$udata = $db->fetch_array($result); if ($udata['password'] != $cpass) { gexit($_ERROR['wrong_pw'], __FILE__, __LINE__); } if ($udata['groupid'] <= 0) { gexit($_ERROR['user_ban'], __FILE__, __LINE__); } if (!isset($mode)) { $mode = 'show'; } if ($mode == 'edit') { $gamedata = array(); $gamedata['innerHTML']['info'] = ''; if ($opass && $npass && $rnpass) { $pass_right = true; $pass_check = pass_check($npass, $rnpass); if ($pass_check != 'pass_ok') { $gamedata['innerHTML']['info'] .= $_ERROR[$pass_check] . '<br />'; $pass_right = false; } $opass = md5($opass); $npass = md5($npass); if ($opass != $udata['password']) { $gamedata['innerHTML']['info'] .= $_ERROR['wrong_pw'] . '<br />'; $pass_right = false; } if ($pass_right) { gsetcookie('pass', $npass); $passqry = "`password` ='{$npass}',"; $gamedata['innerHTML']['info'] .= $_INFO['pass_success'] . '<br />'; } else {
<?php require_once 'includes/header.inc.php'; require_once 'includes/user.inc.php'; if (!isset($_POST) || empty($_POST)) { echo 'login please:<br/>' . "\n"; form_dump(array('username' => array('text', '', ''), 'password' => array('password', '', ''), 'login' => array('submit', 'login'))); } else { if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']) && pass_check($_POST['username'], $_POST['password'])) { $_SESSION['user'] = $_POST['username']; $_SESSION['islogged'] = 1; header('location: http://' . $_SERVER['HTTP_HOST'] . '/forum/overview.php'); die; } else { echo 'incorrect login data, please try again<br />' . "\n"; form_dump(array('username' => array('text', $_POST['username'], ''), 'password' => array('password', $_POST['password'], ''), 'login' => array('submit', 'login'))); die; } } require_once 'includes/footer.inc.php';
//require GAME_ROOT.'./gamedata/resources.php'; //include GAME_ROOT.'./include/user.func.php'; //ob_start(); //if($gzipcompress && function_exists('ob_gzhandler') && CURSCRIPT != 'wap') { // ob_start('ob_gzhandler'); //} else { // $gzipcompress = 0; // ob_start(); //} //foreach($nmlimit as $value){ // if(!empty($value) && strpos($username,$value)!==false){ // gexit($_ERROR['banned_name'],__file__,__line__); // } //} $name_check = name_check($username); $pass_check = pass_check($password, $password); if ($name_check != 'name_ok') { gexit($_ERROR[$name_check], __FILE__, __LINE__); } elseif ($pass_check != 'pass_ok') { gexit($_ERROR[$pass_check], __FILE__, __LINE__); } //if(!$username||!$password) { // gexit($_ERROR['login_info'],__file__,__line__); //} elseif(preg_match("[,|>|<|;|'|\"]",$username)){ // gexit($_ERROR['invalid_name'],__file__,__line__); //} elseif(preg_match($nmlimit,$username)){ // gexit($_ERROR['banned_name'],__file__,__line__); //} elseif(mb_strlen($username,'utf-8')>15) { // gexit($_ERROR['long_name'],__file__,__line__); //} else{ // include_once GAME_ROOT.'./gamedata/system.php';
$stmt->execute(); $stmt->bind_result($field1, $value1); while ($stmt->fetch()) { $val_decrypt = decryption($value1); echo $field1 . "\t" . $val_decrypt . "\n"; } } } else { //currUser, user, user, currUser, currUser //returns the password of the currUsers profile only if currUser is friends with user. $fullCheckSQL = "SELECT u.password FROM users as u JOIN friends as f ON u.username=f.user1 OR u.username=f.user2 WHERE ((f.user1=? and f.user2=?) OR (f.user1=? and f.user2=?)) and u.username=?"; $stmt->prepare($fullCheckSQL); $stmt->bind_param('sssss', $currUser, $user, $user, $currUser, $currUser); $stmt->execute(); $stmt->bind_result($pass_return2); $stmt->fetch(); //will fail if passwords do not match if (pass_check($currPass, $pass_return2)) { //user $profileSQL2 = "SELECT field,value FROM profile WHERE user=?"; $stmt->prepare($profileSQL2); $stmt->bind_param('s', $user); $stmt->execute(); $stmt->bind_result($field2, $value2); while ($stmt->fetch()) { $val_dec = decryption($value2); echo $field2 . ":" . $val_dec . "\n"; } } } mysqli_close($con);
<?php include 'encrypt.php'; //user, currUser. currPass $user = $_POST["user"]; $currUser = $_POST["currUser"]; $currPass = $_POST["currPass"]; $con = new mysqli("localhost", "fradmin", "people123", "friendrequest"); $user_pass_sql = "SELECT password FROM users WHERE username=?"; $stmt = $con->stmt_init(); $stmt->prepare($user_pass_sql); $stmt->bind_param('s', $currUser); $stmt->execute(); $stmt->bind_result($user_pass); $stmt->fetch(); $friend_count_sql = "SELECT COUNT(*) FROM friends WHERE (user1=? and user2=?) or (user1=? and user2=?)"; $stmt->prepare($friend_count_sql); $stmt->bind_param('ssss', $user, $currUser, $currUser, $user); $stmt->execute(); $stmt->bind_result($count); $stmt->fetch(); if (pass_check($currPass, $user_pass) && $count > 0) { $delete_friend_sql = "DELETE FROM friends WHERE (user1=? and user2=?) or (user1=? and user2=?)"; $stmt->prepare($delete_friend_sql); $stmt->bind_param('ssss', $user, $currUser, $currUser, $user); $stmt->execute(); echo "true"; } else { echo "false"; }
$pass = $_POST["password"]; $profile = $_POST["profile"]; $jsonProfile = json_decode($profile); //Create connection $con = new mysqli("localhost", "fradmin", "people123", "friendrequest"); $stmt = $con->stmt_init(); $count = 1; //user $passCheckSQL = "SELECT password FROM users WHERE username=?"; $stmt->prepare($passCheckSQL); $stmt->bind_param('s', $user); $stmt->execute(); $stmt->bind_result($pass_result); $stmt->fetch(); //checking the password will fail if user does not exist if (pass_check($pass, $pass_result) && !(strpos($profile, "\n") !== false) && !(strpos($profile, "\t") !== false)) { //user $clearProfileSQL = "DELETE FROM profile WHERE user=?"; $stmt->prepare($clearProfileSQL); $stmt->bind_param('s', $user); $stmt->execute(); foreach ($jsonProfile->profile as $row) { foreach ($row as $key => $val) { if ($val != "") { $val_en = encryption($val); $insertSQL = "INSERT INTO profile VALUES(?,?,?,?)"; $stmt->prepare($insertSQL); $stmt->bind_param('isss', $count, $user, $key, $val_en); $stmt->execute(); $count = $count + 1; }
<?php include 'encrypt.php'; $user = $_POST["user"]; $pass = $_POST["password"]; // Create connection $con = new mysqli("localhost", "fradmin", "people123", "friendrequest"); $stmt = $con->stmt_init(); //user $passSQL = "SELECT password FROM users WHERE username=?"; $stmt->prepare($passSQL); $stmt->bind_param('s', $user); $stmt->execute(); $stmt->bind_result($pass_return); $stmt->fetch(); if (pass_check($pass, $pass_return)) { echo "True"; } else { echo "False"; } mysqli_close($con);
$friendCheckSQL = "SELECT COUNT(*) FROM friends WHERE (user1=? and user2=?) or (user1=? and user2=?)"; $stmt->prepare($friendCheckSQL); $stmt->bind_param('ssss', $user, $fuser, $fuser, $user); $stmt->execute(); $stmt->bind_result($fCount); $stmt->fetch(); //user, fuser $userCheckSQL = "SELECT COUNT(*) FROM users WHERE username=? or username=?"; $stmt->prepare($userCheckSQL); $stmt->bind_param('ss', $user, $fuser); $stmt->execute(); $stmt->bind_result($uCount); $stmt->fetch(); if ($rCount == 0 && $fCount == 0 && $uCount == 2 && $user != $fuser) { //user $passCheckSQL = "SELECT password FROM users WHERE username=?"; $stmt->prepare($passCheckSQL); $stmt->bind_param('s', $user); $stmt->execute(); $stmt->bind_result($passResult); $stmt->fetch(); if (pass_check($pass, $passResult)) { //fuser, user $insertSQL = "INSERT INTO requests (requestee, requester) VALUES (?,?)"; $stmt->prepare($insertSQL); $stmt->bind_param('ss', $fuser, $user); $stmt->execute(); echo "Friend Request Sent To " . $fuser; } } mysqli_close($con);