function AuthenticateUser($database, $email, $password)
{
$email = SanitizeString($email);
$password = SanitizeString($password);
$query = "SELECT pw_hash,pw_salt FROM users WHERE email='{$email}'";
$result = MySqlDatabaseQuery($database, $query);
echo $result[0]['pw_salt'];
echo HashPassword($password, $result[0]['pw_salt']);
echo $result[0]['pw_hash'];
if (HashPassword($password, $result[0]['pw_salt']) === $result[0]['pw_hash']) {
return TRUE;
} else {
if (UnconfirmedUserExists($database, $email)) {
return "unconfirmed";
} else {
return FALSE;
}
}
}
<?php
if (isset($_POST['url'])) {
echo file_get_contents('http://' . SanitizeString($_POST['url']));
}
function SanitizeString($var)
{
$var = strip_tags($var);
$var = htmlentities($var);
return stripslashes($var);
}
<?php
/**
* Created by PhpStorm.
* User: keilc
* Date: 25/08/2015
* Time: 10:23 AM
*/
include_once 'header.php';
if (!$loggedin) {
die;
}
if (isset($_GET['view'])) {
$view = SanitizeString($_GET['view']);
} else {
$view = $user;
}
if ($view == $user) {
$name1 = $name2 = "Your";
$name3 = "You are";
} else {
$name1 = "<a href='members.php?view={$view}'>{$view}</a>a>'s";
$name2 = "{$view}'s";
$name3 = "{$view} is";
}
echo "<div class='main'>";
//Put followers and following in their own array
$followers = array();
$following = array();
//Get the users followers
$result = QueryMysql("SELECT * FROM friends WHERE user = '******'");
<?php
/**
* Created by PhpStorm.
* User: keilc
* Date: 24/08/2015
* Time: 5:04 PM
*/
include_once 'header.php';
if (!$loggedin) {
die;
}
echo "<div class='main'><h3>Your Profile</h3>";
//Check if text was entered
if (isset($_POST['text'])) {
$text = SanitizeString($_POST['text']);
$text = preg_replace('/\\s\\s+/', '', $text);
//Security check if user actually exists to prevent hacking. Update text if text exists or insert if it does not
if (mysql_num_rows(QueryMysql("SELECT * FROM profiles WHERE user ='******'"))) {
QueryMysql("UPDATE profiles SET text='{$text}' WHERE user='******'");
} else {
QueryMysql("INSERT INTO profile VALUES('{$user}','{$text}')");
}
} else {
$result = QueryMysql("SELECT * FROM profiles WHERE user='******'");
if (mysql_num_rows($result)) {
$row = mysql_fetch_row($result);
$text = stripslashes($row[1]);
} else {
$text = "";
}
<?php
/**
* Created by PhpStorm.
* User: keilc
* Date: 24/08/2015
* Time: 3:33 PM
*/
include_once 'header.php';
echo "<div class='main'><>Please enter your details to login</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])) {
$user = SanitizeString($_POST['user']);
$pass = SanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields entered<br />";
} else {
$query = "SELECT user, pass FROM members WHERE user = '******' AND pass = '******'";
//If the username or password do not exist
if (mysql_num_rows(QueryMysql($query)) == 0) {
$error = "<span class = 'error'>Username/Passowrd invalid</span>span><br /><br />";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php?view={$user}'>" . "click here</a> to continue.<br /><br />");
}
}
}
echo <<<_END
<form method='post' action='login.php'>{$error}
<span class='fieldname'>Username</span><input type='text'
<?php
include "mysql.php";
$table = SanitizeString($_POST["table"]);
$id = $_POST["id"];
$sql = "DELETE FROM {$table} WHERE id={$id}";
if ($conn->query($sql) === TRUE) {
echo "<div class='info-box background-green wrap'>ID: {$id} poistettu taulusta {$table} onnistuneesti</div>";
} else {
echo "<div class='info-box background-red wrap'>Virhe: " . $conn->error . "</div>";
}
$conn->close();
function SanitizeString($string)
{
$replace_chars = array('Š' => 'S', 'š' => 's', 'Ð' => 'Dj', 'Ž' => 'Z', 'ž' => 'z', 'À' => 'A', 'Á' => 'A', 'Â' => 'A', 'Ã' => 'A', 'Ä' => 'A', 'Å' => 'A', 'Æ' => 'A', 'Ç' => 'C', 'È' => 'E', 'É' => 'E', 'Ê' => 'E', 'Ë' => 'E', 'Ì' => 'I', 'Í' => 'I', 'Î' => 'I', 'Ï' => 'I', 'Ñ' => 'N', 'Ò' => 'O', 'Ó' => 'O', 'Ô' => 'O', 'Õ' => 'O', 'Ö' => 'O', 'Ø' => 'O', 'Ù' => 'U', 'Ú' => 'U', 'Û' => 'U', 'Ü' => 'U', 'Ý' => 'Y', 'Þ' => 'B', 'ß' => 'Ss', 'à' => 'a', 'á' => 'a', 'â' => 'a', 'ã' => 'a', 'ä' => 'a', 'å' => 'a', 'æ' => 'a', 'ç' => 'c', 'è' => 'e', 'é' => 'e', 'ê' => 'e', 'ë' => 'e', 'ì' => 'i', 'í' => 'i', 'î' => 'i', 'ï' => 'i', 'ð' => 'o', 'ñ' => 'n', 'ò' => 'o', 'ó' => 'o', 'ô' => 'o', 'õ' => 'o', 'ö' => 'o', 'ø' => 'o', 'ù' => 'u', 'ú' => 'u', 'û' => 'u', 'ý' => 'y', 'ý' => 'y', 'þ' => 'b', 'ÿ' => 'y', 'ƒ' => 'f');
return strtr($string, $replace_chars);
}
