function login_check($nick, $password)
{
global $settings;
$this->nick = $nick;
if (!$this->read()) {
return false;
}
return sha512($this->salt . $password) == $this->password ? sha512(sprintf('p%sh%sp', $this->password, $settings->site_key)) : false;
}
function init()
{
global $settings, $db, $params;
$this->date = strftime('%d/%m');
$this->ip = $_SERVER['REMOTE_ADDR'];
$this->origin = urlencode($_SERVER['REQUEST_URI']);
/* today's lesson: the more bullshit you get into a cookie, the more secure it is. */
$this->expected_cookie = sha512(sprintf('ni%sna%sne', $settings->site_key, date('YdmYdYmdYmdY')));
$this->xsrf = substr(sha512(sprintf('el%sek%str%so', $this->expected_cookie, $this->ip, $settings->site_key)), 0, 8);
if (!isset($_COOKIE[$settings->cookie])) {
return false;
}
$tmp = base64_decode($_COOKIE[$settings->cookie]);
$tmp = explode('!', $tmp);
if (count($tmp) < 2) {
// garbage; destroy
$this->log(sprintf('Garbage cookie: %s', $_COOKIE[$settings->cookie]));
$this->destroy();
return false;
}
if ((int) $tmp[0] == 0) {
if ($this->expected_cookie == $tmp[1]) {
$this->level = 'reader';
/* return already */
return true;
}
$this->log(sprintf('Invalid cookie: %s', $_COOKIE[$settings->cookie]), 256, true);
$this->destroy();
return false;
} else {
$user = new User();
if ($user->cookie_check((int) $tmp[0], $tmp[1])) {
$this->user = (int) $tmp[0];
$this->level = 'admin';
$this->nick = $user->nick;
} else {
$this->destroy();
}
return false;
}
return false;
}
<!DOCTYPE html>
<html>
<head>
<title>User password generator</title>
</head>
<body>
<?php
$org_pw = '';
if (isset($_POST['passwd'])) {
$org_pw = $_POST['passwd'];
$hash_pw = sha512($org_pw);
$salt = sha512(uniqid(mt_rand(1, mt_getrandmax()), true));
$pw = sha512($hash_pw . $salt);
echo '<strong>Original Password:</strong> ' . $org_pw;
echo '<br/>';
echo '<br/>';
echo '<strong>Password:</strong> ' . $pw;
echo '<br/>';
echo '<br/>';
echo '<strong>Salt:</strong> ' . $salt;
echo '<br/>';
echo '<hr/>';
echo '<br/>';
}
function sha512($str = '', $raw_output = FALSE)
{
return hash('sha512', $str, $raw_output);
}
?>
<form name="form1" method="post" action="">
<label for="passwd">Password</label>
<?php
include 'connect.php';
//variables goes here
$name = mysqli_escape_string($_POST['name']);
$email = mysqli_escape_string($_POST['email']);
$password = sha256(sha512(mysqli_escape_string($_POST['password'])));
$confirm = sha256(sha512(mysqli_escape_string($_POST['confirm'])));
$send = $_POST['send'];
//top level domain for emails
$domains = array('@gmail.com', '@outlook.com', '@outlook.es', '@yahoo.com');
//validate form
function validate()
{
$clean_email = strstr($email, '@');
if (empty($name) || !isset($name)) {
echo 'please fill all fields';
}
//check if array has a value
if (!in_array($clean_email, $domains)) {
echo 'please enter a valid email provider';
}
if ($password !== $confirm) {
echo 'plase check your password match';
}
if (isset($_POST['register'])) {
start_session();
}
}
validate();
function start_session()
