API tools faq
paste
Guest User

Untitled

a guest
Oct 23rd, 2017
145
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.27 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. session_start();
  4.  
  5. // To log into the database
  6. $dbuser = "t2015t16";
  7. $dbpass = "7Badeore";
  8.  
  9. // For creating/using database
  10. $dbname = "t2015t16";
  11. $serverLoc = "homepages.cs.ncl.ac.uk:3306";
  12. // Connect to database with these parameters
  13. // If fail, display message
  14. $connect = mysql_connect("homepages.cs.ncl.ac.uk", $dbuser, $dbpass) or die("Connection to database failed");
  15. // Use database with name $dbname if fail display message.
  16. // period ( . ) is used for string concatenation(spelling?)
  17. mysql_select_db($dbname, $connect) or die($dbname . " database not found " . $dbuser);
  18.  
  19. @$username="$_POST[userName]";
  20. @$password="$_POST[userPassword]";
  21.  
  22.  
  23. $sql = '
  24.    SELECT
  25.        U.userPassword
  26.    FROM cf_users U
  27.        WHERE U.userName = "' . mysql_real_escape_string($username) . '"
  28.    LIMIT 1
  29.    ;';
  30.  
  31. $r = mysql_fetch_assoc(mysql_query($sql));
  32.  
  33. $sql = '
  34.    SELECT
  35.        U.userSalt
  36.    FROM cf_users U
  37.        WHERE U.userName = "' . mysql_real_escape_string($username) . '"
  38.    LIMIT 1
  39.    ;';
  40.  
  41. $r2 = mysql_fetch_assoc(mysql_query($sql));
  42.  
  43. // Get salt
  44. $salt = $r2['userSalt'];
  45.  
  46. $hash = $salt . $password; //Passwords are stored as a salt appended to the hash of the users password (it is hashed clientside before being sent, so no hashing of password is done here)
  47.  
  48. // Hash the password as we did before
  49. $hash = hash('sha256', $hash);
  50.  
  51.  
  52. if ( $hash == $r['userPassword'] )
  53. {
  54.     $_SESSION["username"]=$username;
  55.     $sql = '
  56.    SELECT
  57.        U.userID, U.departmentID, U.position, U.accessLevel
  58.    FROM cf_users U
  59.        WHERE U.userName = "' . mysql_real_escape_string($username) . '"
  60.    LIMIT 1
  61.    ;';
  62.     $r2 = mysql_fetch_assoc(mysql_query($sql));
  63.     echo "userID=$r2[userID]&departmentID=$r2[departmentID]&position=$r2[position]&accessLevel=$r2[accessLevel]&sid=".session_id()."&questionnaireComp=".questionnaireCompleted();
  64. } else
  65. {
  66.     echo "INVALID_LOGIN";
  67. }
  68.  
  69.  
  70. mysql_close($connect);
  71.  
  72. function questionnaireCompleted()
  73. {
  74.     $sql = '
  75.    SELECT
  76.        U.postCode
  77.    FROM cf_users U
  78.        WHERE U.userName = "' . mysql_real_escape_string($_POST['userName']) . '"
  79.    LIMIT 1
  80.    ;';
  81.     $r1 = mysql_fetch_assoc(mysql_query($sql));
  82.    
  83.     if($r1['postCode']=="")
  84.     {
  85.         return "false";
  86.     } else
  87.     {
  88.         return "true";
  89.     }
  90. }
  91. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!