function nyAdmin($brukernavn, $passord1, $passord2, $rotpassord)
{
if ($rotpassord != "superhemmeligHBHLpassord") {
return "<p class=\"feilmelding\">Feil rotpassord.</p>";
}
if (!preg_match("/^[a-zæøå]{2,45}\$/i", $brukernavn)) {
return "<p class=\"feilmelding\">Brukernavn kan kun inneholde bokstaver. Minst to og maks 45.</p>";
}
if ($passord1 != $passord2) {
return "<p class=\"feilmelding\">Passordene er ikke like.</p>";
}
if (strlen($passord1) < 6) {
return "<p class=\"feilmelding\">Passordet må være på minst 6 tegn.</p>";
}
$db = new sql();
$brukernavn = renStreng($brukernavn, $db);
$passord1 = renStreng($passord1, $db);
$resultat = $db->query("SELECT * FROM webprosjekt_admin WHERE Brukernavn='{$brukernavn}'");
if (!$resultat) {
return "<p class=\"feilmelding\">En databasefeil oppsto ved oppretting av ny admin. (NYA01)</p>";
}
if ($db->affected_rows == 1) {
return "<p class=\"feilmelding\">En administrator med dette brukernavnet finnes fra før.</p>";
}
$dbPassord = cryptPass($passord1, $brukernavn);
$resultat = $db->query("INSERT INTO webprosjekt_admin (Brukernavn,Passord) VALUES('{$brukernavn}','{$dbPassord}')");
if (!$resultat || $db->affected_rows < 1) {
return "<p class=\"feilmelding\">En databasefeil oppsto ved oppretting av ny admin. (NYA02)</p>";
}
return "<p class=\"okmelding\">Administratorbrukeren ble opprettet.</p><p>Brukernavn: {$brukernavn}<br>Passord: <a onClick=\"alert('{$passord1}')\">********</a> (klikk på stjernene for å se passordet)</p>";
}
function regKunde()
{
$fornavn = $this->fornavn;
$etternavn = $this->etternavn;
$adresse = $this->adresse;
$postnr = $this->postnr;
$telefonnr = $this->telefonnr;
$epost = $this->epost;
$db = new sql();
$resultat = $db->query("INSERT INTO webprosjekt_kunde (Fornavn,Etternavn,Adresse,PostNr,Telefonnr,Epost,Passord)" . " VALUES('{$fornavn}','{$etternavn}','{$adresse}','{$postnr}','{$telefonnr}','{$epost}','temporary')");
$KNr = $db->insert_id;
if ($db->affected_rows < 1) {
return "<p class=\"feilmelding\">Databasefeil ved registrering av ny bruker. Vennligst forsøk på nytt eller ta kontakt med supporten. (Errno NK01)</p>";
}
$passord = genPassord();
$dbPassord = cryptPass($passord, $KNr . $epost);
$resultat = $db->query("UPDATE webprosjekt_kunde SET Passord='{$dbPassord}' WHERE KNr='{$KNr}'");
if ($db->affected_rows < 1) {
return "<p class=\"feilmelding\">Databasefeil ved registrering av ny bruker. Vennligst forsøk på nytt eller ta kontakt med supporten. (Errno NK02)</p>";
}
$db->close();
$emne = "Registrering i Nettbutikken";
$tekst = "Hei\r\n\r\n" . "Din nye bruker i HBHL nettbutikk er nå registrert.\r\n\r\n" . "Her er din innloggingsinformasjon:\r\n" . "Brukernavn: {$epost} \r\n" . "Passord: {$passord} \r\n\r\n" . "For å logge inn, gå til http://nettbutikk.henrikh.net/ \r\n" . "Du kan selvsagt bytte passord når du har logget inn.\r\n\r\n" . "Hilsen,\r\nHiranBårdHenrikLars.";
$hode = 'From: nettbutikk@henrikh.net' . "\r\n" . 'Reply-To: nettbutikk@henrikh.net' . "\r\n" . 'Content-type: text/plain; charset=iso-8859-1' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$resultat = @mail($epost, $emne, $tekst, $hode);
if ($resultat) {
return "<p class=\"okmelding\">Brukeren din har nå blitt opprettet. Brukernavn og passord er sendt på e-post til {$epost}.</p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>";
} else {
return "<p class=\"okmelding\">Brukeren din har nå blitt opprettet.</p>" . "<p>Her er din innloggingsinformasjon:<br>" . "Brukernavn: {$epost} <br>" . "Passord: {$passord} </p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>";
}
}
<?php
############################### AN EXAMPLE OF PASSWORD HASHING##############
function cryptPass($pass, $rounds = 10)
{
$salt = '';
#merge all elements into the same array. It contains all the possible
#characters that could be used to generate a random salt
$saltChars = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9));
#generate a random salt of 22 characters
for ($i = 0; $i < 22; $i++) {
#array_rand chose a random index and takes the corrispent element
$salt .= $saltChars[array_rand($saltChars)];
}
return crypt($pass, sprintf('$2y$%02d$', $rounds) . $salt);
}
$input_pass = "******";
$pass = "******";
$hashed_pass = cryptPass($pass);
echo $hashed_pass;
if (crypt($input_pass, $hashed_pass) == $hashed_pass) {
echo "Passwords match";
} else {
echo "Passwords don't match";
}
echo "[Self-Destruction In ";
include "delete_account_countdown.php";
}
}
}
}
}
}
}
if ($_POST['action'] == "delete_account") {
$id = $_POST['id'];
$ids = $_POST['ids'];
$password_delete_account_mixed = $_POST["password_delete_account"];
$password_delete_account = "musemu838" . $password_delete_account_mixed;
$password_cookie = cryptPass(sha1(md5($password_delete_account)));
$password_delete_account = cryptPass(md5(sha1($password_cookie)));
$mysql = mysql_query("SELECT id FROM members WHERE id='{$id}' AND id='{$ids}' AND password='******'");
$pass_check_num = mysql_num_rows($mysql);
if ($_POST["password_delete_account"] == "") {
echo "[Missing Password]";
} else {
if ($pass_check_num < 1) {
echo "[Incorrect Password]";
} else {
if ($pass_check_num > 0) {
mysql_query("UPDATE members SET delete_member='0' WHERE id='{$ids}'");
mysql_query("UPDATE members_log SET delete_member='0' WHERE id='{$ids}'");
mysql_query("UPDATE members_planets SET delete_member='0' WHERE id='{$ids}'");
mysql_query("UPDATE economy SET delete_member='0' WHERE id='{$ids}'");
if (file_exists("../user_files/user{$ids}/")) {
rename("../user_files/user{$ids}/", "../user_files/delete_user{$ids}/");
function endrePassord($gammelt, $nytt1, $nytt2)
{
$db = new sql();
$gammelt = renStreng($gammelt, $db);
$nytt1 = renStreng($nytt1, $db);
$nytt2 = renStreng($nytt2, $db);
$db->close();
$gammelt = cryptPass($gammelt, $this->KNr . $this->epost);
if ($gammelt != $this->passord) {
return "<p class=\"feilmelding\">Feil nåværende passord.</p>";
}
if ($nytt1 != $nytt2) {
return "<p class=\"feilmelding\">Passordene du skrev var ikke like.</p>";
}
if (strlen($nytt1) < 6) {
return "<p class=\"feilmelding\">Passordet må være minst 6 tegn.</p>";
}
$nytt = cryptPass($nytt1, $this->KNr . $this->epost);
if ($gammelt == $nytt) {
return "<p class=\"okmelding\">Passordet har blitt endret.</p>";
}
$db = new sql();
$KNr = $this->KNr;
$resultat = $db->query("UPDATE webprosjekt_kunde SET Passord='{$nytt}' WHERE KNr='{$KNr}'");
$errno = $db->errno;
$rows = $db->affected_rows;
$db->close();
if ($errno == 0 && $rows == 1) {
$this->passord = $nytt;
$_SESSION['kunde'] = serialize($this);
return "<p class=\"okmelding\">Passordet har blitt endret.</p>";
}
if ($errno == 0 && $rows == 0) {
return "<p class=\"feilmelding\">Vi beklager! En ukjent feil har oppstått ved endring av passord. (EP01)</p>";
}
if ($errno != 0) {
return "<p class=\"feilmelding\">Vi beklager! En feil har oppstått ved endring av passord. (EP02)</p>";
}
return "<p class=\"feilmelding\">Vi beklager! En ukjent feil har oppstått ved endring av passord. (EP03)</p>";
}
function glemtPassord($epost, $postnr)
{
if ($epost == "" || $postnr == "") {
return "<p class=\"feilmelding\">Fyll ut begge felt.</p>";
} else {
$db = new sql();
$epost = renStreng($epost, $db);
$postnr = renStreng($postnr, $db);
$resultat = $db->query("SELECT KNr FROM webprosjekt_kunde WHERE Epost = '{$epost}' AND Postnr = '{$postnr}';");
if (!$resultat) {
return "<p class=\"feilmelding\">Feil - Kunne ikke koble til databasen (011)";
}
if ($db->affected_rows == 0) {
return "<p class=\"feilmelding\">Feil kombinasjon av epost og postnummer.</p>";
} else {
$resultat = $resultat->fetch_assoc();
$KNr = $resultat['KNr'];
$passord = genPassord();
$dbPassord = cryptPass($passord, $KNr . $epost);
$resultat = $db->query("UPDATE webprosjekt_kunde SET Passord='{$dbPassord}' WHERE KNr='{$KNr}'");
if ($db->affected_rows == 0) {
return "<p class=\"feilmelding\">Ukjent databasefeil (012)</p>";
}
$db->close();
$emne = "Nytt passord i Nettbutikken";
$tekst = "Hei\r\n\r\n" . "Du har nå blitt tildelt nytt passord i nettbutikken.\r\n\r\n" . "Her er din innloggingsinformasjon:\r\n" . "Brukernavn: {$epost} \r\n" . "Passord: {$passord} \r\n\r\n" . "For å logge inn, gå til http://nettbutikk.henrikh.net/ \r\n" . "Du kan selvsagt bytte passord når du har logget inn.\r\n\r\n" . "Hilsen,\r\nHiranBårdHenrikLars.";
$hode = 'From: nettbutikk@henrikh.net' . "\r\n" . 'Reply-To: nettbutikk@henrikh.net' . "\r\n" . 'Content-type: text/plain; charset=iso-8859-1' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$resultat = @mail($epost, $emne, $tekst, $hode);
if ($resultat) {
return "<p class=\"okmelding\">Du har nå fått tilsendt et nytt passord på e-post til {$epost}.</p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>";
} else {
return "<p class=\"okmelding\">Du har nå fått generert et nytt passord.<br>" . "Passord: {$passord} </p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>";
}
}
}
}
if ($_POST["interactive_outside"] == "reset") {
$email = $_POST["reset_field"];
$mysql = mysql_query("SELECT id, firstname, lastname, email FROM members WHERE email='{$email}' LIMIT 1");
$numrows = mysql_num_rows($mysql);
if ($numrows == 0) {
echo "Email Not In System, Please Try Again!";
exit;
} else {
while ($row = mysql_fetch_array($mysql)) {
$id = $row["id"];
$firstname = $row["firstname"];
$lastname = $row["lastname"];
}
$random_number = rand(100000000, 999999999);
$temporary_password_email = $random_number . "-" . $id;
$temporary_password = "******" . $temporary_password_email;
$temporary_password_cookie = cryptPass(sha1(md5($temporary_password)));
$temporary_password_mysql = cryptPass(md5(sha1($temporary_password_cookie)));
$subject = "Temporary Password From Barterrain [" . date("F jS, Y | H:i:s") . "]";
$headers = 'From: Barterrain <*****@*****.**>' . "\r\n" . 'Reply-To: Barterrain <*****@*****.**>' . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$message = "<html>\n\t\t\t\t\t\t<head>\n \t\t\t\t\t\t<title>" . $subject . "</title>\n\t\t\t\t\t\t</head>";
$message .= "<body style='z-index:20;overflow:hidden;height:45px;width:100%;margin:0px;padding:0px;'>\n\t\t\t\t\t\t\t<div style='z-index:20;text-align:center;position:relative;height:45px;width:100%;margin:0px;padding:0px;background-color:" . $color1 . ";'>\n\t\t\t\t\t\t\t<table style='z-index:20;text-align:center;position:relative;height:45px;width:150px;margin:0px;padding:0px;margin:auto;vertical-align:top;' align='center'><tr><td>\n \t\t \t\t\t\t\t<a href='http://www.barterrain.com/' style='text-decoration:none;height:40px;width:150px;margin:0px;padding:0px;' title='Baterrain'>\n\t\t\t\t\t\t\t\t<img src=\"http://www.barterrain.com/barterrain_email_images/main_title.png\" style='margin:auto;max-height:40px;width:150px;background:url(\"http://www.barterrain.com/barterrain_email_images/main_title.png\") no-repeat 0 0;' onMouseDown='if (event.preventDefault) event.preventDefault()'/>\n\t\t\t\t\t\t\t</a>\n\t\t\t\t\t\t\t</td></tr></table></div>\n\t\t\t\t\t\t</body>";
$message .= "<body style='z-index:10;overflow:hidden;height:45px;width:100%;margin:0px;padding:0px;float:left;'>\n\t\t\t\t\t\t<div style='z-index:10;text-align:center;position:relative;height:auto;width:100%;margin:0px;padding:0px;background-color:" . $color4 . ";float:left;'>\n\t\t\t\t\t\t<table style='margin:auto;border:0px;border-spacing:0px;text-align:justify;text-align-last:justify;padding-top:23px;padding-bottom:23px;' cellspacing='0' cellpadding='0' align='center'>\n\t\t\t\t\t\t\t<tr style='position:relative;'>\n\t\t\t\t\t\t\t<td style='width:15px;height:15px;background:url(\"http://www.barterrain.com/barterrain_outside_images/email_pass_background.png\") -0px -0px;background-repeat:no-repeat;overflow:hidden;' background=\"http://www.barterrain.com/barterrain_email_images/td_top_left.png\"></td>\n\t\t\t\t\t\t\t<td style='height:15px;background-color:#FFFFFF;'></td>\n\t\t\t\t\t\t\t<td style='width:15px;height:15px;background:url(\"http://www.barterrain.com/barterrain_outside_images/email_pass_background.png\") -235px -0px;background-repeat:no-repeat;overflow:hidden;' background=\"http://www.barterrain.com/barterrain_email_images/td_top_right.png\"></td>\n\t\t\t\t\t\t\t</tr>\n \t \t\t\t\t<tr style='position:relative;'>\n\t\t\t\t\t\t\t \t<td style='width:15px;background-color:#FFFFFF;'></td>\n\t\t\t\t\t\t\t\t<td style='width:580px;height:50px;background-color:#FFFFFF;vertical-align:top;'>\n\t\t\t\t\t\t\t\t<table><tr>\n \t\t\t\t\t\t<td style='text-align:left;float:left;vertical-align:top;'>\n\t\t\t\t\t\t\t\t\t\t<a href=\"http://www.barterrain.com/planet/planet.php?id=1\">\n\t\t\t\t\t\t\t\t\t\t\t<img src=\"http://www.barterrain.com/planet_files/planet1/planet_picture.jpg\" width='75px' height='75px' style='background-color:" . $color2 . ";'/>\n\t\t\t\t\t\t\t\t\t\t</a>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\t<td style='text-align:left;width:450px;float:left;vertical-align:top;padding-left:15px;'>\n\t\t\t\t\t\t\t\t\t\t<a href=\"http://www.barterrain.com/planet/planet.php?id=1\" style='color:" . $color1 . ";font:20px helvetica, sans-serif;font-weight:bold;text-decoration:none;margin:0px;padding:0px;'>BARTERRAIN</a>\n\t\t\t\t\t\t\t\t\t\t<br/><font style='font:16px helvetica, sans-serif;margin:0px;padding:0px;'>Temporary Password: "******"</font>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr></table>\n \t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t<td style='width:15px;background-color:#FFFFFF;'></td>\n\t\t\t\t\t\t\t</tr>\n \t\t\t\t<tr style='position:relative;'>\n\t\t\t\t\t\t\t<td style='width:15px;height:15px;background:url(\"http://www.barterrain.com/barterrain_outside_images/email_pass_background.png\") -0px -15px;background-repeat:no-repeat;overflow:hidden;' background=\"http://www.barterrain.com/barterrain_email_images/td_bottom_left.png\"></td>\n\t\t\t\t\t\t\t<td style='height:15px;background-color:#FFFFFF;'></td>\n\t\t\t\t\t\t\t<td style='width:15px;height:15px;background:url(\"http://www.barterrain.com/barterrain_outside_images/email_pass_background.png\") -235px -15px;background-repeat:no-repeat;overflow:hidden;' background=\"http://www.barterrain.com/barterrain_email_images/td_bottom_right.png\"></td>\t\t\t\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t<tr><td></td><td style='padding-top:23px;'>\n\t\t\t\t\t\t\t\t<div style='z-index:10;text-align:center;position:relative;' align='center'>\n\t\t\t\t\t\t\t\t<font style='color:#000000'>\n\t\t\t\t\t\t\t\t\tForgot your Barterrain password? \n\t\t\t\t\t\t\t\t\t<a href=\"http://www.barterrain.com?forgot_password=true\" style='color:" . $color1 . ";font:12px helvetica, sans-serif;text-decoration:none;'>\n\t\t\t\t\t\t\t\t\t\tClick here</a> to get a temporary password.\n\t\t\t\t\t\t\t\t\t<br/>Want to unsubscribe from these notification emails? \n\t\t\t\t\t\t\t\t\t<a href=\"http://www.barterrain.com/settings/settings.php?settings=notification\" style='color:" . $color1 . ";font:12px helvetica, sans-serif;text-decoration:none;'>\n\t\t\t\t\t\t\t\t\t\tClick here</a> to change notification settings.\n\t\t\t\t\t\t\t\t \t<br/>Received this email in error? Did you not sign up for Barterrain? \n\t\t\t\t\t\t\t\t\tContact <a href=\"mailto:error@barterrain.com\" style='color:" . $color1 . ";font:12px helvetica, sans-serif;text-decoration:none;'>error@barterrain.com</a>!\n\t\t\t\t\t\t\t\t</font>\n\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t</td><td></td></tr>\n \t\t\t\t</table>\n\t\t\t\t\t\t</div></body>\n\t\t\t\t\t\t</html>";
$change_mysql = mysql_query("UPDATE members SET temporary_password='******' WHERE email='{$email}'");
mail($email, $subject, $message, $headers, '*****@*****.**');
echo "Temporary Password Has Been Sent!";
}
exit;
}
}
if ($pass2 !== $pass) {
echo "*Please insert equal passwords.";
exit;
}
/********** CHECK EMAIL *********/
$data = new MysqlConnector();
$data->connectMysql();
if ($data->isRegistered($email)) {
echo "*Email already exists.";
exit;
}
/************ CHECK PICTURE ************/
$img_name = $_FILES['imgToUpdate']['name'];
if ($img_name !== "") {
//Check if the file is bigger than 300kb
if ($_FILES['imgToUpdate']['size'] > 300000) {
echo "*Please insert a picture with a size smaller than 300Kb.";
exit;
}
\Cloudinary::config(getCloudinaryCredentials());
$img_url = \Cloudinary\Uploader::upload($_FILES['imgToUpdate']['tmp_name'], array("crop" => "lfill", "width" => "400", "height" => "400"));
$img_url = $img_url['url'];
}
/* IF EVERYTHING IS OKAY, CRIPT THE PASSWORD AND STORE THE NEW USER
* INFORMATIONS.
*/
$encrypted_pass = cryptPass($pass);
$data->signUp($email, $encrypted_pass, $name, $surname, $img_url);
$data->disconnectMysql();
echo "Successfully registered.";
$remember = $_POST['remember'];
}
// Error Handling Conditional Checks Go Here
if (!$email || !$password) {
$error_message = 'Please Fill In All Fields!';
} else {
if (preg_match('/(?i)msie [1-12]/', $_SERVER['HTTP_USER_AGENT'])) {
$error_message = 'Sorry, Internet Explorer Is Not Supported.';
} else {
$email = mysql_real_escape_string($email);
// Secure String Before Adding To Query
$password = mysql_real_escape_string($password);
// Secure String Before Adding To Query
$password = "******" . $password;
$password_cookie = cryptPass(sha1(md5($password)));
$password_mysql = cryptPass(md5(sha1($password_cookie)));
$mysql1 = mysql_query("SELECT id,email,temporary_password AS password FROM members WHERE email='{$email}' AND temporary_password='******' AND email_activated='1'");
$login_check1 = mysql_num_rows($mysql1);
if ($login_check1 < 1) {
$mysql1 = mysql_query("SELECT id,email,password FROM members WHERE email='{$email}' AND password='******' AND email_activated='1'");
$login_check1 = mysql_num_rows($mysql1);
}
$mysql2 = mysql_query("SELECT id,email,password FROM members WHERE email='{$email}' AND password='******' AND email_activated='0'");
$login_check2 = mysql_num_rows($mysql2);
// Checking If Email Is Activated
if ($login_check2 > 0) {
$error_message = "Please Check Email For Activation Link!";
} else {
if ($login_check1 > 0) {
while ($row = mysql_fetch_array($mysql1)) {
$ids = $row["id"];
$username = "******";
$pass = "******";
//create connection
$conn = mysqli_connect($servername, $username, $pass, $dbname);
//check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
//encrypt password
function cryptPass($input, $rounds = 9)
{
$salt = "";
$saltChars = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9));
//seed for salt
for ($i = 0; $i < 22; $i++) {
$salt .= $saltChars[array_rand($saltChars)];
//loop to randomize all the chars
}
return crypt($input, sprintf('$2y$%05d$', $rounds) . $salt);
}
$hashedPass = cryptPass($password);
//encrypted password
//insert data into database
$sql = "insert into table1 (firstname, lastname, email, password)\nvalues ('{$firstname}', '{$lastname}', '{$email}', '{$hashedPass}')";
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
header("Location:signin.php");
