function page_protect()
{
session_start();
global $db;
if (isset($_SESSION['HTTP_USER_AGENT'])) {
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
logout();
exit;
}
}
if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name'])) {
if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
$cookie_user_id = filter($_COOKIE['user_id']);
$rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='{$cookie_user_id}'") or die(mysql_error());
list($ckey, $ctime) = mysql_fetch_row($rs_ctime);
if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
logout();
}
if (!empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)) {
session_regenerate_id();
//against session fixation attacks.
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='{$_SESSION['user_id']}'"));
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
} else {
logout();
}
} else {
header("Location: login.php");
exit;
}
}
}
function page_protect()
{
//session_save_path(realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/sessions'));
//session_save_path('/hermes/bosweb/web032/b328/ipg.undosonet/miconexionv173/sitio-php/sessions');
//ini_set('session.gc_probability', 1);
//echo session_save_path(realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/sessions'));
session_start();
global $db;
/* Secure against Session Hijacking by checking user agent */
if (isset($_SESSION['HTTP_USER_AGENT'])) {
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
logout();
exit;
}
}
// before we allow sessions, we need to check authentication key - ckey and ctime stored in database
/* If session not set, check for cookies set by Remember me */
if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name'])) {
if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
/* we double check cookie expiry time against stored in database */
$cookie_user_id = filter($_COOKIE['user_id']);
$stmt = $conn->prepare('SELECT `ckey`,`ctime` FROM users WHERE id = :Id');
$stmt->execute(array('Id' => $cookie_user_id));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
$ckey = $row["ckey"];
$ctime = $row["ctime"];
}
// coookie expiry
if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
logout();
}
/* Security check with untrusted cookies - dont trust value stored in cookie.
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
if (!empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)) {
session_regenerate_id();
//against session fixation attacks.
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
/* query user level from database instead of storing in cookies */
$stmt2 = $conn->prepare("SELECT user_level FROM users WHERE id= :Id");
$stmt2->execute(array('Id' => $_SESSION[user_id]));
$rows = $stmt2->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
$user_level = $row["user_level"];
}
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
} else {
logout();
}
} else {
header("Location: login.php");
exit;
}
}
}
function page_protect() {
session_start();
global $db;
if (isset($_SESSION['HTTP_USER_AGENT']))
{
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
{
logout();
exit;
}
}
if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) )
{
if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){
$cookie_user_id = filter($_COOKIE['user_id']);
$rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
// coookie expiry
if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {
logout();
}
if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey) ) {
session_regenerate_id();
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
$_SESSION['user_firstname'] = $first_name;
$_SESSION['user_lastname'] = $last_name;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
} else {
logout();
}
} else {
header("Location: index.php");
exit();
}
}
}
function page_protect()
{
session_start();
global $mysql_hostname, $mysql_username, $mysql_password, $mysql_dbname;
/* Secure against Session Hijacking by checking user agent */
if (isset($_SESSION['HTTP_USER_AGENT'])) {
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
logout();
exit;
}
}
// before we allow sessions, we need to check authentication key - ckey and ctime stored in database
/* If session not set, check for cookies set by Remember me */
if (!isset($_SESSION['username'])) {
if (isset($_COOKIE['username']) && isset($_COOKIE['userkey'])) {
/* we double check cookie expiry time against stored in database */
$conn = mysql_connect($mysql_hostname, $mysql_username, $mysql_password);
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db($mysql_dbname);
$qry = "SELECT ckey,ctime FROM users where username='******'";
$cookie_username = filter($_COOKIE['username']);
$rs_ctime = mysql_query($qry, $conn);
list($ckey, $ctime) = mysql_fetch_row($rs_ctime);
mysql_close($conn);
// coookie expiry
if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
logout();
}
/* Security check with untrusted cookies - dont trust value stored in cookie.
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
if (!empty($ckey) && isUserID($_COOKIE['username']) && $_COOKIE['userkey'] == sha1($ckey)) {
session_regenerate_id();
//against session fixation attacks.
$_SESSION['username'] = $_COOKIE['username'];
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
} else {
logout();
}
} else {
header("Location: index.php");
exit;
}
}
}
function page_protect()
{
session_start();
global $link, $linkopd;
/* Secure against Session Hijacking by checking user agent */
if (isset($_SESSION['HTTP_USER_AGENT'])) {
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
logout();
exit;
}
}
// before we allow sessions, we need to check authentication key - ckey and ctime stored in database
/* If session not set, check for cookies set by Remember me */
if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name'])) {
if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
/* we double check cookie expiry time against stored in database */
$cookie_user_id = filter($_COOKIE['user_id']);
$rs_ctime = mysqli_query($link, "select `ckey`,`ctime` from `users` where `id` ='{$cookie_user_id}'") or die(mysqli_error($link));
list($ckey, $ctime) = mysqli_fetch_row($rs_ctime);
// coookie expiry
if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
logout();
}
/* Security check with untrusted cookies - dont trust value stored in cookie.
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
if (!empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)) {
session_regenerate_id();
//against session fixation attacks.
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
/* query user level from database instead of storing in cookies */
list($user_level) = mysqli_fetch_row(mysqli_query($link, "select user_level from users where id='{$_SESSION['user_id']}'"));
list($accode) = mysqli_fetch_row(mysqli_query($link, "select user_level from users where id='{$_SESSION['user_id']}'"));
$_SESSION['user_level'] = $user_level;
$_SESSION['user_accode'] = $accode;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
} else {
logout();
}
} else {
header("Location: ../login/login.php");
exit;
}
}
}
}
/********************* RECAPTCHA CHECK *******************************
This code checks and validates recaptcha
****************************************************************/
require_once 'recaptchalib.php';
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
die("<h2>Image Verification failed!. Go back and try again.</h2> (reCAPTCHA said: " . $resp->error . ")");
}
/************************ SERVER SIDE VALIDATION **************************************/
/********** This validation is useful if javascript is disabled in the browswer ***/
if (empty($data['full_name']) || strlen($data['full_name']) < 4) {
$err[] = "ERROR - Invalid name. Please enter at least 3 or more characters for your name";
}
// Validate User Name
if (!isUserID($data['user_name'])) {
$err[] = "ERROR - Invalid user name. It can contain alphabet, number and underscore.";
}
// Validate Email
if (!isEmail($data['usr_email'])) {
$err[] = "ERROR - Invalid email address.";
}
// Check User Passwords
if (!checkPwd($data['pwd'], $data['pwd2'])) {
$err[] = "ERROR - Invalid Password or mismatch. Enter 5 chars or more";
}
$user_ip = $_SERVER['REMOTE_ADDR'];
// stores sha1 of password
$sha1pass = PwdHash($data['pwd']);
// Automatically collects the hostname or domain like example.com)
$host = $_SERVER['HTTP_HOST'];
<?php
include 'dbc.php';
foreach ($_GET as $key => $value) {
$get[$key] = filter($value);
}
$user = mysql_real_escape_string($get['user']);
if (isset($get['cmd']) && $get['cmd'] == 'check') {
if (!isUserID($user)) {
echo "Invalid User ID";
exit;
}
if (empty($user) && strlen($user) <= 3) {
echo "Enter 5 chars or more";
exit;
}
$rs_duplicate = mysql_query("select count(*) as total from users where user_name='{$user}' ") or die(mysql_error());
list($total) = mysql_fetch_row($rs_duplicate);
if ($total > 0) {
echo "Not Available";
} else {
echo "Available";
}
}
function register()
{
global $link;
function get_include_contents($filename, $variablesToMakeLocal)
{
extract($variablesToMakeLocal);
if (is_file($filename)) {
ob_start();
include $filename;
return ob_get_clean();
}
return false;
}
/******************* Filtering/Sanitizing Input *****************************
This code filters harmful script code and escapes data of all POST data
from the user submitted form.
*****************************************************************/
foreach ($_POST as $key => $value) {
$data[$key] = $value;
}
/********************* RECAPTCHA CHECK *******************************
This code checks and validates recaptcha
****************************************************************/
// require_once('recaptchalib.php');
// $resp = recaptcha_check_answer ($privatekey,
// $_SERVER["REMOTE_ADDR"],
// $_POST["recaptcha_challenge_field"],
// $_POST["recaptcha_response_field"]);
// if (!$resp->is_valid) {
// die ("<h3>Image Verification failed!. Go back and try again.</h3>" .
// "(reCAPTCHA said: " . $resp->error . ")");
// }
/************************ SERVER SIDE VALIDATION **************************************/
/********** This validation is useful if javascript is disabled in the browswer ***/
if (empty($data['user_name']) || strlen($data['user_name']) < 4) {
echo "hello4";
$err[] = "ERROR - Invalid name. Please enter atleast 3 or more characters for your name";
//header("Location: register.php?msg=$err");
//exit();
}
// Validate User Name
if (!isUserID($data['user_username'])) {
echo "hello3";
$err[] = "ERROR - Invalid user name. It can contain alphabet, number and underscore.";
//header("Location: register.php?msg=$err");
//exit();
}
// Validate Email
if (!isEmail($data['user_email'])) {
echo "hello1";
$err[] = "ERROR - Invalid email address.";
//header("Location: register.php?msg=$err");
//exit();
}
// Check User Passwords
// if (!checkPwd($data['pass'],$data['pass2'])) {echo ("hello2");
// $err[] = "ERROR - Invalid Password or mismatch. Enter 5 chars or more";
//header("Location: register.php?msg=$err");
//exit();
// }
$user_ip = $_SERVER['REMOTE_ADDR'];
// stores sha1 of password
$sha1pass = PwdHash($data['pass']);
// Automatically collects the hostname or domain like example.com)
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
// Generates activation code simple 4 digit number
$activ_code = rand(1000, 9999);
$user_email = $data['user_email'];
$user_name = $data['user_name'];
/************ USER EMAIL CHECK ************************************
This code does a second check on the server side if the email already exists. It
queries the database and if it has any existing email it throws user email already exists
*******************************************************************/
$rs_duplicate = mysqli_query($link, "select count(*) as total from users where user_email='{$user_email}' OR user_name='{$user_name}'") or die(mysql_error());
list($total) = mysqli_fetch_row($rs_duplicate);
if ($total > 2) {
echo "hello5";
$err[] = "ERROR - The username/email already exists. Please try again with different username and email.";
//header("Location: register.php?msg=$err");
//exit();
}
/***************************************************************************/
if (empty($err)) {
$sql_insert = "INSERT into `users`(`full_name`,`user_email`,`pwd`,`date`,`users_ip`,`activation_code`,`user_name`)\n\t\t\t\tVALUES('{$data['user_name']}','{$user_email}','{$sha1pass}',now(),'{$user_ip}','{$activ_code}','{$user_name}')";
mysqli_query($link, $sql_insert) or die("Insertion Failed:" . mysql_error());
$user_id = mysqli_insert_id($link);
$md5_id = md5($user_id);
mysqli_query($link, "update users set md5_id='{$md5_id}' where id='{$user_id}'");
// echo "<h3>Thank You</h3> We received your submission.";
$mail = new PHPMailer();
$mail->isSMTP();
// Set mailer to use SMTP
$mail->Host = 'smtp.gmail.com';
// Specify main and backup server
$mail->SMTPAuth = true;
// Enable SMTP authentication
$mail->Username = '******';
// SMTP username
$mail->Password = '******';
// SMTP password
$mail->SMTPSecure = 'tls';
// Enable encryption, 'ssl' also accepted
$mail->Port = 587;
//Set the SMTP port number - 587 for authenticated TLS
$mail->setFrom('*****@*****.**', 'Lake Nona');
//Set who the message is to be sent from
//$mail->addReplyTo('*****@*****.**', 'First Last'); //Set an alternative reply-to address
$mail->addAddress($user_email, $user_name);
// Add a recipient
//$mail->addAddress('*****@*****.**'); // Name is optional
//$mail->addCC('*****@*****.**');
//$mail->addBCC('*****@*****.**');
$mail->WordWrap = 50;
// Set word wrap to 50 characters
//$mail->addAttachment('/usr/labnol/file.doc'); // Add attachments
//$mail->addAttachment('/images/image.jpg', 'new.jpg'); // Optional name
$mail->isHTML(true);
// Set email format to HTML
// $mail->SMTPDebug = 2;
$mail->Subject = 'GroupX onDemand Registration / Activation';
$variable['user_username'] = $data['user_name'];
$variable['user_name'] = $data['user_name'];
$variable['user_email'] = $data['user_email'];
$variable['host'] = $host;
$variable['path'] = $path;
$variable['activ_code'] = $activ_code;
$variable['id'] = $md5_id;
//$mail->Body = 'This is the HTML message body <b>in bold!</b>';
//$mail->AltBody = 'HEllo JIm Reydnolds this is a test';
//Read an HTML message body from an external file, convert referenced images to embedded,
//convert HTML into a basic plain-text alternative body
$mail->Body = get_include_contents('registration.php', $variable);
$mail->Send();
$msg['errorCode'] = 1;
echo json_encode($msg);
exit;
} else {
if (!$mail->send()) {
echo 'Message could not be sent.';
echo 'Mailer Error: ' . $mail->ErrorInfo;
exit;
}
}
}
if (isset($_POST['username'])) {
foreach ($_POST as $key => $value) {
$posts[$key] = filter($value);
}
$checkForUser = mysql_query("SELECT id FROM `users` WHERE `username`='{$posts['username']}' OR `email`='{$posts['email']}'");
$checkForUserRows = mysql_num_rows($checkForUser);
$ip = VisitorIP();
$checkForIP = mysql_query("SELECT id FROM `users` WHERE `ip`='{$ip}'");
$checkForIPRows = mysql_num_rows($checkForIP);
if ($checkForUserRows > 0) {
$error = "Username or email already registered!";
} else {
if ($checkForIPRows > 0) {
$error = "You may only have one account per IP!";
} else {
if (!isUserID($posts['username'])) {
$error = "Username is incorrect!";
} else {
if (!isEmail($posts['email'])) {
$error = "Enter a valid email address!";
} else {
if (!checkPwd($posts['password'], $posts['password2'])) {
$error = "Passwords do not match and/or are not atleast 4 characters long!";
} else {
$ref = "";
if (isset($_COOKIE['ref'])) {
$ref = $_COOKIE['ref'];
$refInfo = mysql_query("SELECT * FROM `users` WHERE `id`='{$ref}'");
$refInfo = mysql_fetch_object($refInfo);
mysql_query("INSERT INTO `referals`(user,referal,date) values('{$refInfo->username}','{$posts['username']}',NOW())");
}
function page_protect()
{
session_start();
global $connect_db;
/* Secure against Session Hijacking by checking user agent */
if (isset($_SESSION['HTTP_USER_AGENT'])) {
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
logout();
exit;
}
}
// log out if cookies are deleted
if (!isset($_COOKIE['user_id']) && !isset($_COOKIE['user_key'])) {
logout();
}
// log out if cookies expired!
if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
/* we double check cookie expiry time against stored in database */
$cookie_user_id = filter($_COOKIE['user_id']);
$rs_ctime = mysql_query("select `ckey`,`ctime`,`remember` from `admins` where `admin_id` ='{$cookie_user_id}'") or die(mysql_error());
list($ckey, $ctime, $remember) = mysql_fetch_row($rs_ctime);
// coookie expiry
//with remember me
if ($remember) {
if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
logout();
}
} else {
//without remember me
// coookie expiry
if (time() - $ctime > 60 * 60 * COOKIE_TIME_OUT_DEFAULT) {
logout();
}
}
}
/* If session not set, check for cookies set by Remember me */
if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name'])) {
if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
/* we double check cookie expiry time against stored in database */
$cookie_user_id = filter($_COOKIE['user_id']);
$rs_ctime = mysql_query("select `ckey`,`ctime`,`remember` from `admins` where `admin_id` ='{$cookie_user_id}'") or die(mysql_error());
list($ckey, $ctime, $remember) = mysql_fetch_row($rs_ctime);
// coookie expiry
//with remember me
if ($remember) {
if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
logout();
}
} else {
//without remember me
// coookie expiry
if (time() - $ctime > 60 * 60 * COOKIE_TIME_OUT_DEFAULT) {
logout();
}
}
/* Security check with untrusted cookies - dont trust value stored in cookie.
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
if (!empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)) {
session_regenerate_id();
//against session fixation attacks.
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
$_SESSION['user_level'] = 1;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
} else {
logout();
}
} else {
header("Location: login.php");
exit;
}
}
}
<?php
include 'header.php';
if (isset($_POST['register'])) {
foreach ($_POST as $key => $value) {
$protect[$key] = filter($value);
}
$verify = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `user`='{$protect['user']}' OR `email`='{$protect['email']}'"));
if ($verify > 0) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Username or email already registered!</div></div>";
} else {
if (strlen($protect['user']) > 12 or strlen($protect['user']) < 2) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Your username must have from 2 to 12 characters!</div></div>";
} else {
if (!isUserID($protect['user'])) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Username is incorrect!</div></div>";
} else {
if (!isEmail($protect['email'])) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Enter a valid email address!</div></div>";
} else {
if (!checkPwd($protect['password'], $protect['password2'])) {
$message = "<div class=\"msg\"><div class=\"error\">ERROR: Passwords do not match!</div></div>";
} else {
$passa = $protect['password'];
$passc = MD5($passa);
$guid = getGUID();
mysql_query("INSERT INTO `users` (user, password, email, guid) values('{$protect['user']}', '{$passc}', '{$protect['email']}', '" . $guid . "')") or die(mysql_error());
$message = "<div class=\"msg\"><div class=\"success\">Registered!</div></div>";
echo "<script>document.location.href='index.php'</script>";
}
}
function register() {
include 'datalink.php';
$err = array();
if($_POST['doRegister'] == 'Register')
{
/******************* Filtering/Sanitizing Input *****************************
This code filters harmful script code and escapes data of all POST data
from the user submitted form.
*****************************************************************/
foreach($_POST as $key => $value) {
$data[$key] = filter($value);
}
/************************ SERVER SIDE VALIDATION **************************************/
/********** This validation is useful if javascript is disabled in the browswer ***/
if(empty($data['full_name']) || strlen($data['full_name']) < 4)
{
$err[] = "ERROR - Invalid name. Please enter atleast 3 or more characters for your name";
//header("Location: register.php?msg=$err");
//exit();
}
// Validate User Name
if (!isUserID($data['user_name'])) {
$err[] = "ERROR - Invalid user name. It can contain alphabet, number and underscore.";
//header("Location: register.php?msg=$err");
//exit();
}
// Validate Email
if(!isEmail($data['usr_email'])) {
$err[] = "ERROR - Invalid email address.";
//header("Location: register.php?msg=$err");
//exit();
}
// Check User Passwords
if (!checkPwd($data['pwd'],$data['pwd2'])) {
$err[] = "ERROR - Invalid Password or mismatch. Enter 5 chars or more";
//header("Location: register.php?msg=$err");
//exit();
}
$user_ip = $_SERVER['REMOTE_ADDR'];
// stores sha1 of password
$sha1pass = PwdHash($data['pwd']);
// Automatically collects the hostname or domain like example.com)
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
// Generates activation code simple 4 digit number
$activ_code = rand(1000,9999);
$usr_email = $data['usr_email'];
$user_name = $data['user_name'];
/************ USER EMAIL CHECK ************************************
This code does a second check on the server side if the email already exists. It
queries the database and if it has any existing email it throws user email already exists
*******************************************************************/
$rs_duplicate = mysql_query("select count(*) as total from users where user_email='$usr_email' OR user_name='$user_name'") or die(mysql_error());
list($total) = mysql_fetch_row($rs_duplicate);
if ($total > 0)
{
$err[] = "ERROR - The username/email already exists. Please try again with different username and email.";
//header("Location: register.php?msg=$err");
//exit();
}
/***************************************************************************/
if(empty($err)) {
$sql_insert = "INSERT into `users`
(`first_name`, `last_name`, `user_name`, `user_email`,`pwd`,`city`,`state`,`field`,`gpa`,`date`,`users_ip`,`activation_code`
)
VALUES
('$data[first_name]','$data[last_name]','$user_name','$usr_email','$sha1pass','$data[city]','$data[state]','$data[field]','$data[gpa]',
,now(),'$user_ip','$activ_code'
)
";
mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
$user_id = mysql_insert_id($link);
$md5_id = md5($user_id);
mysql_query("update users set md5_id='$md5_id' where id='$user_id'");
// echo "<h3>Thank You</h3> We received your submission.";
if($user_registration) {
$a_link = "
*****ACTIVATION LINK*****\n
http://$host$path/activate.php?user=$md5_id&activ_code=$activ_code
";
} else {
$a_link =
"Your account is *PENDING APPROVAL* and will be soon activated the administrator.
";
}
$message =
"Hello \n
Thank you for registering with us. Here are your login details...\n
User ID: $user_name
Email: $usr_email \n
Passwd: $data[pwd] \n
$a_link
Thank You
Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE.
***DO NOT RESPOND TO THIS EMAIL****
";
mail($usr_email, "Login Details", $message,
"From: \"Member Registration\" <auto-reply@$host>\r\n" .
"X-Mailer: PHP/" . phpversion());
header("Location: thankyou.php");
exit();
}
}
}
function page_protect()
{
session_start();
global $db;
$const = get_defined_constants();
/* Secure against Session Hijacking by checking user agent */
if (isset($_SESSION['HTTP_USER_AGENT'])) {
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
logout();
exit;
}
}
// if there is a session we first check to see if they are set to be forced to log out
// then make sure the php session_id() matches the value stored in the database
if ($_SESSION[user_id]) {
$result = mysql_query("select force_logout, sid from {$const['TBL_USERS']} where id='{$_SESSION['user_id']}'");
list($force_logout, $sid) = mysql_fetch_row($result);
if ($force_logout) {
logout();
exit;
}
if ($sid != sha1('occasions2011' . session_id())) {
logout();
exit;
}
}
// before we allow sessions, we need to check authentication key - ckey and ctime stored in database
/* If session not set, check for cookies set by Remember me */
if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name'])) {
if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
/* we double check cookie expiry time against stored in database */
$cookie_user_id = filter($_COOKIE['user_id']);
$rs_ctime = mysql_query("select `ckey`,`ctime` from {$const['TBL_USERS']} where `id` ='{$cookie_user_id}'") or die(mysql_error());
list($ckey, $ctime) = mysql_fetch_row($rs_ctime);
// cookie expiry
if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
logout();
exit;
}
/* Security check with untrusted cookies - dont trust value stored in cookie.
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
if (!empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)) {
session_regenerate_id();
//against session fixation attacks.
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['fake_user_id'] = $_COOKIE['user_id'];
$_SESSION['user_name'] = $_COOKIE['user_name'];
//* query user level from database instead of storing in cookies */
//$result = mysql_query("select user_level, user_can_leadlist from {$const['TBL_USERS']} where id='$_SESSION[user_id]'");
//list($user_level, $user_can_leadlist) = mysql_fetch_row($result);
//
//$_SESSION['user_level'] = $user_level;
//$_SESSION['user_can_leadlist'] = $user_can_leadlist;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
} else {
logout();
exit;
}
} else {
header("Location: " . PAGE_LOGIN);
exit;
}
}
/* query user level from database instead of storing in cookies */
$result = mysql_query("select full_name, user_level, force_logout, user_can_leadlist, user_can_events from {$const['TBL_USERS']} where id='{$_SESSION['user_id']}'");
list($full_name, $user_level, $force_logout, $user_can_leadlist, $user_can_events) = mysql_fetch_row($result);
if ($force_logout) {
logout();
exit;
}
$_SESSION['user_level'] = $user_level;
$_SESSION['full_name'] = $full_name;
$_SESSION['user_can_leadlist'] = $user_can_leadlist;
$_SESSION['user_can_events'] = $user_can_events;
}
$x111022oo[0] = 'UP';
}
if ($x111022oo[0] == 'SD') {
$x111022oo[0] = 'SU';
}
if ($x111022oo[0] == 'BD') {
$x111022oo[0] = 'BG';
}
if (isset($_POST['register'])) {
$verificare1 = mysql_query("SELECT * FROM `vbusers` WHERE `login`='{$_POST['user']}' OR `email`='{$_POST['email']}'");
$verificare = mysql_num_rows($verificare1);
if ($verificare > 0) {
$message = "This email address or username Already Registered! Please Try to Login.";
$message2 = 1;
} else {
if (!isUserID($_POST['user'])) {
$message = "Username format is incorrect!";
$message2 = 1;
} else {
if (!isEmail($_POST['email'])) {
$message = "Email format is incorrect!";
$message2 = 1;
} else {
if ($_POST['email'] != $_POST['email2']) {
$message = "Email addresses do Not match!";
$message2 = 1;
} else {
if (!checkPwd($_POST['password'], $_POST['password2'])) {
$message = "Passwords do not match!";
$message2 = 1;
} else {