Example #1
0
 public function login($username, $password)
 {
     $username = htmlentities($username);
     $password = md5($password);
     if (User::user_exists($username)) {
         $db = Database::obtain();
         $sql = "SELECT `id`,`username`,`password` FROM " . TABLE_USERS . "\n\t\t\t\t\tWHERE `username` = '" . $db->escape($username) . "'";
         $userdata = $db->query_first($sql);
         if ($username == $userdata['username'] && $password == $userdata['password']) {
             $_SESSION['userkey'] = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"] . md5($userdata['password']));
             $_SESSION['userid'] = $userdata['id'];
             // Check if Javascript is enable from hidden value in <noscript></noscript> in the login form
             $js_disabled = 0;
             $_SESSION['js_disabled'] = 0;
             if (isset($_POST['js_disabled'])) {
                 $js_disabled = $_POST['js_disabled'];
             }
             if ($js_disabled == 1) {
                 $_SESSION['js_disabled'] = 1;
             }
             $this->userid = $userdata['id'];
             $this->logged_in = true;
             return true;
         }
     } else {
         return false;
     }
 }
Example #2
0
    if ($ranking_position === false) {
        // no such user
        //redirect_to("http://wszechwiedzacy.com/ranking");
    }
} else {
    if ($logged) {
        $nick = $_SESSION['username'];
        // same as above // fix repeating?
        $ranking_position = array_search($nick, $top_scorers);
    } else {
        //redirect_to("http://wszechwiedzacy.pl/ranking");
    }
}
// end of if/else session is logged in
// make the user object that holds all information that is stored in database
$user_exists = User::user_exists($nick);
if ($user_exists) {
    $current_user = User::find_user($nick);
    $last = strtotime($current_user->last_activity);
} else {
    $current_user = false;
}
// function displays last activity in polish
$wynik = getDiff($last);
$display_status = "nieaktywny";
if (time() - $last < 600) {
    $display_status = "aktywny";
}
$sex = "ukryty";
// if sex was chosen
if ($current_user->sex != 0) {
Example #3
0
<?php

require_once "initialize.php";
$ja = array("user" => "valid", "password" => "valid", "email" => "valid", "mysql" => "valid");
if (isset($_POST)) {
    $errors = array();
    $username = trim($db->escape_value($_POST['username']));
    $password = trim($db->escape_value($_POST['password']));
    $hashed_password = sha1($password);
    $email = trim($db->escape_value($_POST['email']));
    // check if user name hasn't been taken
    $user_exists = User::user_exists($username);
    if ($user_exists) {
        array_unshift($errors, "username taken");
        $ja['user'] = "******";
    }
    $email_check = isValidEmail($email) ? true : ($ja['email'] = "error");
    // check if this email is in the database
    $email_exists = User::email_exists($email);
    if ($email_exists) {
        array_unshift($errors, "email taken");
        $ja['email'] = "taken";
    }
    // no errors on first test, next we check if the username and password are of required length
    $fields_max_lengths = array("username" => 30, "password" => 30);
    $fields_min_lengths = array("username" => 3, "password" => 4);
    $errors = array_merge($errors, check_form_length($fields_max_lengths, true), check_form_length($fields_min_lengths, false));
    if (empty($errors)) {
        $time = date("Y-m-j H:i:s", time());
        $query = "INSERT INTO users ( ";
        $query .= "user_name, hashed_password, email, register_date, subscribed ) VALUES (";