public function login($username, $password) { $username = htmlentities($username); $password = md5($password); if (User::user_exists($username)) { $db = Database::obtain(); $sql = "SELECT `id`,`username`,`password` FROM " . TABLE_USERS . "\n\t\t\t\t\tWHERE `username` = '" . $db->escape($username) . "'"; $userdata = $db->query_first($sql); if ($username == $userdata['username'] && $password == $userdata['password']) { $_SESSION['userkey'] = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"] . md5($userdata['password'])); $_SESSION['userid'] = $userdata['id']; // Check if Javascript is enable from hidden value in <noscript></noscript> in the login form $js_disabled = 0; $_SESSION['js_disabled'] = 0; if (isset($_POST['js_disabled'])) { $js_disabled = $_POST['js_disabled']; } if ($js_disabled == 1) { $_SESSION['js_disabled'] = 1; } $this->userid = $userdata['id']; $this->logged_in = true; return true; } } else { return false; } }
if ($ranking_position === false) { // no such user //redirect_to("http://wszechwiedzacy.com/ranking"); } } else { if ($logged) { $nick = $_SESSION['username']; // same as above // fix repeating? $ranking_position = array_search($nick, $top_scorers); } else { //redirect_to("http://wszechwiedzacy.pl/ranking"); } } // end of if/else session is logged in // make the user object that holds all information that is stored in database $user_exists = User::user_exists($nick); if ($user_exists) { $current_user = User::find_user($nick); $last = strtotime($current_user->last_activity); } else { $current_user = false; } // function displays last activity in polish $wynik = getDiff($last); $display_status = "nieaktywny"; if (time() - $last < 600) { $display_status = "aktywny"; } $sex = "ukryty"; // if sex was chosen if ($current_user->sex != 0) {
<?php require_once "initialize.php"; $ja = array("user" => "valid", "password" => "valid", "email" => "valid", "mysql" => "valid"); if (isset($_POST)) { $errors = array(); $username = trim($db->escape_value($_POST['username'])); $password = trim($db->escape_value($_POST['password'])); $hashed_password = sha1($password); $email = trim($db->escape_value($_POST['email'])); // check if user name hasn't been taken $user_exists = User::user_exists($username); if ($user_exists) { array_unshift($errors, "username taken"); $ja['user'] = "******"; } $email_check = isValidEmail($email) ? true : ($ja['email'] = "error"); // check if this email is in the database $email_exists = User::email_exists($email); if ($email_exists) { array_unshift($errors, "email taken"); $ja['email'] = "taken"; } // no errors on first test, next we check if the username and password are of required length $fields_max_lengths = array("username" => 30, "password" => 30); $fields_min_lengths = array("username" => 3, "password" => 4); $errors = array_merge($errors, check_form_length($fields_max_lengths, true), check_form_length($fields_min_lengths, false)); if (empty($errors)) { $time = date("Y-m-j H:i:s", time()); $query = "INSERT INTO users ( "; $query .= "user_name, hashed_password, email, register_date, subscribed ) VALUES (";