/** * Creates a very secure hash. Uses blowfish by default with a fallback on SHA512. */ function create_hash($string, &$salt = '', $stretch_cost = 10) { $salt = pseudo_rand(128); $salt = substr(str_replace('+', '.', base64_encode($salt)), 0, 22); if (function_exists('hash') && in_array($hash_method, hash_algos())) { return crypt($string, '$2a$' . $stretch_cost . '$' . $salt); } return _create_hash($string, $salt); }
$fehlermeldung = '<h3>Die Anmeldung war fehlerhaft!</h3>'; } } if (isset($_POST['register']) & !empty($_POST['rbenutzer']) & !empty($_POST['rpasswort']) & !empty($_POST['rkey'])) { $db = $conid; $eingabe = cleanInputRegister(); $sql = "SELECT `Name` FROM `User` WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($db, $eingabe['checkname']) . "' LIMIT 1"; $result = mysqli_query($db, $sql); if (mysqli_num_rows($result) == 0) { $sql = "SELECT ID, OTP_Used, Groups_ID FROM OTP WHERE OTP_Key = '" . mysqli_real_escape_string($db, $eingabe['key']) . "' LIMIT 1"; $result = mysqli_query($db, $sql) or die('Verbindungsfehler!'); $zeile = mysqli_fetch_array($result); if (mysqli_num_rows($result) > 0 & $zeile['OTP_Used'] == 0) { $sql = "UPDATE `OTP` SET `OTP_Used` = 1 WHERE OTP_Key = '" . mysqli_real_escape_string($db, $eingabe['key']) . "' LIMIT 1"; mysqli_query($db, $sql) or die('Verbindungsfehler!'); $pseudo = pseudo_rand(128); $hash = create_hash($eingabe['passwort'], $pseudo); $sql = "INSERT INTO `User`(`Name`, `Password`, `Salt`, `Created`, `OTP_ID`) \n VALUES ('" . mysqli_real_escape_string($db, $eingabe['benutzername']) . "', '" . $hash . "', '" . $pseudo . "', NOW(), " . $zeile['ID'] . ")"; mysqli_query($db, $sql) or die('Verbindungsfehler!'); $sql = "SELECT MAX(`ID`) AS User_ID FROM User"; $result = mysqli_query($db, $sql) or die('Verbindungsfehler!'); $maxuser = mysqli_fetch_array($result); $sql = "INSERT INTO `User_has_Groups` (`User_ID`, `Groups_ID`) VALUES ('" . $maxuser['User_ID'] . "', '" . $zeile['Groups_ID'] . "');"; mysqli_query($db, $sql) or die('Verbindungsfehler!'); $fehlermeldung = '<h3>Registration Complete</h3>'; } else { $fehlermeldung = '<h3>Trying to use a wrong key ? *eyes of pity*</h3>'; } } else { $fehlermeldung = '<h3>One of the fieds is wrong... But I won\'t say which.</h3>'; }