-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconnect.php
130 lines (100 loc) · 3.39 KB
/
connect.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
// Start the session
session_start();
// Seed the random number generator
srand();
date_default_timezone_set("UTC");
$time = time();
$inbox = 0;
@mysql_connect("localhost", "neptune", "neptune");
mysql_select_db("reimubb2");
// Salt Generator
function generate_salt () {
// Declare $salt
$salt = '';
// And create it with random chars
for ($i = 0; $i < 3; $i++) {
$salt .= chr(rand(35, 126));
}
return $salt;
}
function user_register($username, $password, $email) {
$sql = mysql_query("SELECT * FROM user WHERE username = '$username'");
$row = mysql_fetch_row($sql);
if ($row<1) {
// Get a salt using our function
$salt = generate_salt();
// Now encrypt the password using that salt
$encrypted = md5(md5($password).$salt);
$time = time();
// And lastly, store the information in the database
$query = "insert into user (username, password, salt, email, joined, active, posts, admin) values ('$username', '$encrypted', '$salt', '$email', '$time', '$time', 0, 0)";
mysql_query ($query) or die ('Could not create user.');
} else{
echo 'Error: A user with that name allready exists.';
include('template/footer.php');
exit;
}
}
function user_login($username, $password) {
// Try and get the salt from the database using the username
$query = "select salt from user where username='$username' limit 1";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);
// Try and get the user using the username & encrypted pass
$query = "select userid, username from user where username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);
// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['userid']);
$encrypted_name = md5($user['username']);
// Store the data in the session
$_SESSION['userid'] = $userid;
setcookie("userid", $userid);
$_SESSION['username'] = $username;
setcookie("username", $username);
$_SESSION['encrypted_id'] = $encrypted_id;
setcookie("encrypted_id", $encrypted_id);
$_SESSION['encrypted_name'] = $encrypted_name;
setcookie("encrypted_name", $encrypted_name);
if ($numrows == 1) {
return 'Correct';
} else {
return false;
}
}
function user_logout() {
setcookie("username", "NULL");
// End the session and unset all vars
session_unset ();
session_destroy ();
}
function is_authed() {
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn't been changed
if (isset($_COOKIE['username']) && (md5($_COOKIE['username']) == $_COOKIE['encrypted_name'])) {
return true;
} else {
return false;
}
}
function is_authed_adm() {
if (is_authed()) {
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn't been changed
$sql = mysql_query("SELECT * FROM user WHERE username='$_COOKIE[username]'") or die(mysql_error());
$row = mysql_fetch_array($sql);
if($row['admin'] == 1) {
return true;
} else {
return false;
}
} else {
return false;
}
}
?>