API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 2nd, 2019
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.53 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include("../connection.php");
  3. $uid = mysqli_real_escape_string($obj, $_GET["username"]);
  4. $pwd = mysqli_real_escape_string($obj, $_GET["password"]);
  5. $hwid = mysqli_real_escape_string($obj, $_GET["hwid"]);
  6. // Random key gen func
  7. function randomKey($length) {
  8. $pool = array_merge(range(0,9), range('a', 'z'),range('A', 'Z'));
  9. for($i=0; $i < $length; $i++) {
  10. $key .= $pool[mt_rand(0, count($pool) - 1)];
  11. }
  12. return $key;
  13. }
  14. if(isset($_GET['username']))
  15. {
  16. // Valid request
  17.  
  18. // First of all, check that this user exists
  19. $result = $obj->query("SELECT * FROM users WHERE username='$uid'");
  20.  
  21. if(!$result->num_rows > 0)
  22. {
  23. // If the user doesnt exist
  24. echo "202";
  25. die();
  26. }
  27. else
  28. {
  29. // User exists
  30. // Now, check the password
  31.  
  32. // Create array of row
  33. $row = $result->fetch_assoc();
  34.  
  35. // Hash the password given with the salt from the users row
  36. $password = md5(md5($row['salt']).md5($pwd));
  37.  
  38. // Check the password is correct
  39. if($password != $row['password'])
  40. {
  41. // Incorrect password
  42. echo "203";
  43. die();
  44. }
  45. else
  46. {
  47. // Correct password
  48. // Check the HWID is set
  49.  
  50. if($row['hwid'] == "not set")
  51. {
  52. // HWID is not set
  53. // Set the HWID
  54. $obj->query("UPDATE `users` SET `hwid`='$hwid' WHERE username='$uid'");
  55.  
  56. // Save ip
  57. $ip = $_SERVER['REMOTE_ADDR'];
  58.  
  59. // Set the IP
  60. $obj->query("UPDATE `users` SET `ip`='$ip' WHERE username='$uid'");
  61.  
  62. // Now, we want to gen the token.
  63. $token = randomKey(20);
  64.  
  65. // Current time + 2 minutes
  66. $time = date("U") + 120;
  67.  
  68. // Insert the token into the DB
  69. $obj->query("INSERT INTO `tokens`(`username`, `token`, `expiry`) VALUES ('$uid', '$token', '$time')");
  70.  
  71. // Return the token and the OK to the loader.
  72. echo("205:" . $token);
  73.  
  74. die();
  75. }
  76. else
  77. {
  78. // HWID is set
  79. // Check the HWID
  80. if($hwid != $row['hwid'])
  81. {
  82. // Incorrect HWID
  83. echo("204");
  84. die();
  85. }
  86. else
  87. {
  88. // Correct HWID
  89. // Overall successful login
  90.  
  91. // Now, we want to gen the token.
  92. $token = randomKey(20);
  93.  
  94. // Current time + 2 minutes
  95. $time = date("U") + 120;
  96.  
  97. // Insert the token into the DB
  98. $obj->query("INSERT INTO `tokens`(`username`, `token`, `expiry`) VALUES ('$uid', '$token', '$time')");
  99.  
  100. // Return the token and the OK to the loader.
  101. echo("206:" . $token);
  102.  
  103. }
  104.  
  105. }
  106.  
  107.  
  108. }
  109.  
  110.  
  111. }
  112.  
  113.  
  114. }
  115. else
  116. {
  117. // Invalid request
  118. header("Location: https://nou.org");
  119. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!