Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- // CONNECTIONS =========================================================
- $host = "localhost"; //put your host here
- $user = "userhere"; //in general is root
- $password = "passhere"; //use your password here
- $dbname = "dbhere"; //your database
- mysql_connect($host, $user, $password) or die("Cant connect into database");
- mysql_select_db($dbname)or die("Cant connect into database");
- // SECURITY CIPHER =====================================================
- $key = "cgTp:GcXZu-F&F|>.XJ4bxe[qftkA"; // Random key
- $iv = "qd|;>'Gsa*^_q*eP"; // Random IV
- $cipher = "MCRYPT_RJINDAEL_256";
- // =============================================================================
- // SOME DECRYPTION FUNCTIONS!!! ALL CAPS!!!
- function decrypt($code) {
- $code = $this->hex2bin($code);
- $td = mcrypt_module_open($cipher, "", "cbc", $iv);
- mcrypt_generic_init($td, $key, CIPHER_IV);
- $decrypted = mdecrypt_generic($td, $code);
- mcrypt_generic_deinit($td);
- mcrypt_module_close($td);
- return utf8_encode(trim($decrypted));
- }
- // PROTECT AGAINST SQL INJECTION and CONVERT PASSWORD INTO MD5 formats
- function anti_injection_login_senha($sql, $formUse = true)
- {
- $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
- $sql = trim($sql);
- $sql = strip_tags($sql);
- if(!$formUse || !get_magic_quotes_gpc())
- $sql = addslashes($sql);
- $sql = md5(trim($sql));
- return $sql;
- }
- // THIS ONE IS JUST FOR THE NICKNAME PROTECTION AGAINST SQL INJECTION
- function anti_injection_login($sql, $formUse = true)
- {
- $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
- $sql = trim($sql);
- $sql = strip_tags($sql);
- if(!$formUse || !get_magic_quotes_gpc())
- $sql = addslashes($sql);
- return $sql;
- }
- // SOME MISC FUNCTIONS
- function hex2bin($hexdata) {
- $bindata = "";
- for ($i = 0; $i < strlen($hexdata); $i += 2) {
- $bindata .= chr(hexdec(substr($hexdata, $i, 2)));
- }
- return $bindata;
- }
- // =============================================================================
- $unityHash = anti_injection_login($_POST["myform_hash"]);
- $phpHash = "hashcode"; // same code in here as in your Unity game
- // Some decryption.
- //$decpass = mcrypt_decrypt($cipher, $key, $_POST["myform_pass"], $ciphermode, $iv);
- $decpass = $_POST["myform_pass"];
- $nick = anti_injection_login(decrypt($_POST["myform_nick"]); //I use that function to protect against SQL injection
- $pass = anti_injection_login_senha($decpass);
- /*
- you can also use this:
- $nick = $_POST["myform_nick"];
- $pass = $_POST["myform_pass"];
- */
- if(0) {
- echo "Login or password cant be empty.";
- } else {
- if ($unityHash != $phpHash){
- echo "HASH code is diferent from your game, you infidel.";
- } else {
- $SQL = "SELECT * FROM login WHERE userid = '" . $nick . "'";
- $result_id = @mysql_query($SQL) or die("DATABASE ERROR!");
- $total = mysql_num_rows($result_id);
- if($total) {
- $datas = @mysql_fetch_array($result_id);
- if(!strcmp($pass, anti_injection_login_senha($datas["ident"]))) {
- echo "LOGADO - PASSWORD CORRECT";
- } else {
- echo "Nick or password is wrong." . $datas["ident"] . $pass;
- }
- } else {
- echo "Data invalid - cant find name.";
- }
- }
- }
- // Close mySQL Connection
- mysql_close();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement