Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'dbc.php';
- $err = array();
- foreach($_GET as $key => $value) {
- $get[$key] = filter($value);
- }
- if ($_POST['doLogin']=='Login')
- {
- foreach($_POST as $key => $value) {
- $data[$key] = filter($value);
- }
- $user_email = $data['usr_email'];
- $pass = $data['pwd'];
- if (strpos($user_email,'@') === false) {
- $user_cond = "user_name='$user_email'";
- } else {
- $user_cond = "user_email='$user_email'";
- }
- $result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level`,`date`,`data_expira` FROM users WHERE $user_cond AND `banned` = '0'") or die (mysql_error());
- $num = mysql_num_rows($result);
- if ( $num > 0 ) {
- list($id,$pwd,$full_name,$approved,$user_level,$data_sqlret,$date_expira) = mysql_fetch_row($result);
- $data = date('Y-m-d');
- if ($date_expira < $data){
- echo "<script>alert('VENCIDO')</script>";
- mysql_query("UPDATE users SET approved = '0' WHERE full_name='$full_name'");
- $err[] = "Venceu";
- }
- if(!$approved) {
- $err[] = "Conta não Ativada";
- }
- if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
- if(empty($err)){
- session_start();
- session_regenerate_id (true);
- $_SESSION['user_id']= $id;
- $_SESSION['user_name'] = $full_name;
- $_SESSION['user_level'] = $user_level;
- $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
- $stamp = time();
- $ckey = GenKey();
- mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
- if(isset($_POST['remember'])){
- setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
- setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
- setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
- }
- header("Location: painel.php");
- }
- }
- else
- {
- $err[] = "Login Invalido";
- }
- } else {
- $err[] = "não Existe Login";
- }
- }
- ?>
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8" />
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <meta name="description" content="">
- <meta name="author" content="TECHNOLOGY CHECKER">
- <meta name="keyword" content="PHP SCRIPT, CHECKER LOJAS, TESTADORES PRIV8, CHECKER CC, CONSULTAS">
- <title>TECHNOLOGY CHECKER V3.0 - MADE IN BRAZIL PRIV8</title>
- <link href="assets/css/bootstrap.css" rel="stylesheet">
- <link href="assets/font-awesome/css/font-awesome.css" rel="stylesheet" />
- <link href="assets/css/style.css" rel="stylesheet">
- <link href="assets/css/style-responsive.css" rel="stylesheet">
- </head>
- <body>
- <div id="login-page">
- <div class="container">
- <form class="form-login" method="POST" action="index.php">
- <h2 class="form-login-heading">ACESSO AO SISTEMA</h2>
- <div class="login-wrap">
- <input name="usr_email" placeholder="Usuario" type="text" class="form-control" id="txtbox" placeholder="Usuario" autofocus>
- <br>
- <input name="pwd" type="password" placeholder="Senha" class="form-control" id="txtbox" placeholder="Senha">
- <br>
- <center>
- <?php
- if(!empty($err)) {
- echo "<div class=\"msg\">";
- foreach ($err as $e) {
- echo "$e <br>";
- }
- echo "</div>";
- }
- ?>
- </center>
- <br>
- <input name="doLogin" class="btn btn-theme btn-block" type="submit" id="doLogin3" value="Login">
- <hr>
- <div class="registration">
- Serviços Abaixo Disponiveis.<br/>
- <a class="" href="forgot.php">
- Trocar Senha / Recuperar
- </a>
- </div>
- </div>
- <script src="http://static.tumblr.com/8l2gpxb/lcllulgcn/snowstorm.js"></script>
- <center>
- <p>
- <a href="http://achecker.ca/checker/index.php?uri=referer&gid=WCAG2-AA"><img src="http://achecker.ca/images/icon_W2_aa.jpg" alt="WCAG 2.0 (Level AA)" height="32" width="102" /></a></p><a href="http://www.siteblindado.com"><img src="http://s3-sa-east-1.amazonaws.com/selo.siteblindado.com/seals_aw/siteblindado.com/siteblindado.gif" alt="Website Security Test" border="0" /></a>
- </center>
- </form>
- </div>
- </div>
- <script src="assets/js/jquery.js"></script>
- <script src="assets/js/bootstrap.min.js"></script>
- <script type="text/javascript" src="assets/js/jquery.backstretch.min.js"></script>
- <script>
- $.backstretch("http://www.yogareal.com.au/wp-content/uploads/2014/11/Merry-Christmas-Wallpapers-2014-3.jpg", {speed: 500});
- </script>
- <!-- Histats.com START (hidden counter)-->
- <script type="text/javascript">document.write(unescape("%3Cscript src=%27http://s10.histats.com/js15.js%27 type=%27text/javascript%27%3E%3C/script%3E"));</script>
- <a href="http://www.histats.com" target="_blank" title="web page hit counter" ><script type="text/javascript" >
- try {Histats.start(1,3110055,4,0,0,0,"");
- Histats.track_hits();} catch(err){};
- </script></a>
- <noscript><a href="http://www.histats.com" target="_blank"><img src="http://sstatic1.histats.com/0.gif?3110055&101" alt="web page hit counter" border="0"></a></noscript>
- <!-- Histats.com END -->
- <EMBED SRC="https://www.vagalume.com.br/cancoes-de-natal/" AUTOSTART="TRUE" LOOP="TRUE" WIDTH="1" HEIGHT="1" ALIGN="CENTER"></EMBED>
- </body>
- </html>
- ====================================================================================================================================================
- O register.php assim :
- <?php
- /*************** PHP LOGIN SCRIPT V 2.0*********************
- ***************** Auto Approve Version**********************
- (c) Balakrishnan 2009. All Rights Reserved
- Usage: This script can be used FREE of charge for any commercial or personal projects.
- Limitations:
- - This script cannot be sold.
- - This script may not be provided for download except on its original site.
- For further usage, please contact me.
- ***********************************************************/
- include 'dbc.php';
- $err = array();
- if($_POST['doRegister'] == 'Register')
- {
- /******************* Filtering/Sanitizing Input *****************************
- This code filters harmful script code and escapes data of all POST data
- from the user submitted form.
- *****************************************************************/
- foreach($_POST as $key => $value) {
- $data[$key] = filter($value);
- }
- /************************ SERVER SIDE VALIDATION **************************************/
- /********** This validation is useful if javascript is disabled in the browswer ***/
- if(empty($data['full_name']) || strlen($data['full_name']) < 4)
- {
- $err[] = "ERRO - Nome inválido . Por favor, indique 3 ou mais caracteres para o seu nome";
- //header("Location: register.php?msg=$err");
- //exit();
- }
- // Validate User Name
- if (!isUserID($data['user_name'])) {
- $err[] = "ERRO - nome de usuário inválido . Ele pode conter alfabeto, número e sublinhado.";
- //header("Location: register.php?msg=$err");
- //exit();
- }
- // Validate Email
- if(!isEmail($data['usr_email'])) {
- $err[] = "ERRO - E-mail inválido.";
- //header("Location: register.php?msg=$err");
- //exit();
- }
- // Check User Passwords
- if (!checkPwd($data['pwd'],$data['pwd2'])) {
- $err[] = "ERRO - senha ou incompatibilidade inválido . Digite 5 caracteres ou mais";
- //header("Location: register.php?msg=$err");
- //exit();
- }
- $user_ip = $_SERVER['REMOTE_ADDR'];
- // stores sha1 of password
- $sha1pass = PwdHash($data['pwd']);
- // Automatically collects the hostname or domain like example.com)
- $host = $_SERVER['HTTP_HOST'];
- $host_upper = strtoupper($host);
- $path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
- // Generates activation code simple 4 digit number
- $activ_code = rand(1000,9999);
- $usr_email = $data['usr_email'];
- $user_name = $data['user_name'];
- /************ USER EMAIL CHECK ************************************
- This code does a second check on the server side if the email already exists. It
- queries the database and if it has any existing email it throws user email already exists
- *******************************************************************/
- $rs_duplicate = mysql_query("select count(*) as total from users where user_email='$usr_email' OR user_name='$user_name'") or die(mysql_error());
- list($total) = mysql_fetch_row($rs_duplicate);
- if ($total > 0)
- {
- $err[] = "ERRO - O nome de usuário / e-mail já existe. Por favor, tente novamente com o nome de usuário e e-mail diferente .";
- //header("Location: register.php?msg=$err");
- //exit();
- }
- /***************************************************************************/
- if(empty($err)) {
- $sql_insert = "INSERT into `users`
- (`full_name`,`user_email`,`pwd`,`address`,`tel`,`fax`,`website`,`date`,`users_ip`,`activation_code`,`country`,`user_name`
- )
- VALUES
- ('$data[full_name]','$usr_email','$sha1pass','$data[address]','$data[tel]','$data[fax]','$data[web]'
- ,now(),'$user_ip','$activ_code','$data[country]','$user_name'
- )
- ";
- mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
- $user_id = mysql_insert_id($link);
- $md5_id = md5($user_id);
- mysql_query("update users set md5_id='$md5_id' where id='$user_id'");
- // echo "<h3>Thank You</h3> We received your submission.";
- if($user_registration) {
- $a_link = "
- *****ACTIVATION LINK*****\n
- http://$host$path/activate.php?user=$md5_id&activ_code=$activ_code
- ";
- } else {
- $a_link =
- "A sua conta é * PENDENTE DE APROVAÇÃO * e será ativado em breve o administrador.
- ";
- }
- $message =
- "Olá \n
- Obrigado por registrar conosco. Aqui estão os detalhes de login...\n
- User ID: $user_name
- Email: $usr_email \n
- Passwd: $data[pwd] \n
- $a_link
- Obrigado
- Administrator
- $host_upper
- ______________________________________________________
- THIS IS AN AUTOMATED RESPONSE.
- ***DO NOT RESPOND TO THIS EMAIL****
- ";
- mail($usr_email, "Detalhes Login", $message,
- "From: \"Member Registration\" <auto-reply@$host>\r\n" .
- "X-Mailer: PHP/" . phpversion());
- header("Location: thankyou.php");
- exit();
- }
- }
- ?>
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8" />
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <meta name="description" content="">
- <meta name="author" content="TECHNOLOGY CHECKER">
- <meta name="keyword" content="PHP SCRIPT, CHECKER LOJAS, TESTADORES PRIV8, CHECKER CC, CONSULTAS">
- <title>TECHNOLOGY CHECKER V3.0 - MADE IN BRAZIL PRIV8</title>
- <link href="assets/css/bootstrap.css" rel="stylesheet">
- <link href="assets/font-awesome/css/font-awesome.css" rel="stylesheet" />
- <link href="assets/css/style.css" rel="stylesheet">
- <link href="assets/css/style-responsive.css" rel="stylesheet">
- </head>
- <script>
- $(document).ready(function(){
- $.validator.addMethod("username", function(value, element) {
- return this.optional(element) || /^[a-z0-9\_]+$/i.test(value);
- }, "Username must contain only letters, numbers, or underscore.");
- $("#regForm").validate();
- });
- </script>
- </head>
- <body>
- <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
- <tr>
- <td colspan="3"> </td>
- </tr>
- <tr>
- <td width="160" valign="top"><p> </p>
- <p> </p>
- <p> </p>
- <p> </p>
- <p> </p></td>
- <td width="732" valign="top"><p>
- <?php
- if (isset($_GET['done'])) { ?>
- <h2>Obrigado!</h2><a href="login.php">login here</a>";
- <?php exit();
- }
- ?></p>
- <h3 class="titlehdr">CADASTRAMENTO DE LOGIN</h3>
- <p>O registro é rápido! Por favor, note que os campos marcados <span class="required">*</span>
- São necessarios.</p>
- <?php
- if(!empty($err)) {
- echo "<div class=\"msg\">";
- foreach ($err as $e) {
- echo "* $e <br>";
- }
- echo "</div>";
- }
- ?>
- <div class="main">
- <div class="login-form">
- <h1>CADASTRAMENTO</h1>
- <form action="register.php" method="post" name="regForm" id="regForm" >
- <table width="100%" border="0" cellpadding="3" cellspacing="3" class="forms">
- <tr>
- <td colspan="2">Nome<span class="required"><font color="#CC0000">*</font></span>
- <input name="full_name" type="text" id="full_name" size="40" class="required"></td>
- </tr>
- <tr>
- <td colspan="2"> </td>
- </tr>
- <tr>
- <td colspan="2">Cep<span class="required"><font color="#CC0000">*</font></span>
- <input name="address" type="text" id="address" class="required"></td>
- </tr>
- <tr>
- <td>Pais <font color="#CC0000">*</font></span>
- <td>
- </br>
- <select name="country" class="required" id="select8">
- <option value="" selected></option>
- <option value="Brasil">Brasil</option>
- </select></td>
- </br>
- </br>
- </br>
- </tr>
- </br>
- <tr>
- <td>Telefone<span class="required"><font color="#CC0000">*</font></span>
- </td>
- <td><input name="tel" type="text" id="tel" class="required"></td>
- </tr>
- <tr>
- <td>Fax </td>
- <td><input name="fax" type="text" id="fax">
- </td>
- </tr>
- <tr>
- <td>Site </td>
- <td><input name="web" type="text" id="web" class="optional defaultInvalid url">
- <span class="example">http://www.example.com</span></td>
- </tr>
- <tr>
- <td>Login<span class="required"><font color="#CC0000">*</font></span></td>
- <td><input name="user_name" type="text" id="user_name" class="required username" minlength="5" >
- <input name="btnAvailable" type="button" id="btnAvailable"
- onclick='$("#checkid").html("Please wait..."); $.get("checkuser.php",{ cmd: "check", user: $("#user_name").val() } ,function(data){ $("#checkid").html(data); });'
- value="Check Availability">
- <span style="color:red; font: bold 12px verdana; " id="checkid" ></span>
- </td>
- </tr>
- <tr>
- <td>Email<span class="required"><font color="#CC0000">*</font></span>
- </td>
- <td><input name="usr_email" type="text" id="usr_email3" class="required email">
- </tr>
- <tr>
- <td>Senha<span class="required"><font color="#CC0000">*</font></span>
- </td>
- <td><input name="pwd" type="password" class="required password" minlength="5" id="pwd">
- </tr>
- <tr>
- <td>Confirme Senha<span class="required"><font color="#CC0000">*</font></span>
- </td>
- <td><input name="pwd2" id="pwd2" class="required password" type="password" minlength="5" equalto="#pwd"></td>
- </tr>
- <tr>
- <td colspan="2"> </td>
- </tr>
- </table>
- <p align="center">
- <input name="doRegister" type="submit" id="doRegister" value="Register">
- </p>
- </form>
- </td>
- </table>
- </body>
- </html>
- =================================================================================================================
- o dbc.php ficou assim :
- <?php
- /*************** PHP LOGIN SCRIPT V 2.3*********************
- (c) Balakrishnan 2010. All Rights Reserved
- Usage: This script can be used FREE of charge for any commercial or personal projects. Enjoy!
- Limitations:
- - This script cannot be sold.
- - This script should have copyright notice intact. Dont remove it please...
- - This script may not be provided for download except from its original site.
- For further usage, please contact me.
- /******************** MAIN SETTINGS - PHP LOGIN SCRIPT V2.1 **********************
- Please complete wherever marked xxxxxxxxx
- /************* MYSQL DATABASE SETTINGS *****************
- 1. Specify Database name in $dbname
- 2. MySQL host (localhost or remotehost)
- 3. MySQL user name with ALL previleges assigned.
- 4. MySQL password
- Note: If you use cpanel, the name will be like account_database
- *************************************************************/
- define ("DB_HOST", "--------dados sigilosos----------"); // set database host
- define ("DB_USER", "----------dados sigilosos------------"); // set database user
- define ("DB_PASS","------------dados sigilosos------------"); // set database password
- define ("DB_NAME","----------dados sigilosos----------"); // set database name
- $link = @mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("SERVIDOR EM MANUTENCAO! VOLTAMOS EM BREVE...");
- $db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database");
- /* Registration Type (Automatic or Manual)
- 1 -> Automatic Registration (Users will receive activation code and they will be automatically approved after clicking activation link)
- 0 -> Manual Approval (Users will not receive activation code and you will need to approve every user manually)
- */
- $user_registration = 1; // set 0 or 1
- define("COOKIE_TIME_OUT", 10); //specify cookie timeout in days (default is 10 days)
- define('SALT_LENGTH', 9); // salt for password
- //define ("ADMIN_NAME", "admin"); // sp
- /* Specify user levels */
- define ("ADMIN_LEVEL", 5);
- define ("USER_LEVEL", 1);
- define ("GUEST_LEVEL", 0);
- /*************** reCAPTCHA KEYS****************/
- $publickey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
- $privatekey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
- /**** PAGE PROTECT CODE ********************************
- This code protects pages to only logged in users. If users have not logged in then it will redirect to login page.
- If you want to add a new page and want to login protect, COPY this from this to END marker.
- Remember this code must be placed on very top of any html or php page.
- ********************************************************/
- function page_protect() {
- session_start();
- global $db;
- /* Secure against Session Hijacking by checking user agent */
- if (isset($_SESSION['HTTP_USER_AGENT']))
- {
- if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
- {
- logout();
- exit;
- }
- }
- // before we allow sessions, we need to check authentication key - ckey and ctime stored in database
- /* If session not set, check for cookies set by Remember me */
- if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) )
- {
- if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){
- /* we double check cookie expiry time against stored in database */
- $cookie_user_id = filter($_COOKIE['user_id']);
- $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
- list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
- // coookie expiry
- if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {
- logout();
- }
- /* Security check with untrusted cookies - dont trust value stored in cookie.
- /* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
- if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey) ) {
- session_regenerate_id(); //against session fixation attacks.
- $_SESSION['user_id'] = $_COOKIE['user_id'];
- $_SESSION['user_name'] = $_COOKIE['user_name'];
- /* query user level from database instead of storing in cookies */
- list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'"));
- $_SESSION['user_level'] = $user_level;
- $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
- } else {
- logout();
- }
- } else {
- header("Location: index.php");
- exit();
- }
- }
- }
- function filter($data) {
- @$data = trim(htmlentities(strip_tags($data)));
- if (get_magic_quotes_gpc())
- $data = stripslashes($data);
- $data = mysql_real_escape_string($data);
- return $data;
- }
- function EncodeURL($url)
- {
- $new = strtolower(ereg_replace(' ','_',$url));
- return($new);
- }
- function DecodeURL($url)
- {
- $new = ucwords(ereg_replace('_',' ',$url));
- return($new);
- }
- function ChopStr($str, $len)
- {
- if (strlen($str) < $len)
- return $str;
- $str = substr($str,0,$len);
- if ($spc_pos = strrpos($str," "))
- $str = substr($str,0,$spc_pos);
- return $str . "...";
- }
- function isEmail($email){
- return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
- }
- function isUserID($username)
- {
- if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
- return true;
- } else {
- return false;
- }
- }
- function isURL($url)
- {
- if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
- return true;
- } else {
- return false;
- }
- }
- function checkPwd($x,$y)
- {
- if(empty($x) || empty($y) ) { return false; }
- if (strlen($x) < 4 || strlen($y) < 4) { return false; }
- if (strcmp($x,$y) != 0) {
- return false;
- }
- return true;
- }
- function GenPwd($length = 7)
- {
- $password = "";
- $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels
- $i = 0;
- while ($i < $length) {
- $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
- if (!strstr($password, $char)) {
- $password .= $char;
- $i++;
- }
- }
- return $password;
- }
- function GenKey($length = 7)
- {
- $password = "";
- $possible = "0123456789abcdefghijkmnopqrstuvwxyz";
- $i = 0;
- while ($i < $length) {
- $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
- if (!strstr($password, $char)) {
- $password .= $char;
- $i++;
- }
- }
- return $password;
- }
- function logout()
- {
- global $db;
- session_start();
- $sess_user_id = strip_tags(mysql_real_escape_string($_SESSION['user_id']));
- $cook_user_id = strip_tags(mysql_real_escape_string($_COOKIE['user_id']));
- if(isset($sess_user_id) || isset($cook_user_id)) {
- mysql_query("update `users`
- set `ckey`= '', `ctime`= ''
- where `id`='$sess_user_id' OR `id` = '$cook_user_id'") or die(mysql_error());
- }
- /************ Delete the sessions****************/
- unset($_SESSION['user_id']);
- unset($_SESSION['user_name']);
- unset($_SESSION['user_level']);
- unset($_SESSION['HTTP_USER_AGENT']);
- session_unset();
- session_destroy();
- /* Delete the cookies*******************/
- setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
- setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
- setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
- header("Location: index.php");
- }
- // Password and salt generation
- function PwdHash($pwd, $salt = null)
- {
- if ($salt === null) {
- $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
- }
- else {
- $salt = substr($salt, 0, SALT_LENGTH);
- }
- return $salt . sha1($pwd . $salt);
- }
- function checkAdmin() {
- if($_SESSION['user_level'] == ADMIN_LEVEL) {
- return 1;
- } else { return 0 ;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement