<?// CONNECTIONS =========================================================$h

1. <?
2. // CONNECTIONS =========================================================
3. $host = "localhost"; //put your host here
4. $user = "userhere"; //in general is root
5. $password = "passhere"; //use your password here
6. $dbname = "dbhere"; //your database
7. mysql_connect($host, $user, $password) or die("Cant connect into database");
8. mysql_select_db($dbname)or die("Cant connect into database");
9. // SECURITY CIPHER =====================================================
10. $key = "cgTp:GcXZu-F&F|>.XJ4bxe[qftkA"; // Random key
11. $iv = "qd|;>'Gsa*^_q*eP"; // Random IV
12. $cipher = "MCRYPT_RJINDAEL_256";
13. // =============================================================================
14. // SOME DECRYPTION FUNCTIONS!!! ALL CAPS!!!
15. function decrypt($code) {
16. $code = $this->hex2bin($code);
17.  
18. $td = mcrypt_module_open($cipher, "", "cbc", $iv);
19.  
20. mcrypt_generic_init($td, $key, CIPHER_IV);
21. $decrypted = mdecrypt_generic($td, $code);
22.  
23. mcrypt_generic_deinit($td);
24. mcrypt_module_close($td);
25.  
26. return utf8_encode(trim($decrypted));
27. }
28. // PROTECT AGAINST SQL INJECTION and CONVERT PASSWORD INTO MD5 formats
29. function anti_injection_login_senha($sql, $formUse = true)
30. {
31. $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
32. $sql = trim($sql);
33. $sql = strip_tags($sql);
34. if(!$formUse || !get_magic_quotes_gpc())
35. $sql = addslashes($sql);
36. $sql = md5(trim($sql));
37. return $sql;
38. }
39. // THIS ONE IS JUST FOR THE NICKNAME PROTECTION AGAINST SQL INJECTION
40. function anti_injection_login($sql, $formUse = true)
41. {
42. $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
43. $sql = trim($sql);
44. $sql = strip_tags($sql);
45. if(!$formUse || !get_magic_quotes_gpc())
46. $sql = addslashes($sql);
47. return $sql;
48. }
49. // SOME MISC FUNCTIONS
50. function hex2bin($hexdata) {
51. $bindata = "";
52.  
53. for ($i = 0; $i < strlen($hexdata); $i += 2) {
54. $bindata .= chr(hexdec(substr($hexdata, $i, 2)));
55. }
56.  
57. return $bindata;
58. }
59. // =============================================================================
60. $unityHash = anti_injection_login($_POST["myform_hash"]);
61. $phpHash = "hashcode"; // same code in here as in your Unity game
62.  
63. // Some decryption.
64. //$decpass = mcrypt_decrypt($cipher, $key, $_POST["myform_pass"], $ciphermode, $iv);
65. $decpass = $_POST["myform_pass"];
66. $nick = anti_injection_login(decrypt($_POST["myform_nick"]); //I use that function to protect against SQL injection
67. $pass = anti_injection_login_senha($decpass);
68.  
69. /*
70. you can also use this:
71. $nick = $_POST["myform_nick"];
72. $pass = $_POST["myform_pass"];
73. */
74. if(0) {
75. echo "Login or password cant be empty.";
76. } else {
77. if ($unityHash != $phpHash){
78. echo "HASH code is diferent from your game, you infidel.";
79. } else {
80. $SQL = "SELECT * FROM login WHERE userid = '" . $nick . "'";
81. $result_id = @mysql_query($SQL) or die("DATABASE ERROR!");
82. $total = mysql_num_rows($result_id);
83. if($total) {
84. $datas = @mysql_fetch_array($result_id);
85. if(!strcmp($pass, anti_injection_login_senha($datas["ident"]))) {
86. echo "LOGADO - PASSWORD CORRECT";
87. } else {
88. echo "Nick or password is wrong." . $datas["ident"] . $pass;
89. }
90. } else {
91. echo "Data invalid - cant find name.";
92. }
93. }
94. }
95. // Close mySQL Connection
96. mysql_close();
97. ?>