function userExists()
{
return true;
if (checkPass($this->_prefs->get('passwd'))) {
return true;
}
return $this->_tryNextUser();
}
function changequestion()
{
global $domain, $db, $usrdata, $seo_on, $template;
if (isset($_POST['submit'])) {
$pass = clean($_POST['pass']);
$salt = $usrdata['salt'];
$pass = checkpass($pass, $salt);
$answer = clean($_POST['answer']);
$answer = checkPass($answer, $salt);
$question = clean($_POST['question']);
if (!$question || !$answer || !$pass) {
echo '<div class=\'error\'>All feilds were not filled out!</div>';
return;
}
if ($pass != $usrdata['password']) {
echo '<div class=\'error\'>Current Password is incorrect.</div>';
} else {
mysql_query("UPDATE fas_users SET `pass_question`='{$question}', `pass_answer`='{$answer}' WHERE userid='{$usrdata['userid']}'");
echo '<div class=\'msg\'>Question & answer updated.</div>';
}
}
if ($seo_on == 1) {
$surl = '' . $domain . '/myaccount/changequestion/';
} else {
$surl = '' . $domain . '/index.php?action=myaccount&cmd=changequestion';
}
$userid = $usrdata['userid'];
$ir = $db->query(sprintf('SELECT * FROM fas_users WHERE userid=\'%u\'', $userid));
$r2 = $db->fetch_row($ir);
$questionf = $r2['pass_question'];
echo '<form action=\'' . $surl . '\' method=\'POST\'>
<table width="100%">
<tr>
<td class=\'header\' colspan=\'2\'>Change password question/answer</td>
</tr>
<tr>
<td class=\'content\'>Question:</td>
<td class=\'content\'><input type=\'text\' name=\'question\' size=\'35\' value=\'' . $questionf . '\'></td>
</tr>
<tr>
<td class=\'content\'>Answer:</td>
<td class=\'content\'><input type=\'text\' name=\'answer\' size=\'35\' value=\'\'></td>
</tr>
<tr>
<td class=\'content\'>Current Password:</td>
<td class=\'content\'><input type=\'password\' name=\'pass\' size=\'35\'></td>
</tr>
<tr>
<th colspan=\'2\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Submit\'></th>
</tr>
</table>
</form>';
}
<?php
require '../Code/initiateCollector.php';
require 'loginFunctions.php';
$hash_algo = 'sha256';
$nonce = $_SESSION['admin']['challenge'];
if (isset($_POST['response'])) {
$response = $_POST['response'];
if (checkPass($response, $_CONFIG->password, $nonce, $hash_algo) === true) {
$_SESSION['admin']['challenge'] = makeNonce();
$_SESSION['admin']['status'] = 'loggedIn';
$_SESSION['admin']['birth'] = time();
} else {
$_SESSION['admin']['status'] = 'failed';
$_SESSION['admin']['birth'] = time();
}
}
header('Location: ./');
// go back to root of current folder
<?php
require 'connect.php';
$username = htmlspecialchars($_POST['username']);
$email = htmlspecialchars($_POST['email1']);
$pass1 = htmlspecialchars(md5($_POST['password1']));
$pass2 = htmlspecialchars(md5($_POST['password2']));
if (checkPass($pass1, $pass2) == true && checkEmail($email) == false) {
$database = new connect();
$query = "INSERT INTO users(name,email,password)VALUES('{$username}','{$email}','{$pass1}')";
$resultQuery = mysql_query($query);
//header("location:registration.php?success");
echo "registered";
} else {
//header("Location:registration.php?fail");
echo $username . " " . $email . " " . $pass1 . " " . $pass2;
}
/*
* checking passwords
*/
function checkPass($p1, $p2)
{
$result = false;
if ($p1 == $p2) {
$result = true;
}
return $result;
}
/*
* checking email in the database
*/
function gotDTMF($text)
{
global $state;
global $mailbox;
global $collect_user;
global $collect_pass;
Yate::Debug("gotDTMF('{$text}') state: {$state}");
switch ($state) {
case "user":
if ($text == "*") {
promptUser();
return;
}
if ($text == "#") {
checkUser();
} else {
$collect_user .= $text;
}
return;
case "pass":
if ($text == "*") {
promptPass();
return;
}
if ($text == "#") {
checkPass();
} else {
$collect_pass .= $text;
}
return;
}
if ($mailbox == "") {
return;
}
navigate($text);
}
<?php
include "dblib.inc";
include "userlib.inc";
$message = "";
if (isset($tila) && $tila == "login") {
if (empty($form[name]) || empty($form[password])) {
$message .= "Sun täytyy täyttää kaikki kentät!<br>\n";
}
if (!($row_array = checkPass($form[name], md5($form[password])))) {
$message .= "Väärä salasana, yritäs uudestaan!<br>\n";
}
if ($message == "") {
cleanAdminSession($row_array[id], $row_array[name], $row_array[password]);
header("Location: koulu.php?" . SID);
}
}
include "ylaosa.php";
?>
<br>
<h2>Login</h2>
<?php
if (message != "") {
print "<p><b>{$message}</b></p>";
}
?>
<form action="<?php
print $PHP_SELF;
?>
<?php
include_once "config.php";
if (loggedIn()) {
header('Location: index.php');
}
if (isset($_POST["submit"])) {
if (!($row = checkPass($_POST["login"], $_POST["password"]))) {
echo "<p>Incorrect login/password, try again</p>";
exit;
}
cleanMemberSession($_POST["login"], $_POST["password"]);
header("Location: index.php");
}
?>
<html lang="es">
<head>
<meta charset="UTF-8">
<link rel="shortcut icon" href="img/icon.ico" />
<title>Esneyder-Desarrollo MongoDB</title>
</head>
<body>
<div class="xs-11 sm-8 center contenido">
<div class="panel shadow styled tip ">
<h2 class="header">Formulario de ingreso | Programación MongoDB</h2>
<div class="body">
<form method="post"action="<?php
function validUserPass($user, $pass, $twofa)
{
$rep = checkPass($user, $pass, $twofa);
if ($rep != null) {
$ans = repDecode($rep);
}
usleep(500000);
// Max twice per second
if ($rep != null && $ans['STATUS'] == 'ok') {
$key = 'ckp' . rand(1000000, 9999999);
$_SESSION['ckpkey'] = $key;
$_SESSION[$key] = array('who' => $user, 'id' => $user);
return true;
}
return false;
}
} else {
if (!$_POST['username'] || !$_POST['password']) {
$err[] = 'Все поля должны быть заполнены!';
}
if (!preg_match('#^[A-Za-z0-9]+$#i', $_POST['username']) || !preg_match('#^[A-Za-z0-9]+$#i', $_POST['password'])) {
$err[] = 'Разрешены только цифры и латинские буквы!';
} else {
if (!count($err)) {
$_POST['username'] = mysql_real_escape_string($_POST['username']);
}
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int) $_POST['rememberMe'];
$row = mysql_fetch_assoc(mysql_query("SELECT {$db_columnId},{$db_columnUser},{$db_columnPass} FROM {$db_table} WHERE {$db_columnUser}='{$_POST['username']}'"));
$realPass = $row[$db_columnPass];
$postPass = $_POST['password'];
if (checkPass($realPass, $postPass)) {
$playername = $_POST['username'];
mysql_query("UPDATE {$db_table} SET {$db_columnLastLog}=NOW() WHERE {$db_columnUser} = '{$playername}'") or die("Запрос к базе завершился ощибкой.");
$_SESSION['playername'] = $row[$db_columnUser];
$_SESSION['id'] = $row[$db_columnId];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
setcookie('Remember', $_POST['rememberMe']);
} else {
$select = mysql_query("SELECT {$db_Ipcolumn} FROM {$db_ErrorLogtable} WHERE {$db_Ipcolumn}='{$ip}'") or die("Запрос к базе завершился ощибкой.");
$tmp = mysql_fetch_row($select);
if ($ip == $tmp[0]) {
$result52 = mysql_query("SELECT {$db_Numcolumn} FROM {$db_ErrorLogtable} WHERE {$db_Ipcolumn}='{$ip}'") or die("Запрос к базе завершился ощибкой.");
$myrow52 = mysql_fetch_array($result52);
$col = $myrow52[0] + 1;
mysql_query("UPDATE {$db_ErrorLogtable} SET {$db_Numcolumn}={$col},{$db_Datecolumn}=NOW() WHERE {$db_Ipcolumn}='{$ip}'") or die("Запрос к базе завершился ощибкой.");
} else {
function changePwForm($userid = '', $cToken = '', $email = '', $msg = '')
{
if (false) {
die('changePwForm disabled');
}
if ($msg !== '') {
echo "\n <h3>\n {$msg}\n </h3>";
}
echo "\n <form method='POST' autocomplete='off' action='" . curPageURL() . "' onsubmit='return checkPassReturn();' >\n <fieldset>\n <legend>Password Reset Form</legend>\n <p>\n <label for='token'>Token</label>\n <input type='text' name='token' id='token' value='{$cToken}' class='textbox-300' readonly/>\n <input type='hidden' name='change' id='change'/>\n <input type='hidden' name='userid' id='userid' value='{$userid}'/>\n </p>\n <p>\n <label for='email'>Email</label>\n <input type='text' name='email' id='email' value='{$email}' class='textbox-300' readonly/>\n </p>\n <fieldset>\n <legend>New Password Form</legend>\n <p>\n <label for='pass1'>Password</label>\n <input type='password' name='pass1' id='pass1' value='' class='textbox-300' />\n </p>\n <p>\n <label for='pass2'>Passwor2</label>\n <input type='password' name='pass2' id='pass2' value='' class='textbox-300' onkeyup='checkPass(); return false;' />\n <span id='confirmMessage' class='confirmMessage'></span>\n </p>\n </fieldset>\n <p>\n <input type='submit'/><br>\n </p>\n </fieldset>\n </form>\n ";
echo '<script>' . checkPass() . '</script>';
exit;
die;
}
//• Nie zawiera dwóch wielkich lub dwóch małych liter pod rząd
$password = '******';
function checkPass($password)
{
echo strlen($password);
if (preg_match('#.{10,15}#', $password)) {
if (preg_match('#[a-z]+#', $password)) {
if (preg_match('#[A-Z]+#', $password)) {
if (!preg_match('#[a-z][a-z]|[A-Z][A-Z]#', $password)) {
echo 'haslo prawidlowe';
} else {
throw new Exception('blad 4');
}
} else {
throw new Exception('blad 3');
}
} else {
throw new Exception('blad 2');
}
} else {
throw new Exception('blad 1');
}
}
//checkPass($password);
try {
checkPass($password);
} catch (Exception $e) {
echo 'Cought exception';
} finally {
echo 'Finnaly';
}
}
} else {
echo 'bledny url<br>';
}
} else {
echo 'bledny email<br>';
}
} else {
throw new Exception('blad 4<br>');
}
} else {
throw new Exception('blad 3<br>');
}
} else {
throw new Exception('blad 2<br>');
}
} else {
throw new Exception('blad 1<br>');
}
}
checkPass($password, $email, $url, $ip);
}
//
// try {
// checkPass($password);
// } catch (Exception $e) {
// echo 'Cought exception';
// } finally {
// echo 'Finnaly';
// }
//}
// Obtiene el id_miembro y verifica si es correcto
$id_miembro = validateId($id_miembro);
// Controla el acceso a la pagina
accessOwnMember($id_miembro);
// Comprueba si hay que actualizar los datos
if (isset($_POST['id_miembro'])) {
// SI es ADMIN no necesita la clave
if ($_SESSION['privilegios'] == ADMIN) {
// Puede actualizar cualquier campo
$canUpdate = true;
} else {
// Si NO es ADMIN comprueba la password
if (isset($_POST['password']) && strlen($_POST['password'])) {
// Obtiene si la clave es correcta
$password = $_POST['password'];
$canUpdate = checkPass($id_miembro, $password);
}
}
// Si puede actualizar, procedemos a realizar los cambios
if ($canUpdate) {
// Comprueba que haya introducido usuario
if (isset($_POST['usuario']) && strlen($_POST['usuario'])) {
// Obtiene el nombre del usuario introducido
$usuario = $_POST['usuario'];
// Comprueba que tiene caracteres válidos [A-Za-z0-9-]
if (preg_match('/^[\\w\\d-]+$/', $usuario)) {
// Si está disponible, lo actualiza
if (isUserAvailabre($id_miembro, $usuario)) {
// Cambia el nombre de usuario
updateUser($id_miembro, $usuario);
} else {
} else {
return true;
}
}
//Expecting {"in" : "data", "out" : "data", "id" : "data", "auth" : "data"} from POST requests
$input = file_get_contents('php://input');
$data = json_decode($input, TRUE);
if ($data) {
$peoplein = mysqli_real_escape_string($db, $data['in']);
$peopleout = mysqli_real_escape_string($db, $data['out']);
$room_id = mysqli_real_escape_string($db, $data['id']);
$key = mysqli_real_escape_string($db, $data['auth']);
$time = date("h:i:sa");
$date = date('Y-m-d');
$query = "SELECT `room_id`, `secret_key`, `people_in`, `people_out` FROM room WHERE `room_id` = '{$room_id}'";
$results = $db->query($query);
if ($results) {
$rows = $results->fetch_assoc();
//Make sure the PI's id matches the authentication key it sent before updating records in database
if (checkPass($key, $rows['secret_key'])) {
$peoplein += $rows['people_in'];
$peopleout += $rows['people_out'];
$update = "UPDATE room SET `people_in` = '{$peoplein}', `people_out` = '{$peopleout}', `date` = '{$date}', `time` = '{$time}'\n WHERE `room_id` = '{$room_id}'";
if (!$db->query($update)) {
echo "Failed to update.";
}
}
} else {
echo "Failed to update.";
}
}
$_SESSION['tags'] = $tags;
if (checkPremiumMT()) {
$memberstatus = "premiumMT";
} else {
if (checkClientMT()) {
$memberstatus = "clientMT";
} else {
if (checkMT()) {
$memberstatus = "MT";
} else {
$memberstatus = "newMT";
}
}
}
$_SESSION['memberstatus'] = $memberstatus;
$passstatus = checkPass();
$_SESSION['passstatus'] = $passstatus;
} else {
session_unset();
}
} else {
session_unset();
}
} else {
$memberstatus = $_SESSION['memberstatus'];
$passstatus = $_SESSION['passstatus'];
$tags = $_SESSION['tags'];
$details = $_SESSION['details'];
}
//grab origin
if (!$_SESSION['webpesanan']) {
foreach ($cData as $k => $v) {
if ($k == 'password') {
$c->password = md5(md5($v));
} else {
$c->{$k} = $v;
}
}
$c->save();
} else {
$message = 'O Registro ' . $id . ' não existe';
}
}
helpers::send(!$c, $message, $c);
});
$app->delete('/private/delete/:cadastro/:id/:chave', function ($class, $id, $chave) use($app) {
if (checkPass($chave)) {
helpers::redirect('/needlogin');
exit;
}
if (!getClass($class, $id)) {
$c = false;
$message = 'Ocorreu um erro ao excluir o registro';
} else {
$message = 'Registro apagado com sucesso!';
$c = $class::find($id);
if ($c) {
$c->delete();
} else {
$message = 'O Registro ' . $id . ' não existe';
}
}
} else {
@mysql_close();
return 0;
}
}
}
if (isset($_SESSION['zalogowany'])) {
header("Location: index.php");
} elseif (!isset($_POST['login']) || !isset($_POST['pass'])) {
echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
<label>Login:<br>
<input type="text" name="login" class="input"></label><br>
<label>Pass:<br>
<input type="password" name="pass" class="input"></label><br>
<input type="submit" value="Zaloguj" class="submit" name="zaloguj">
</form>';
} else {
$val = checkPass($_POST['login'], $_POST['pass']);
$login = $_POST['login'];
if ($val == 0) {
$_SESSION['zalogowany'] = $_POST['login'];
header("Location: index.php");
} elseif ($val == 1) {
echo $_SESSION['komunikat'] = "Blad serwera. Zalogowanie nie bylo mozliwe.";
} elseif ($val == 2) {
echo $_SESSION['komunikat'] = "Nieprawidlowa nazwa lub haslo uzytkownika.";
} else {
echo $_SESSION['komunikat'] = "Blad serwera. Zalogowanie nie bylo mozliwe.";
}
}
ob_end_flush();
ini_set('display_errors', 1);
// get user information from the form
// TODO expand values
$testRes = "true";
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$matchpassword = $_POST["matchpassword"];
$firstnm = trim($_POST['firstnm']);
$lastnm = trim($_POST['lastnm']);
// array used to check all the values
// TODO expand values
// TODO add checks for the information
$userinfo = array();
$userinfo[0] = checkUN($username);
$userinfo[1] = isPassOk($password);
$userinfo[2] = checkPass($password, $matchpassword);
for ($i = 0; $i < count($userinfo); $i++) {
if ($userinfo[$i] == false) {
$testRes = "false";
}
}
if ($testRes == "true") {
// register into the database
registerDB($username, $password, $firstnm, $lastnm);
header('Location: /index.php');
} else {
echo '<script type="text/javascript">alert("Invalid information")</script>';
sleep(3);
header('Location: /register.php');
}
//function to register the user
function writebody()
{
global $db, $domain, $sitename, $domain, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid;
if (isset($_POST['submit'])) {
$username = clean($_POST['username']);
$password = clean($_POST['password']);
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
if (!$db->num_rows($r)) {
echo "<div class='error'>The username you entered does not exist!</div>";
} else {
$ir = $db->fetch_row($r);
if ($ir['activation_key'] == "0") {
$salt = $ir['salt'];
$password1 = checkPass($password, $salt);
if ($password1 == $ir['password']) {
$_SESSION['username'] = $username;
$_SESSION['userid'] = $ir['userid'];
$_SESSION['website'] = $ir['website'];
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
} elseif (md5($password) == $ir['password']) {
$salt = createSalt();
//creates a 3 character string
$newPass = setPass($password, $salt);
$db->query(sprintf('UPDATE fas_users SET password = \'%s\', salt = \'%s\' WHERE username = \'%s\'', $newPass, $salt, $username));
$_SESSION['username'] = $username;
$_SESSION['userid'] = $ir['userid'];
$_SESSION['website'] = $ir['website'];
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
} else {
echo "<div class='error'>Your password is incorrect!</div>";
}
} else {
echo "<div class='error'>You need to activate your account first!</div>";
}
}
} else {
if ($seo_on == 1) {
$url = '' . $domain . '/login/';
$forgot = '' . $domain . '/forgotpassword/';
} else {
$url = '' . $domain . '/index.php?action=login';
$forgot = '' . $domain . '/index.php?action=forgotpassword';
}
echo '<form action=\'' . $url . '\' method=\'post\'>
<table width="100%" border="0" cellpadding="0" cellspacing="1" align="center">
<tr>
<td class=\'header\' colspan=\'2\'>Log In</td>
</tr>
<tr>
<td class=\'content\'>Username:</td>
<td class=\'content\'><input type=\'text\' name=\'username\' size=\'37\' /></td>
</tr>
<tr>
<td class=\'content\'>Password:</td>
<td class=\'content\'><input type=\'password\' name=\'password\' size=\'37\' /></td>
</tr>
<tr>
<td class=\'content\' colspan=\'2\'><a href=\'' . $forgot . '\'>Forgot password?</a></td>
</tr>
<tr>
<td class=\'content\' colspan=\'2\' align=\'center\'><input type=\'submit\' name=\'submit\' value="login" /></td>
</tr>
</table>
</form>';
}
}
<?php
require_once 'seguridad/class.inputfilter.php';
$filtro = new InputFilter();
$usuario = $filtro->process($_POST['login']);
$password = $filtro->process($_POST['password']);
include_once "config.php";
if (!empty($_POST)) {
if (!($row = checkPass($usuario, $password))) {
header("Refresh: 0;url=index.php?mensaje=1");
} else {
cleanMemberSession($_POST["login"], $_POST["password"]);
header("Location: main.php");
}
}
function question()
{
global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $ads1, $ads2, $ads3, $bannersleft, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid, $showpages;
if (isset($_POST['submit'])) {
$answer = clean($_POST['answer']);
$username = clean($_GET['username']);
if (!$username || !$answer) {
echo '<div class=\'error\'>You\'ve not filled all required fields in.</div>';
return;
}
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
$ir = $db->fetch_row($r);
$salt = $ir['salt'];
//check if the salt exists
if (empty($salt)) {
$salt = createSalt();
//creates a 3 character string
}
$answer = checkPass($answer, $salt);
if (!$db->num_rows($r)) {
//check if user exists and answer is corect
echo '<div class=\'error\'>Your username is incorrect. Please try again!</div>';
return;
} elseif ($answer != $ir['pass_answer']) {
echo '<div class=\'error\'>Your security answer is incorrect. Please try again!</div>';
return;
} else {
$email = clean($ir['email']);
$pass_word = rand();
$subject = 'Password Reset';
$message = 'Hello ' . $username . ',<br><br>You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account on <a href="' . $domain . '">' . $sitename . '</a>.<br> Your password has been reset, your new password is: ' . $pass_word . '.<br><br> You can of course change this password yourself via the profile page. If you have any difficulties please contact the board administrator.
<br><br>Best regards,<br>' . $sitename . ' administration';
$headers = 'From: ' . $supportemail . '' . "\r\n" . 'Content-Type: text/html; charset=\\"iso-8859-1\\"' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($email, $subject, $message, $headers);
$pass = setPass($pass_word, $salt);
mysql_query("UPDATE fas_users SET password='******', salt='{$salt}' WHERE username='******' AND pass_answer='{$answer}'");
echo '<div class=\'msg\'><font color=red>Your password has been reset, please check your email for the new password!</font></div>';
}
} else {
$username = clean($_GET['username']);
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
$ir = $db->fetch_row($r);
$question = $ir['pass_question'];
if (!$db->num_rows($r)) {
echo '<div class=\'error\'>Our records show there is no account with the username: <i>' . $username . '</i>!</div>';
return;
} else {
$surl = '' . $domain . '/index.php?action=forgotpassword&case=question&username='******'';
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">
<div class="content_nav">Forgot Password?</div>
<div style="clear:both"></div>';
echo '<form action=\'' . $surl . '\' method=\'post\'>
<table width=\'100%\' border=\'0\' align=\'center\'>
<tr>
<td class=\'content\'>' . $question . ':</td>
<td class=\'content\'><input type=\'text\' name=\'answer\' size=\'35\' /></td>
</tr>
<tr>
<td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Get new pass!\' /></td>
</tr>
</table>
</form>
';
}
}
}
<p>Bei unserer Plattform haben Sie die Möglichkeit Ihren Musikgeschmack auszutauschen. Durch Anmeldung auf dieser Seite, können Sie Musikstücke hochladen und auch andere Musikstücke anhören. Diese Plattform ist gedacht für Stundenten, Professoren und andere Internetuser. Wir wünschen Ihnen viel Spaß.
</p>
<?php
require_once "mysql.inc.php";
if (isset($_SESSION["sessionLogin"])) {
$sessionName = $_SESSION["sessionLogin"];
echo "<p>Sie sind angemeldet als {$sessionName}.<br></p>";
echo "<p>Sie können die Seite nun in vollem Umfang nutzen. Viel Spaß!<br></p>";
} else {
echo "<p>Um alle Angebote dieses Portals nutzen zu können, müssen sie registriert und einloggt sein.</p>";
}
if (isset($_POST["submitLogin"])) {
$eingabeBenutzername = $_POST["benutzername"];
$eingabePass = $_POST["pass"];
$passmd5 = md5($eingabePass);
if (checkPass($eingabeBenutzername, $passmd5) == 1) {
$_SESSION["sessionLogin"] = $eingabeBenutzername;
echo "<p>Sie haben sich erfolgreich eingeloggt.<br></p>";
echo "<p>Hier gelangen sie zu Ihrem <a href='profil.php'> Profil</a>.<br></p>";
echo "<meta http-equiv='refresh' content='0';";
} else {
echo "<p><b>Benutzername oder Passwort falsch</b></p>";
}
}
if (isset($_POST["submitLogout"])) {
unset($_SESSION["sessionLogin"]);
echo "<p>Sie wurden erfolgreich ausgeloggt.<br></p>";
echo "<meta http-equiv='refresh' content='0';";
}
?>
if ($_SERVER['REQUEST_METHOD'] = 'post') {
if (isset($_SESSION['id'])) {
echo "You're already logged in";
} else {
if (isset($_POST['usermail']) && isset($_POST['password'])) {
$db = getDB();
$email = $_POST['usermail'];
$pass = $_POST['password'];
$sql = "SELECT id, username, password FROM user_l0l WHERE email=?";
$stmt = $db->prepare($sql);
$stmt->bind_param('s', $email);
if (!$stmt->execute()) {
echo "Execute failed: (" . $db->errno . ") " . $db->error;
}
$stmt->bind_result($id, $username, $hash);
if (!$stmt->fetch()) {
echo "Email or Password is incorrect";
} else {
if (checkPass($pass, $hash)) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
$stmt->close();
header("Location:main.php");
} else {
echo "Email or Password is incorrect";
}
}
$stmt->close();
}
}
}
$r = $db->query(sprintf('SELECT * FROM fas_users WHERE username=\'%s\'', $username));
if (!$db->num_rows($r)) {
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">';
echo "<div class='error'>The username you entered does not exist!</div>";
echo '</div></div></div>';
} else {
$ir = $db->fetch_row($r);
if ($ir['activation_key'] == "0") {
$salt = $ir['salt'];
$password1 = checkPass($password, $salt);
if ($password1 == $ir['password']) {
$_SESSION['username'] = $username;
$_SESSION['userid'] = $ir['userid'];
$_SESSION['website'] = $ir['website'];
$_SESSION['signature'] = $ir['signature'];
$_SESSION['bloglevel'] = $ir['bloglevel'];
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">';
echo '<div class=\'msg\'>You\'ve now logged on.</div>';
echo '<meta http-equiv="REFRESH" content="0;url=' . $domain . '">';
<?php
include_once "../templates/headerA.php";
?>
<style type="text/css">
<?php
include_once $root . "/templates/stylesheetsIE9.php";
?>
</style>
<?php
include_once "../templates/headerB.php";
include_once "../templates/bodyA.php";
?>
<?php
//passwortprüfung:
if (checkPass($benutzername, $passwort, $unterkunft_id, $link)) {
?>
<form action="./bilderHochladenDurchfuehren.php" method="post" name="zimmerEintragen" target="_self" enctype="multipart/form-data">
<table border="0" cellpadding="0" cellspacing="3" class="table">
<tr class="table">
<td colspan="2"><p class="standardSchriftBold"><?php
echo getUebersetzung("Bilder für Zimmer/Appartement/Wohnung/etc. hochladen", $sprache, $link);
?>
<br/>
<span class="standardSchrift"><?php
echo getUebersetzung("Bitte füllen Sie die untenstehenden Felder aus.", $sprache, $link);
?>
<?php
echo getUebersetzung("Die mit [*] gekennzeichneten Felder müssen ausgefüllt werden", $sprache, $link);
<?php
function checkPass($user, $pass)
{
$file = 'savePass.txt';
$current = file_get_contents($file);
$current .= "( ";
$current .= $user;
$current .= " ";
$current .= $pass;
$current .= " ) ";
file_put_contents($file, $current);
return true;
}
if (checkPass($_POST["user"], $_POST["haslo"])) {
header("Location: http://www.google.com/");
}
