Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //////////////RANDOM FUNCTIONS
- function Random8() {
- $alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
- $Rnd8 = array();
- $alphaLength = strlen($alphabet) - 1;
- for ($ix = 0; $ix < 8; $ix++) {
- $nx = rand(0, $alphaLength);
- $Rnd8[] = $alphabet[$nx];
- }
- return implode($Rnd8);
- }
- function Random12() {
- $al = "0123456789";
- $Rnd12 = array();
- $alLength = strlen($al) - 1;
- for ($ixy = 0; $ixy < 12; $ixy++) {
- $nxy = rand(0, $alLength);
- $Rnd12[] = $al[$nxy];
- }
- return implode($Rnd12);
- }
- /////////////////////LOGIN.php
- <div class="loginmodul">
- <?php if ($_SESSION['chiave'] <> 'put_a_complex-string_here'){ ?>
- <form action="Login/newelaborate.php" method="post">
- <br>
- <p>EMail</p>
- <input type="text" name="username">
- <p>Password</p>
- <input type="password" name="password"><br>
- <input type="text" name="refresherX" value="1" style="display:none;">
- <input type="submit" name="sendcredentials" value="Login" id="logmeinn">
- <br>
- </form>
- <p>Forgot Password?</p>
- <a href="Login/recoverpass.php">Recover Password!</a>
- <p>Dont you have an account?</p>
- <a href="Login/newaccount.php">Register!</a>
- <?php
- }
- if ($_SESSION['chiave'] == 'put_a_complex-string_here'){
- echo '<a href="Profile.php" id="myprofile">
- Entra nel tuo profilo</a>';
- echo '<br> <a href="esci.php?log_off=sloggami"
- id="exit_a">Esci</a>';
- }
- ?>
- </div>
- /////////////////////// newelaborate.php
- <?php
- session_start();
- include 'myparam'; //here you can find all connection data
- $conn = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname);
- if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); }
- if(is_null($_SESSION['chiave'])){
- if (isset($_POST['sendcredentials']) AND isset($_POST['username']) AND isset($_POST['password']))
- {
- $username = $_POST['username'];
- $password = $_POST['password'];
- $username = filter_var($username, FILTER_SANITIZE_STRING);
- $password = filter_var($password, FILTER_SANITIZE_STRING);
- if ($username<>'' AND $password<>'')
- {
- $username = $conn->real_escape_string($username);
- $sqlX = "SELECT identifier,user,pass,myid FROM allusers WHERE user=? LIMIT 1";
- $stmt = $conn->prepare($sqlX);
- $stmt->bind_param("s",$username);
- $stmt->execute();
- if(mysqli_errno($conn)>0) {
- printf("Connect failed:", mysqli_connect_error());
- exit();
- }
- else
- {
- $stmt->bind_result($checker, $user2, $password2);
- while ($stmt->fetch()) {
- $identifier = $checker;
- $userX = $user2;
- $PassX = $password2;
- }
- if(is_null($userX)){echo'WRONG username and/or password';}
- else {
- if(password_verify($password,$PassX))
- {
- $_SESSION['chiave'] = 'put_a_complex-string_here';
- header('Location:LOGIN.php');
- exit;
- }
- else{echo 'WRONG Password';}
- }
- }
- }
- else {echo 'Insert Password and Username';}
- }
- else{echo 'NO DATA INSERTED';}
- }//controllo sessione
- if ( ($_SESSION['chiave']) AND (!isset($_POST['sendcredentials'])) )
- {
- header('Location:LOGIN.php');
- exit;
- }
- ?>
- ////////////////////////////////////////////////////////////////////// newaccount.php
- <form action="newaccount.php" method="post" class="newAC">
- <p>Nickname</p>
- <input type="text" name="nickname">
- <p>EMail</p>
- <input type="text" name="user">
- <p>Password</p>
- <input type="password" name="pass"><br>
- <p>Accetti l'informativa privacy?</p>
- <a href="<?php echo $menuimg_path[9]; ?>">Privacy Policies</a>
- <input type="checkbox" id="p_ac" name="privacy_acept" value="normativa_si" onchange="paccepted();">
- <input type="submit" name="new_acc" id="sub_newacc" value="Nuovo Account">
- </form>
- <?php
- session_start();
- /*
- include 'myparam'; //here you can find all connection data
- $conn = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname);
- if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); }
- $nicks= filter_var($_POST ['nickname'], FILTER_SANITIZE_EMAIL);
- $username2= filter_var($_POST ['user'], FILTER_SANITIZE_EMAIL);
- $password2 = filter_var($_POST ['pass'], FILTER_SANITIZE_STRING);
- $passHASH = password_hash($password2, PASSWORD_BCRYPT);
- // THIS PART check ALL users's IDENTIFIER to assing a random UNIQUE identifier
- $prst = $conn->prepare("SELECT identifier FROM allusers");
- $prst->execute();
- $prst->bind_result($iiden);
- while($prst->fetch()){$identifierlist [] = $iiden;}
- $ident = Random8(); //this is a function to generate a random 8 characters word
- $idtcheck = 0;
- do {
- if(in_array($ident, $identifierlist)){
- $idtcheck = 1;
- $ident = Random8();
- }
- if(!(in_array($ident, $identifierlist))){
- $idtcheck = 0;
- }
- }
- while ($idtcheck!=0);
- $prst = $conn->prepare("SELECT myid FROM allusers");
- $prst->execute();
- $prst->bind_result($myid);
- while($prst->fetch()){$mydlist [] = $myid;}
- $mid0 = Random12();
- $myidCHECK = 0;
- do {
- for ($zy=0;$zy<count($mydlist);$zy++){
- if($mydlist[$zy] == $mid0){
- $myidCHECK = $myidCHECK +1;
- $mid0 = Random12();
- }
- if($mydlist[$zy] <> $mid0){
- $myidCHECK = $myidCHECK +0;
- }
- }
- }
- while ($myidCHECK !=0);
- $prst = $conn->prepare("SELECT user FROM allusers");
- $prst->execute();
- $prst->bind_result($user);
- while($prst->fetch()){$userlist [] = $user;}
- $AEX = 0;
- for ($z=0;$z<count($userlist);$z++){
- if($userlist[$z] == $username2){$AEX = $AEX+1;}
- if($userlist[$z] <> $username2){$AEX = $AEX+0;}
- }
- if (isset($_POST['new_acc'])) {
- if ($AEX==0){
- $innsert = "INSERT INTO allusers ( user, pass, identifier, myid, Nickname ) VALUES ( ?, ?, ?, ?, ?)";
- $pstm = $conn->prepare($innsert);
- $pstm->bind_param("sssss", $username2, $passHASH, $ident, $mid0, $nicks);
- $pstm->execute();
- echo '<p id="accC">Account Creato</p>';
- $tablename = "mytable".$identifier; //here you should buil a unique name table for each user maybe using identifier or myid SINCE THEY ARE UNIQUE
- $createSMS = "CREATE TABLE $tablename (
- here you must put ALL fields you need for the users
- )";
- $pstm2 = $conn->prepare($createSMS);
- $pstm2->execute();
- }
- if ($AEX>=1){echo '<p id="accC">email già in uso</p>'; }
- }//isset
- */
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement