function login($data, $ip) { //separate data if ($obs = json_decode($data, true)) { //sanitization $user = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['n']), ENT_QUOTES, "utf-8"); $pw = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['p']), ENT_QUOTES, "utf-8"); //retrieve pass and id from DB $res = json_decode(processLogin($user), true); $dbPass = $res[0]['password']; $id = $res[0]['userId']; //hash entered password $cPass = hashPass($pw); //compare hashed pws if ($cPass == $dbPass) { //generate token $token = createToken($ip, $id); //set cookie to token value $time = time() + 86400 / 2; setcookie("token", $token, $time, "/"); session_start(); setLoginData($_SESSION['user_id'], $user); return 1; } else { setcookie("token", " ", time() - 1); return -1; } } else { return -1; } }
function createUser($data) { if ($obs = json_decode($data, true)) { $user = htmlentities(preg_replace("/[^a-zA-Z]*/", "", $obs['u']), ENT_QUOTES, "utf-8"); $pw = htmlentities(preg_replace("/[^a-zA-Z]*/", "", $obs['p']), ENT_QUOTES, "utf-8"); $cp = htmlentities(preg_replace("/[^a-zA-Z]*/", "", $obs['cp']), ENT_QUOTES, "utf-8"); if (strlen($user) < 6 || strlen($pw) < 6 || strlen($user) > 20 || strlen($pw) > 20) { return -1; } if ($pw != $cp) { return -1; } elseif (checkUsername($user) > 0) { return -1; } else { $cPass = hashPass($pw); if (!storeNewUser($user, $cPass)) { return -1; } else { //account successfully created, so we will automatically log them in if (login(json_encode(array("n" => $user, "p" => $pw)), $_SERVER['REMOTE_ADDR']) == 1) { return 1; } else { return -1; } } } } else { return -1; } }
function registerUser() { //grab posted values and escape since user input //grabbed from form input "names" $num = esc($_POST[number]); $pass = esc($_POST[pass]); $first = esc($_POST[first]); $last = esc($_POST[last]); $address = esc($_POST[address]); $phone = esc($_POST[phone]); $crew = esc($_POST[crew]); $position = esc($_POST[position]); //hash the pass $hash = hashPass($pass); $sql = "INSERT INTO employee (number, first, last, address, phone, crew, position, hash)\n\t\tVALUES ('{$num}', '{$first}', '{$last}', '{$address}',\n\t\t\t'{$phone}', '{$crew}', '{$position}', '{$hash}')"; //just query, if it failed it will output error in that function if (dbQuery($sql)) { echo "Added User Entry!"; redir("../login.html"); } else { //if it failed redirect back to registration //because we pre-check values, can only fail if //employee already in system (or database fails) echo "Employee already exists in system!<br>"; redir("../login.html"); } }
<?php include_once 'header.php'; echo "<div class='header'>Log In</div>"; echo "<h3>Please enter your details to log in.</h3>"; $error = $email = $pass = $forname = $surname = $isActive = $userLevel = ""; if (isset($_POST['email'])) { $email = sanitizeString($_POST['email']); $pass = sanitizeString($_POST['pass']); if ($email == "" || $pass == "") { $error = "Not all fields were entered<br />"; } else { $hashed = hashPass("{$pass}"); $query = "SELECT email,password,forname,surname,isActive,userLevel FROM users where email='{$email}' AND password='******'"; $result = queryMysql($query); if (mysql_num_rows($result) == 0) { $error = "<span class='error'>Email/Password invalid</span><br /><br />"; } else { $_SESSION['email'] = $email; $_SESSION['pass'] = $hashed; $_SESSION['forname'] = mysql_result($result, 0, 'forname'); $_SESSION['surname'] = mysql_result($result, 0, 'surname'); $_SESSION['isActive'] = mysql_result($result, 0, 'isActive'); $_SESSION['userLevel'] = mysql_result($result, 0, 'userLevel'); header('Location: /index.php'); echo "You are now logged in. Please <a href='index.php'>click here</a> to continue<br /><br />"; echo <<<_END <script type="text/javascript" language="JavaScript"> window.location = 'index.php'; </script> _END;
$admin_repeat_pass = $_POST['repeat_admin_pass']; if ($admin_pass != $admin_repeat_pass) { printError('The passwords do not correspond.'); exit - 1; } // Create the tables or die $sql_file = dirname(__FILE__) . '/sql/import.sql'; try { $sql = file_get_contents($sql_file); $bdd->exec($sql); } catch (PDOException $e) { printError($e->getMessage()); exit - 1; } // Generate the hash $hash_pass = hashPass($admin_pass); // Insert the new admin $req = $bdd->prepare('INSERT INTO admin (admin_id, admin_pass) VALUES (?, ?)'); $req->execute(array($admin_username, $hash_pass)); unlink($sql_file); rmdir(dirname(__FILE__) . '/sql'); printSuccess('Well done, OpenVPN-Admin is installed.'); } else { require dirname(__FILE__) . '/include/html/menu.php'; require dirname(__FILE__) . '/include/html/form/installation.php'; } exit - 1; } // --------------- CONFIGURATION --------------- if (!isset($_GET['admin'])) { if (isset($error) && $error == true) {
$pompom_nonsportif_on = !empty($_POST['quota_pompom_nonsportif_on']); $fanfaron_nonsportif_on = !empty($_POST['quota_fanfaron_nonsportif_on']); $cameraman_nonsportif_on = !empty($_POST['quota_cameraman_nonsportif_on']); $logins = $pdo->query('SELECT ' . 'login ' . 'FROM ecoles ' . 'WHERE ' . 'id <> ' . $ecole['id']) or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); $logins = $logins->fetchAll(PDO::FETCH_ASSOC); if (in_array($_POST['login'], $logins)) { $erreur_maj = 'login'; } else { if (!empty($_POST['pass']) && (empty($_POST['pass_repetition']) || $_POST['pass'] != $_POST['pass_repetition'])) { $erreur_maj = 'pass'; } else { if ($filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_total'] || $logement_on && $filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_logement'] || $_POST['quota_sportif'] > $_POST['quota_total'] || $_POST['quota_sportif'] < $ecole['quota_sportif_view'] || $pompom_on && $_POST['quota_pompom'] > $_POST['quota_total'] || $fanfaron_on && $_POST['quota_fanfaron'] > $_POST['quota_total'] || $cameraman_on && $_POST['quota_cameraman'] > $_POST['quota_total'] || $pompom_on && $_POST['quota_pompom'] < $ecole['quota_pompom_view'] || $fanfaron_on && $_POST['quota_fanfaron'] < $ecole['quota_fanfaron_view'] || $cameraman_on && $_POST['quota_cameraman'] < $ecole['quota_cameraman_view'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] || $pompom_nonsportif_on && $pompom_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_pompom'] || $fanfaron_nonsportif_on && $fanfaron_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_fanfaron'] || $cameraman_nonsportif_on && $cameraman_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_cameraman'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $garcons_on && $_POST['quota_garcons_loges'] < $ecole['quota_garcons_loges_view'] || $filles_on && $_POST['quota_filles_logees'] < $ecole['quota_filles_logees_view'] || $_POST['quota_total'] < $ecole['quota_inscriptions']) { $erreur_maj = 'quotas'; } else { $erreur_maj = false; $pdo->exec('UPDATE ecoles SET ' . 'nom = "' . secure($_POST['nom']) . '", ' . 'ecole_lyonnaise = ' . secure($_POST['ecole_lyonnaise']) . ', ' . 'adresse = "' . secure($_POST['adresse']) . '", ' . 'code_postal = "' . secure($_POST['code_postal']) . '", ' . 'ville = "' . secure($_POST['ville']) . '", ' . 'email_ecole = "' . secure($_POST['email_ecole']) . '", ' . 'telephone_ecole = "' . secure($_POST['telephone_ecole']) . '", ' . 'login = "******", ' . (!empty($_POST['pass']) ? 'pass = "******", ' : null) . 'quota_total = ' . (int) $_POST['quota_total'] . ', ' . 'quota_filles_on = ' . ($filles_on ? '1' : '0') . ', ' . 'quota_garcons_on = ' . ($garcons_on ? '1' : '0') . ', ' . 'quota_filles_logees = ' . (int) $_POST['quota_filles_logees'] . ', ' . 'quota_garcons_loges = ' . (int) $_POST['quota_garcons_loges'] . ', ' . 'quota_logement_on = ' . ($logement_on ? '1' : '0') . ', ' . 'quota_logement = ' . (int) $_POST['quota_logement'] . ', ' . 'quota_sportif = ' . (int) $_POST['quota_sportif'] . ', ' . 'quota_pompom_on = ' . ($pompom_on ? '1' : '0') . ', ' . 'quota_cameraman_on = ' . ($cameraman_on ? '1' : '0') . ', ' . 'quota_fanfaron_on = ' . ($fanfaron_on ? '1' : '0') . ', ' . 'quota_pompom_nonsportif_on = ' . ($pompom_nonsportif_on ? '1' : '0') . ', ' . 'quota_cameraman_nonsportif_on = ' . ($cameraman_nonsportif_on ? '1' : '0') . ', ' . 'quota_fanfaron_nonsportif_on = ' . ($fanfaron_nonsportif_on ? '1' : '0') . ', ' . 'quota_pompom = ' . (int) $_POST['quota_pompom'] . ', ' . 'quota_cameraman = ' . (int) $_POST['quota_cameraman'] . ', ' . 'quota_fanfaron = ' . (int) $_POST['quota_fanfaron'] . ', ' . 'quota_pompom_nonsportif = ' . (int) $_POST['quota_pompom_nonsportif'] . ', ' . 'quota_cameraman_nonsportif = ' . (int) $_POST['quota_cameraman_nonsportif'] . ', ' . 'quota_fanfaron_nonsportif = ' . (int) $_POST['quota_fanfaron_nonsportif'] . ', ' . 'nom_respo = "' . secure($_POST['nom_respo']) . '", ' . 'prenom_respo = "' . secure($_POST['prenom_respo']) . '", ' . 'email_respo = "' . secure($_POST['email_respo']) . '", ' . 'telephone_respo = "' . secure($_POST['telephone_respo']) . '", ' . 'nom_corespo = "' . secure($_POST['nom_corespo']) . '", ' . 'prenom_corespo = "' . secure($_POST['prenom_corespo']) . '", ' . 'email_corespo = "' . secure($_POST['email_corespo']) . '", ' . 'telephone_corespo = "' . secure($_POST['telephone_corespo']) . '", ' . 'malus = ' . abs((double) $_POST['malus']) . ' ' . 'WHERE ' . 'id = ' . $ecole['id']); } } } $_POST['id'] = $ecole['id']; $_POST['quota_logement_on'] = $logement_on; $_POST['quota_filles_on'] = $filles_on; $_POST['quota_garcons_on'] = $garcons_on; $_POST['quota_pompom_on'] = $pompom_on; $_POST['quota_fanfaron_on'] = $fanfaron_on; $_POST['quota_cameraman_on'] = $cameraman_on; $_POST['quota_pompom_nonsportif_on'] = $pompom_nonsportif_on; $_POST['quota_fanfaron_nonsportif_on'] = $fanfaron_nonsportif_on; $_POST['quota_cameraman_nonsportif_on'] = $cameraman_nonsportif_on; foreach ($_POST as $label => $value) { if (!array_key_exists('login', $ecole)) {
die(header('location:' . url('admin/accueil', false, false))); } require DIR . 'includes/_ecl/CAS.php'; phpCAS::client(CAS_VERSION_2_0, CONFIG_CAS_HOST, CONFIG_CAS_PORT, CONFIG_CAS_CONTEXT); phpCAS::setNoCasServerValidation(); if (!phpCAS::checkAuthentication()) { phpCAS::forceAuthentication(); } else { $cas = phpCAS::getUser(); } if (!empty($_POST['login_admin']) && !empty($_POST['login']) && !empty($_POST['pass']) || !empty($cas)) { if (empty($_SESSION['tentatives']) || time() - $_SESSION['tentatives']['start'] > APP_WAIT_AUTH) { $_SESSION['tentatives'] = ['start' => time(), 'count' => 0]; } if (empty($cas)) { $hash = hashPass($_POST['pass']); $user = $pdo->query('SELECT ' . 'id ' . 'FROM admins WHERE ' . 'auth_type = "db" AND ' . 'login = "******" AND ' . 'pass = "******"') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); } else { $user = $pdo->query('SELECT ' . 'id ' . 'FROM admins WHERE ' . 'auth_type = "cas" AND ' . 'login = "******"') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); } $user = $user->fetch(PDO::FETCH_ASSOC); if (!empty($user) && $_SESSION['tentatives']['count'] < APP_MAX_TRY_AUTH) { $_SESSION['admin'] = ['start' => time(), 'last' => time(), 'auth_type' => empty($cas) ? 'db' : 'cas', 'login' => empty($cas) ? secure($_POST['login']) : secure($cas), 'user' => $user['id']]; die(header('location:' . url('admin/accueil', false, false))); } else { if (empty($cas)) { $error = true; $_SESSION['tentatives']['count']++; } } }
function newPass($pass, $verify) { global $lang; global $db; $id = 0; $sql = "SELECT `id` FROM `teams` WHERE `id`=? AND `verification`=?"; $stmt = $db->prepare($sql); $stmt->bind_param("is", $this->id, $verify); $stmt->bind_result($id); $stmt->execute(); $stmt->store_result(); $stmt->fetch(); if ($stmt->num_rows != 1 || $id !== $this->id) { throw new Exception($lang['team'][11]); } $stmt->close(); if (strlen($pass) < 1) { throw new Exception($lang['register'][3]); } $salt = generateSalt(); $hash = hashPass($salt, $pass); $salt = base64_encode($salt); $sql = "UPDATE `teams` SET `pass`=?, `salt`=? WHERE `id`=?"; $stmt = $db->prepare($sql); $stmt->bind_param("ssi", $hash, $salt, $this->id); $stmt->execute(); $stmt->close(); return true; }
<?php require_once 'dbaccess.php'; require_once 'functions.php'; if ($_SERVER['REQUEST_METHOD'] = 'post') { if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['usermail'])) { $db = getDB(); $user = $_POST['username']; $email = $_POST['usermail']; $pass = $_POST['password']; $sql = "SELECT id FROM user_l0l WHERE username=? or email=?"; $stmt = $db->prepare($sql); $stmt->bind_param('ss', $user, $email); $stmt->execute(); $stmt->bind_result($id); if ($stmt->fetch()) { $stmt->close(); echo "Username or Email already in use"; } else { $hash = hashPass($pass); $sql = "INSERT INTO user_l0l (username, password, email) VALUES(?,?,?)"; $stmt = $db->prepare($sql); $stmt->bind_param('sss', $user, $hash, $email); if (!$stmt->execute()) { echo "Execute failed: (" . $db->errno . ") " . $db->error; } $stmt->close(); header("Location:thanks.html"); } } }
} } // Build the request array_push($set_value, $_POST['set_user']); $req_string = 'UPDATE user SET ' . implode(',', $set_field) . ' WHERE user_id = ?'; $req = $bdd->prepare($req_string); $req->execute($set_value); } else { if (isset($_POST['del_user_id'])) { $req = $bdd->prepare('DELETE FROM user WHERE user_id = ?'); $req->execute(array($_POST['del_user_id'])); } else { if (isset($_POST['add_admin'])) { $req = $bdd->prepare('INSERT INTO admin(admin_id, admin_pass) VALUES (?, ?)'); $req->execute(array($_POST['admin_id'], "")); } else { if (isset($_POST['set_admin'])) { $mdp = $_POST['admin_pass'] ? hashPass($_POST['admin_pass']) : ""; $req = $bdd->prepare('UPDATE admin SET admin_id = ?, admin_pass = ? WHERE admin_id = ?'); $req->execute(array($_POST['admin_id'], $mdp, $_POST['set_admin'])); } else { if (isset($_POST['del_admin_id'])) { $req = $bdd->prepare('DELETE FROM admin WHERE admin_id = ?'); $req->execute(array($_POST['del_admin_id'])); } } } } } } }
if (empty($count['cid'])) { $pdo->exec($s = 'INSERT INTO admins SET ' . 'auth_type = "db", ' . 'nom = "' . secure($_POST['nom'][0]) . '", ' . 'prenom = "' . secure($_POST['prenom'][0]) . '", ' . 'email = "' . secure($_POST['email'][0]) . '", ' . 'telephone = "' . secure($_POST['telephone'][0]) . '", ' . 'login = "******", ' . 'poste = "' . secure($_POST['poste'][0]) . '", ' . 'contact = ' . ($contact ? '1' : '0') . ', ' . 'pass = "******"'); } $add = empty($count['cid']); } //On récupère l'indice du champ concerné if ((!empty($_POST['delete']) || !empty($_POST['edit'])) && isset($_POST['id']) && is_array($_POST['id'])) { $i = array_search(empty($_POST['delete']) ? $_POST['edit'] : $_POST['delete'], $_POST['id']); } //On edite un admin if (!empty($i) && empty($_POST['delete']) && !empty($_POST['nom'][$i]) && !empty($_POST['prenom'][$i]) && !empty($_POST['login'][$i]) && isset($_POST['login'][$i]) && !empty($_POST['email'][$i]) && !empty($_POST['telephone'][$i]) && isset($_POST['pass'][$i]) && !empty($_POST['id'][$i]) && intval($_POST['id'][$i])) { if (!isset($_POST['contact'])) { $_POST['contact'] = array(); } $contact = in_array($_POST['id'][$i], $_POST['contact']); $count = $pdo->query('SELECT ' . 'COUNT(id) AS cid ' . 'FROM admins ' . 'WHERE ' . 'auth_type = "db" AND ' . 'login = "******" AND ' . 'id <> ' . (int) $_POST['id'][$i]) or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); $count = $count->fetch(PDO::FETCH_ASSOC); if (empty($count['cid'])) { $pdo->exec('UPDATE admins SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '", ' . 'prenom = "' . secure($_POST['prenom'][$i]) . '", ' . 'email = "' . secure($_POST['email'][$i]) . '", ' . 'telephone = "' . secure($_POST['telephone'][$i]) . '", ' . 'login = "******", ' . 'poste = "' . secure($_POST['poste'][$i]) . '", ' . (!empty($_POST['pass'][$i]) ? 'pass = "******", ' : '') . 'contact = ' . ($contact ? '1' : '0') . ' ' . 'WHERE ' . 'auth_type = "db" AND ' . 'id = ' . (int) $_POST['id'][$i]); } $modify = empty($count['cid']); } else { if (!empty($i) && !empty($_POST['delete']) && !empty($_POST['id'][$i]) && intval($_POST['id'][$i])) { $pdo->exec('DELETE FROM admins ' . 'WHERE id = ' . (int) $_POST['id'][$i]); $delete = true; } } $admins = $pdo->query('SELECT ' . 'id, ' . 'nom, ' . 'prenom, ' . 'email, ' . 'telephone, ' . 'login, ' . 'contact, ' . 'poste ' . 'FROM admins ' . 'WHERE ' . 'auth_type = "db" ' . 'ORDER BY ' . 'nom ASC, ' . 'prenom ASC, ' . 'login ASC') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); $admins = $admins->fetchAll(PDO::FETCH_ASSOC); //Inclusion du bon fichier de template require DIR . 'templates/admin/droits/admins.php';
<?php # Include files required for the site to work properly. require_once "config.php"; require_once "functions.php"; # Set a flag to keep track of whether registration was successful, this # allows for the display of an appopriate message later. $registerSuccess = true; # Retreive the user input and clean it for database insertion $username = cleanInputs($_POST['username'], $connection); $playerName = cleanInputs($_POST['name'], $connection); $phone = cleanInputs($_POST['phone'], $connection); $email = cleanInputs($_POST['email'], $connection); $password = cleanInputs($_POST['password'], $connection); # Hash the password for storage in the database. $hashedPassword = hashPass($username, $password); # Determine whether there are accounts that use the same username or # email address. $sameUsername = mysqli_num_rows(mysqli_query($connection, "SELECT * FROM player WHERE username = '******'")) != 0; $sameEmail = mysqli_num_rows(mysqli_query($connection, "SELECT * FROM player WHERE email = '{$email}'")) != 0; # If no accounts were found using the same username or eamil address, # continue with the registration process. if (!$sameUsername && !$sameEmail) { # Determine what the new account's initial rank should be. This equals # the lowest rank in the ladder plus 1. $getRanks = mysqli_query($connection, "SELECT MAX(rank) FROM player"); $maxRank = mysqli_fetch_array($getRanks); $maxRank = $maxRank[0]; $newRank = $maxRank + 1; # Insert the new user into the database, using the boolean return result # from the query to determine whether registration of the account was
header("Location: https://profiles.ac3-servers.eu/api/"); return; } if (isset($_POST['login']) && strtoupper($_POST['login']) == strtoupper("go")) { //Login button pressed. if (!isset($_POST['user']) || !isset($_POST['password'])) { $error = "You're missing a field?"; } if (empty($_POST['user']) || empty($_POST['password'])) { $error = "You're missing a field?"; } //User and pass to var. $user = $_POST['user']; $pass = $_POST['password']; //Hash password and start session if valid. $hashedPass = hashPass($user, $pass); if (!($userArr = validUser($user, $hashedPass, true))) { $error = "Your password was incorrect!"; } else { if (!is_array($userArr)) { $error = $userArr; } else { $_SESSION['user'] = $userArr['user']; $_SESSION['pass'] = $userArr['hashedPass']; $_SESSION['UUID'] = $userArr['UUID']; $_SESSION['key'] = $userArr['key']; $_SESSION['permissions'] = $userArr['perm']; $_SESSION['email'] = $userArr['email']; header("Location: https://profiles.ac3-servers.eu/api/"); return; }
function addUser($email, $password, $forname, $surname, $hash) { $hashed = hashPass("{$password}"); queryMysql("INSERT INTO users VALUES('{$email}', '{$hashed}', '{$forname}', '{$surname}', '{$hash}', 0)"); }
function validUser($user, $pass, $hashed = false) { @(include_once "phpfastcache/phpfastcache.php"); @(include_once realpath("../phpfastcache/phpfastcache.php")); $cache = phpFastCache(); //Hash the password if not hashed. if (!$hashed) { $hashedPass = hashPass($user, $pass); } else { $hashedPass = $pass; } $userData = $cache->get("user_data_" . $user); if ($userData == null) { // Default database connect // $msconf = getDatabaseCredentials(); $dbcon = mysqli_connect($msconf['host'], $msconf['user'], $msconf['pass'], $msconf['db']); if (mysqli_connect_errno($dbcon)) { echo "Failed to connect to MySQL: " . mysqli_connect_errno($dbcon) . " : " . mysqli_connect_error(); die; } $dbcon->query('CREATE TABLE IF NOT EXISTS `Users` (`Username` varchar(16) NOT NULL, `Name` varchar(60) NOT NULL, `PassHash` varchar(256) NOT NULL, `APIKey` varchar(256) NULL, `Permission` varchar(2) NOT NULL DEFAULT \'NN\', UNIQUE KEY `Username` (`Username`)) ENGINE=InnoDB DEFAULT CHARSET=latin1;'); $dbcon->query('CREATE TABLE IF NOT EXISTS `Blog` (`PUID` varchar(200) NOT NULL,`Post` varchar(10000) NOT NULL,`Date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `Author` varchar(16) NOT NULL, `Title` varchar(60) NOT NULL, UNIQUE KEY `PUID` (`PUID`)) ENGINE=InnoDB DEFAULT CHARSET=latin1;'); $dbcon->query('INSERT INTO `Users` (`Username`, `Name`, `PassHash`, `Permission`) VALUES (\'ace\', \'Cory Redmond\', \'2y11$WULjGCfjZEvtGEXfZkL3G.uzF3fRlJPGVsR.jCGguRhKIuph28572\', \'YY\');'); // Default database connect // //Prepare the statment. $preparedStm = $dbcon->prepare("SELECT * FROM `Users` WHERE `Username` = ? AND `PassHash` = ?;"); $preparedStm->bind_param("ss", $user, $hashedPass); //Run the command and get the results. $preparedStm->execute(); $preparedStm->bind_result($f_user, $f_UUID, $f_email, $f_pass, $f_key, $f_permissions, $f_verif); $preparedStm->fetch(); //var_dump($preparedStm); echo "<!-- {$f_verif} -->"; if ($f_verif == null) { return "That account doesn't exist."; } if ($f_verif != "Y") { return "You are not verified. Please check your email inbox!"; } //Return true of false. if (!empty($f_user) && !empty($f_pass) && $f_user == $user && $f_pass == $hashedPass) { $userData = array("user" => $f_user, "perm" => $f_permissions, "hashedPass" => $f_pass, "key" => $f_key, "UUID" => $f_UUID, "email" => $f_email); $cache->set("user_data_" . $f_user, $userData, 600); } else { return false; } } else { echo "<!-- Userdata cached! -->"; } if ($user == $userData['user'] && $hashedPass == $userData['hashedPass']) { return $userData; } return false; }