// Not the same D: $error = 'You entered two different passwords. Try again.'; } } if ($error == '') { $query = $__database->query("SELECT password, salt FROM accounts WHERE id = " . $_loginaccount->GetId()); if ($query->num_rows == 1) { $row = $query->fetch_assoc(); $encrypted = GetPasswordHash($_POST['passwordOld'], $row['salt']); if ($encrypted === $row['password']) { // New hash! $salt = ''; for ($i = 0; $i < 8; $i++) { $salt .= chr(0x30 + rand(0, 20)); } $encrypted = GetPasswordHash($_POST['passwordNew2'], $salt); $__database->query("UPDATE accounts SET password = '******', salt = '" . $salt . "' WHERE id = " . $_loginaccount->GetId()); ?> <p class="lead alert-info alert">Your password has been successfully changed!</p> <?php } } else { $error = 'Something went wrong!'; } } if ($error != '') { ?> <p class="lead alert-warn alert"><?php echo $error; ?> </p>
<?php require_once __DIR__ . '/../inc/functions.php'; $success = null; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['confirm'])) { $query = $__database->query("SELECT password, salt FROM accounts WHERE id = " . $_loginaccount->GetId()); if ($query->num_rows == 1) { $row = $query->fetch_assoc(); $encrypted = GetPasswordHash($_POST['confirm'], $row['salt']); if ($encrypted === $row['password']) { $success = 2; } else { $success = 1; } } if ($success == 2) { $wastheirid = $_loginaccount->GetId(); $username = $_loginaccount->GetUsername(); $ip = $_loginaccount->GetLastIP(); $statement = $__database->prepare('INSERT INTO account_deletion_log (id, username, ip, at) VALUES (?,?,?,NOW())'); $statement->bind_param('sss', $wastheirid, $username, $ip); $statement->execute(); $finish = $__database->query("DELETE FROM accounts WHERE id = " . $_loginaccount->GetId()); $finish->free(); unset($_SESSION['username']); session_destroy(); SetMaplerCookie('login_session', '', -100); require_once __DIR__ . '/../inc/header.php'; if ($statement->affected_rows == 1) { ?>
require_once __DIR__ . '/inc/footer.php'; die; // Prevent error after login } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!isset($_POST['username'], $_POST['password'])) { // $error = "Opps! Your username or password was not included."; $error = "Opps! Your e-mail or password was not included."; } else { $username = $__database->real_escape_string($_POST['username']); $password = $_POST['password']; // $query = $__database->query("SELECT * FROM accounts WHERE username = '******'"); $query = $__database->query("SELECT * FROM accounts WHERE email = '" . $username . "'"); if ($query->num_rows == 1) { $row = $query->fetch_assoc(); $encrypted = GetPasswordHash($password, $row['salt']); if ($encrypted === $row['password']) { $_SESSION['username'] = $row['username']; $_loginaccount = new Account($row); $_loggedin = true; $__database->query("UPDATE accounts SET last_login = NOW(), last_ip = '" . $_SERVER['REMOTE_ADDR'] . "' WHERE id = " . $_loginaccount->GetID()); /* $code = md5(time().' -- -- -- -- - '.$_loginaccount->GetID().' - '.$_loginaccount->GetUsername()); $__database->query(" INSERT INTO account_tokens VALUES (".$_loginaccount->GetID().", 'login_token', '".$code."', DATE_ADD(NOW(), INTERVAL 10 YEAR)) ON DUPLICATE KEY UPDATE `code` = VALUES(`code`), `till` = VALUES(`till`)
RetrieveInputPOST('email', 'password'); $addr = $__database->real_escape_string($_SERVER['REMOTE_ADDR']); $q = $__database->query("SELECT COUNT(*) FROM login_requests WHERE ip = '" . $addr . "' AND DATE_ADD(NOW(), INTERVAL 1 DAY) > NOW()"); $row = $q->fetch_row(); $amount = $row[0]; $q->free(); if ($amount > 10) { die('ERROR:Too many failed requests. Try again in a day'); } $q = $__database->query("SELECT id, password, salt FROM accounts WHERE email = '" . $__database->real_escape_string($P['email']) . "'"); if ($q->num_rows == 0) { $__database->query("INSERT INTO login_requests VALUES (NULL, '" . $addr . "', NOW(), 'login')"); die('ERROR:Invalid username or password'); } $row = $q->fetch_row(); $encrypted = GetPasswordHash($P['password'], $row[2]); if ($encrypted != $row[1]) { $__database->query("INSERT INTO login_requests VALUES (NULL, '" . $addr . "', NOW(), 'login')"); die('ERROR:Invalid username or password'); } // Success! Now, lets get the cookie $query = $__database->query("\nSELECT \n\tat.`code`\nFROM \n\taccount_tokens at\nWHERE\n\tat.account_id = " . $row[0] . "\n\tAND\n\tat.type = 'client_token'\n\tAND \n\tat.till > NOW()\n"); $code = ''; if ($query->num_rows == 0) { // Create new $code = md5(time() . ' --- ' . $row[0] . ' - ' . $P['email']); $__database->query("\nINSERT INTO \n\taccount_tokens \nVALUES \n\t(" . $row[0] . ", 'client_token', '" . $code . "', DATE_ADD(NOW(), INTERVAL 1 YEAR))\nON DUPLICATE KEY UPDATE\n\t`code` = VALUES(`code`),\n\t`till` = VALUES(`till`)\n"); } else { // Use old one $row = $query->fetch_row(); $code = $row[0];
// if ($result->num_rows == 1) { // $__database->query('UPDATE beta_invite_keys SET assigned_to = ''.$username.'' WHERE invite_key = ''.$key.'''); // } // else { // $error = 'Incorrect beta code, or it was already used!'; // Default response! // $errorList['key'] = true; // } // $result->free(); // } if (count($errorList) == 0) { // Add account $salt = ''; for ($i = 0; $i < 8; $i++) { $salt .= chr(0x30 + rand(0, 20)); } $encryptedpassword = GetPasswordHash($_POST['password'], $salt); $ip_address = $_SERVER['REMOTE_ADDR']; $fullname = $__database->real_escape_string($_POST['fullname']); $nickname = $__database->real_escape_string($_POST['nickname']); $statement = $__database->prepare('INSERT INTO accounts (id, username, password, salt, full_name, email, nickname, last_login, last_ip, registered_on) VALUES (NULL,?,?,?,?,?,?,NOW(),?,NOW())'); $statement->bind_param('sssssss', $username, $encryptedpassword, $__database->real_escape_string($salt), $fullname, $email, $nickname, $ip_address); $statement->execute(); if ($statement->affected_rows == 1) { $to = $email; // subject $subject = 'Mapler.me - Welcome!'; // message $message = file_get_contents('inc/templates/emails/signup.php'); // To send HTML mail, the Content-type header must be set