function signup($post, $connect) { if (!empty($post['signup_user']) && !empty($post['signup_mail']) && !empty($post['signup_pass1']) && !empty($post['signup_pass2'])) { if (preg_match('/@.+\\./', $post['signup_mail'])) { $sql = "SELECT id, user, mail FROM users WHERE user='******'signup_user']) . "'"; $result = $connect->query($sql); if ($result->rowCount() > 0) { $res['end'] = false; $res['info'] = "Le nom d'utilisateur est déjà pris."; return json_encode($res); } else { $sql = "SELECT id, user, mail FROM users WHERE mail='" . htmlspecialchars($post['signup_mail']) . "'"; $result = $connect->query($sql); if ($result->rowCount() > 0) { $res['end'] = false; $res['info'] = "L'adresse mail est déjà prise."; return json_encode($res); } else { if (strlen($post['signup_pass1']) >= 6) { if ($post['signup_pass1'] === $post['signup_pass2']) { $sql = $connect->prepare('INSERT INTO users (user, password, mail) VALUES (:user, :password, :mail)'); $sql->execute(array('user' => htmlspecialchars($post['signup_user']), 'password' => pass_hash($post['signup_user'], $post['signup_pass1']), 'mail' => htmlspecialchars($post['signup_mail']))); $to = $post['signup_mail']; $subject = 'Vérification InstaPics'; $message = "Bonjour " . $post['signup_user'] . ",\nPour vérifier votre compte, il vous suffit de cliquer sur le lien ci dessous.\nhttp://localhost:8080/Camagru/verif.php?v=" . $post['signup_user'] . "&l=" . sha1($post['signup_user'] . "quarante"); $headers = 'From: verif@instapics.fr'; mail($to, $subject, $message, $headers); $res['end'] = true; $res['info'] = "Un mail de vérification a été envoyé."; return json_encode($res); } else { $res['end'] = false; $res['info'] = "Les mots de passe ne correspondent pas."; return json_encode($res); } } else { $res['end'] = false; $res['info'] = "Le mot de passe doit faire au moins 6 caractères."; return json_encode($res); } } } } else { $res['end'] = false; $res['info'] = "L'adresse mail doit être sous la forme test@test.test"; return json_encode($res); } } else { $res['end'] = false; $res['info'] = "Veuillez remplir tous les champs."; return json_encode($res); } $res['end'] = false; $res['info'] = "Erreur."; return json_encode($res); }
function signin($post, $connect) { if (!empty($post['signin_user']) && !empty($post['signin_pass'])) { $sql = "SELECT * FROM users WHERE user='******'signin_user']) . "'"; $result = $connect->query($sql); if ($result->rowCount() > 0) { $user = $result->fetch(); if ($user['user'] === $post['signin_user'] && $user['password'] === pass_hash($post['signin_user'], $post['signin_pass'])) { if ($user['valid'] == 1) { $sql = "SELECT COUNT(*) AS 'count' FROM likes WHERE pic_user='******'user'] . "'"; $result = $connect->query($sql); $fetch = $result->fetch(); $_SESSION['id'] = $user['id']; $_SESSION['user'] = $user['user']; $_SESSION['mail'] = $user['mail']; $_SESSION['hearts'] = $fetch['count']; $_SESSION['create_at'] = $user['create_at']; $res['end'] = true; $res['user'] = $user['user']; $res['mail'] = $user['mail']; $res['hearts'] = $fetch['count']; $res['create_at'] = $user['create_at']; $res['info'] = "Vous êtes connecté ! ;)"; return json_encode($res); } else { $res['end'] = false; $res['info'] = "Vous devez d'abord vérifier votre compte."; return json_encode($res); } } else { $res['end'] = false; $res['info'] = "Les informations entrées sont incorrectes."; return json_encode($res); } } else { $res['end'] = false; $res['info'] = "Les informations entrées sont incorrectes."; return json_encode($res); } } else { $res['end'] = false; $res['info'] = "Veuillez remplir tous les champs."; return json_encode($res); } $res['end'] = false; $res['info'] = "Erreur."; return json_encode($res); }
function login($user, $pass) { $hasshed = pass_hash($user, $pass); $conf = new connectionconf(); $this->conn = $conf->connect(); $sql = "select * from users where username='******' and pass='******'"; //echo $sql; $result = mysqli_query($this->conn, $sql); if (mysqli_num_rows($result) > 0) { $id = "0"; while ($row = mysqli_fetch_assoc($result)) { $id = $row["id"]; } return $id; } else { return 0; } // mysqli_close($this->conn); }
function signin($post, $connect) { if (!empty($post['password']) && !empty($post['password'])) { $sql = "SELECT uuid, mail, password, create_at, rank, accesstoken FROM users WHERE mail='" . htmlspecialchars($post['mail']) . "'"; $result = mysqli_query($connect, $sql); if (mysqli_num_rows($result) > 0) { $user = mysqli_fetch_assoc($result); if ($user['mail'] === $post['mail'] && $user['password'] === pass_hash($post['mail'], $post['password'])) { $_SESSION['uuid'] = $user['uuid']; $_SESSION['mail'] = $user['mail']; $_SESSION['rank'] = $user['rank']; $_SESSION['create_at'] = $user['create_at']; $_SESSION['accesstoken'] = $user['accesstoken']; return true; } else { $_SESSION['error'] = "Informations incorrectes."; } } } return false; }
echo 1; } else { echo 0; } } else { if (isset($_POST['username'])) { $client = S3Client::factory(array('credentials' => array('key' => 'KEY', 'secret' => 'KEY'))); function createNewBucket($bucket, $client) { $result = $client->createBucket(array('Bucket' => 'klaud-' . $bucket, 'LocationConstraint' => 'us-west-2')); return $result; } $key = $_POST['hash']; $email = $_POST['email']; $username = $_POST['username']; $password = pass_hash("ripemd160", $_POST['password'], "SALT", "PEPPER"); $insert_query = "INSERT INTO `users` (`auto`, `user`, `pass`, `email`) VALUES ('', '{$username}', '{$password}', '{$email}')"; $update_query = "UPDATE `accesskeys` SET `user`='{$username}' WHERE `accesskey`='{$key}'"; $select_query = $db->query("SELECT `user` FROM `users` WHERE `user`='{$username}'"); if ($select_query->num_rows == 0) { if ($db->query($insert_query) == TRUE) { if ($db->query($update_query) == TRUE) { $result = createNewBucket($username, $client); if ($result['Location'] == "http://klaud-" . $username . ".s3.amazonaws.com/") { $result = $client->putBucketCors(array('Bucket' => 'klaud-' . $username, 'CORSRules' => array(array('AllowedHeaders' => array('*'), 'AllowedMethods' => array('HEAD', 'GET', 'PUT', 'POST', 'DELETE'), 'AllowedOrigins' => array('SERVER_URL'), 'ExposeHeaders' => array('ETag'))))); echo 1; } else { echo 3; } } else { echo 0;
if ($_GET['action'] === "add") { if (empty($_POST['mail']) || empty($_POST['password'])) { ?> <form action="users.php?action=add" method="POST"> <label for="mail">Email :</label><br /> <input type="email" name="mail" /><br /> <label for="password">Mot de passe :</label><br /> <input type="password" name="password" /><br /> <label for="rank">Rang :</label><br /> <input type="text" name="rank" /><br /> <hr /> <input type="submit" name="submit" value="Créer" /> </form> <?php } else { $sql = "INSERT INTO users (uuid, mail, password, rank, create_at, accesstoken)\n\t\t\tVALUES ('" . uuid() . "', '" . htmlspecialchars($_POST['mail']) . "', '" . pass_hash($_POST['mail'], $_POST['password']) . "', " . htmlspecialchars($_POST['rank']) . ", NOW(), NULL)"; if (mysqli_query($connect, $sql)) { echo "L'utilisateur a été ajouté"; } else { echo "Erreur: " . $sql . "<br />" . mysqli_error($connect); } } } elseif ($_GET['action'] === "del" && $_GET['uuid']) { $sql = "DELETE FROM users WHERE uuid=" . $_GET['uuid']; if (mysqli_query($connect, $sql)) { echo "L'utilisateur a été suprimmé"; } else { echo "Erreur: " . mysqli_error($connect); } } elseif ($_GET['action'] === "modif" && $_GET['uuid']) { if ($_POST['submit'] === "Modifier" && !empty($_POST['password'])) {
$sql = "DELETE FROM codes WHERE mail='" . htmlspecialchars($_GET['m']) . "'"; $result = $connect->query($sql); echo "La demande de réinitialisation a été annulée."; } else { $sql = "SELECT mail, code FROM codes WHERE mail='" . htmlspecialchars($_GET['m']) . "' AND code='" . htmlspecialchars($_GET['c']) . "'"; $result = $connect->query($sql); if ($result->rowCount() > 0) { if (isset($_POST['password1']) && isset($_POST['password2']) && !empty($_POST['password1']) && !empty($_POST['password2']) && $_POST['submit'] === "Valider") { if (strlen($_POST['password1']) >= 6) { if ($_POST['password1'] === $_POST['password2']) { $sql = "SELECT user, mail FROM users WHERE mail='" . htmlspecialchars($_GET['m']) . "'"; $result = $connect->query($sql); if ($result->rowCount() > 0) { $user = $result->fetch(); $sql = $connect->prepare('UPDATE users SET password = :password WHERE mail = :mail'); $sql->execute(array('password' => pass_hash($user['user'], $_POST['password1']), 'mail' => $_GET['m'])); $sql = "DELETE FROM codes WHERE mail='" . htmlspecialchars($_GET['m']) . "'"; $result = $connect->query($sql); echo "Votre mot de passe a été réinitialisé."; } } else { ?> Les mots de passe ne correspondent pas.<br /> Veuillez entrer votre nouveau mot de passe : <form action="reset.php?m=<?php echo htmlspecialchars($_GET['m']); ?> &c=<?php echo htmlspecialchars($_GET['c']); ?> " method="post">
die("Connection failed: " . mysqli_connect_error()); } // CREATE $sql = "CREATE DATABASE " . $dbname; if (mysqli_query($connect, $sql)) { echo "Database created successfully<br />"; mysqli_close($connect); $connect = mysqli_connect($server, $user, $pass, $dbname); if (!$connect) { die("Connection failed: " . mysqli_connect_error()); } // USER $sql = "CREATE TABLE users (\n\t\t\t\t\tuuid VARCHAR(255) NOT NULL,\n\t\t\t\t\tmail VARCHAR(255) NOT NULL,\n\t\t\t\t\tpassword VARCHAR(128) NOT NULL,\n\t\t\t\t\trank INT(1),\n\t\t\t\t\tcreate_at TIMESTAMP,\n\t\t\t\t\taccesstoken VARCHAR(255)\n\t\t\t\t)"; if (mysqli_query($connect, $sql)) { echo "Users table created successfully<br />"; $sql = "INSERT INTO users (uuid, mail, password, rank, create_at)\n\t\t\t\t\tVALUES ('" . uuid() . "', '" . $_POST['mail'] . "', '" . pass_hash($_POST['mail'], $_POST['password1']) . "', 1, NOW())"; if (mysqli_query($connect, $sql)) { echo "New record created successfully<br />"; } else { echo "Error: " . $sql . "<br />" . mysqli_error($connect); } } else { echo "Error creating table: " . mysqli_error($connect); } // ARTICLE $sql = "CREATE TABLE articles (\n\t\t\t\t\tuuid VARCHAR(255) NOT NULL,\n\t\t\t\t\tname VARCHAR(255) NOT NULL,\n\t\t\t\t\tdescription TEXT,\n\t\t\t\t\timg VARCHAR(255),\n\t\t\t\t\tprice FLOAT(4),\n\t\t\t\t\tstock INT(11),\n\t\t\t\t\tstar INT(1)\n\t\t\t\t)"; if (mysqli_query($connect, $sql)) { echo "Article table created successfully<br />"; } else { echo "Error creating table: " . mysqli_error($connect); }
function hashEmail($email) { return pass_hash("ripemd160", $email, "SALT", "PEPPER"); }