subpassword')");  echo mysql_error();
  71.     $success = 1;
  72.     if ($success == 1) { echo "User ".$subuser." Added"; }
  73.     }
  74.  
  75. /**
  76.  * REGISTER - Username in use
  77.  */
  78. else if (usernameTaken($subuser)) {
  79.     echo "User ".$subuser." already exists, choose another username";
  80.     header('Refresh:3; URL= informationform.php');
  81.         }  
  82.         }
  83.  /**
  84.  * LOGIN - this is not secure
  85.  */
  86.  
  87.  if ($sublogin == 1) {
  88.       $result = confirmUserPass($subuser, $subpassword);
  89.     //echo $result;
  90.      
  91.       /* Check error codes */
  92.       if($result == 1){
  93.     /* username not found, create user with password they typed */
  94.     echo "Username Was Not Found, Created New User ".$subuser."";  
  95.     $q = mysql_query ("INSERT INTO information (username, password) VALUES ('$subuser', '$subpassword')");  echo mysql_error();
  96.  
  97.    
  98.     header('Refresh:7; URL= login.html');
  99.    
  100.     }
  101.       else if($result == 2){
  102.     /* password incorrect */
  103.     echo "Password Incorrect";
  104.     header('Refresh:3; URL= login.html');
  105.     }
  106.       else if($result == 0){
  107.     //* password and user correct, forward to members page */
  108.     echo "Logged In";
  109.     header('Refresh:3; URL= display_users.php');
  110.       }
  111.  }
  112.        
  113. ?>
  114.  
  115.  
  116. <a href="display_users.php">Show Users</a><br / >
  117. <a href="register.php">Add a new user</a>
RAW Paste Data
Top