function UserLogin($data) { $sql = "select * from user where username=:username"; $userinfo = db_query_first($sql, array(":username" => $data['username'])); if (empty($userinfo)) { return Register($data); } else { if ($userinfo['password'] == md5($data['password'])) { $token = Crypt3Des::encrypt(json_encode($userinfo), $GLOBALS['keys']); return ErrorCode::CODE("1000", array("token" => urlencode($token))); } else { return ErrorCode::CODE("1001"); } } }
<?php require_once 'header.php'; if ($_POST["registerUser"] != "") { $username = $_POST["registerUser"]; $userpassword = $_POST["registerNewPassword"]; $confirmpassword = $_POST["registerConfirmPassword"]; $regkey = $_POST["registerRegKey"]; if ($userpassword == $confirmpassword) { if (Register($username, $regkey, $userpassword)) { $message = 'Great, you\'ve been registered. Head to your <a href="profile.php">profile page</a> to get started.'; } else { $error = "Invalid username or registration key"; } } else { $error = "Passwords did not match"; } } elseif ($_GET['reg'] != 'z41dZ2d5!') { $message = 'Sorry, but I don\'t think you\'re supposed to be here.'; } ?> <p>In order to register as a member of the Planet Money Refinance timeline you must be given a username and registration key.</p> <p>If you don't have one, you probably aren't going to get one, so you might as well just head to the <a href="index.php">main page</a> and enjoy the cool timeline.</p> <p>Or perhaps you're here to crack my server. In which case, godspeed. To me, not you, 'cause you'll probably succeed.</p> <hr /> <?php
//LogOut(); break; case "3": //ChangeNumber $code = $codes[array_rand($codes)]; Login($username, $pass); $change = ChangeNumber($code); //$out = array_values($change); echo @json_encode($change); LogOut(); break; case "4": //Reg $name = 'Thuy Nho'; $birthday = '12/30/1985'; $reg = Register($username, $name, $pass, $birthday); $code = $codes[array_rand($codes)]; Login($username, $pass); $change = ChangeNumber($code); //$out = array_values($change); echo @json_encode($change); LogOut(); break; case "5": ini_set('max_execution_time', 300); //300 seconds = 5 minutes //hideChatGroup try { Login($username, $pass); $msgs = GetMessages(); foreach ($msgs['conversations']['conversation'] as $msg) {
function Register2($verifiedOpenID = false) { global $txt, $modSettings, $context, $sourcedir; // Start collecting together any errors. $reg_errors = array(); // Did we save some open ID fields? if ($verifiedOpenID && !empty($context['openid_save_fields'])) { foreach ($context['openid_save_fields'] as $id => $value) { $_POST[$id] = $value; } } // You can't register if it's disabled. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) { fatal_lang_error('registration_disabled', false); } // Things we don't do for people who have already confirmed their OpenID allegances via register. if (!$verifiedOpenID) { // Well, if you don't agree, you can't register. if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) { redirectexit(); } // Make sure they came from *somewhere*, have a session. if (!isset($_SESSION['old_url'])) { redirectexit('action=register'); } // Are they under age, and under age users are banned? if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) { // !!! This should be put in Errors, imho. loadLanguage('Login'); fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge'])); } // Check whether the visual verification code was entered correctly. if (!empty($modSettings['reg_verification'])) { require_once $sourcedir . '/lib/Subs-Editor.php'; $verificationOptions = array('id' => 'register'); $context['visual_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['visual_verification'])) { loadLanguage('Errors'); foreach ($context['visual_verification'] as $error) { $reg_errors[] = $txt['error_' . $error]; } } } } foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } // Collect all extra registration fields someone might have filled in. $possible_strings = array('location', 'birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'signature', 'personal_text', 'avatar', 'lngfile', 'secret_question', 'secret_answer'); $possible_ints = array('pm_email_notify', 'notify_types', 'gender', 'id_theme'); $possible_floats = array('time_offset'); $possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online'); if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') { $_POST['secret_answer'] = md5($_POST['secret_answer']); } // Needed for isReservedName() and registerMember(). require_once $sourcedir . '/lib/Subs-Members.php'; // Validation... even if we're not a mall. if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) { $_POST['real_name'] = trim(preg_replace('~[\\s]~u', ' ', $_POST['real_name'])); if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && commonAPI::strlen($_POST['real_name']) < 60) { $possible_strings[] = 'real_name'; } } // Handle a string as a birthdate... if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') { $_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate'])); } elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) { $_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']); } // By default assume email is hidden, only show it if we tell it to. $_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1; // Validate the passed language file. if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) { // Do we have any languages? if (empty($context['languages'])) { getLanguages(); } // Did we find it? if (isset($context['languages'][$_POST['lngfile']])) { $_SESSION['language'] = $_POST['lngfile']; } else { unset($_POST['lngfile']); } } else { unset($_POST['lngfile']); } // Set the options needed for registration. $regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array()); // Include the additional options that might have been filled in. foreach ($possible_strings as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = commonAPI::htmlspecialchars($_POST[$var], ENT_QUOTES); } } foreach ($possible_ints as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (int) $_POST[$var]; } } foreach ($possible_floats as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (double) $_POST[$var]; } } foreach ($possible_bools as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1; } } // Registration options are always default options... if (isset($_POST['default_options'])) { $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options']; } $regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array(); // Make sure they are clean, dammit! $regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']); // If Quick Reply hasn't been set then set it to be shown but collapsed. if (!isset($regOptions['theme_vars']['display_quick_reply'])) { $regOptions['theme_vars']['display_quick_reply'] = 1; } // Check whether we have fields that simply MUST be displayed? $request = smf_db_query(' SELECT col_name, field_name, field_type, field_length, mask, show_reg FROM {db_prefix}custom_fields WHERE active = {int:is_active}', array('is_active' => 1)); $custom_field_errors = array(); while ($row = mysql_fetch_assoc($request)) { // Don't allow overriding of the theme variables. if (isset($regOptions['theme_vars'][$row['col_name']])) { unset($regOptions['theme_vars'][$row['col_name']]); } // Not actually showing it then? if (!$row['show_reg']) { continue; } // Prepare the value! $value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : ''; // We only care for text fields as the others are valid to be empty. if (!in_array($row['field_type'], array('check', 'select', 'radio'))) { // Is it too long? if ($row['field_length'] && $row['field_length'] < commonAPI::strlen($value)) { $custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length'])); } // Any masks to apply? if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') { //!!! We never error on this - just ignore it at the moment... if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $value) === 0 || strlen($value) > 255)) { $custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name'])); } elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) { $custom_field_errors[] = array('custom_field_not_number', array($row['field_name'])); } elseif (substr($row['mask'], 0, 5) == 'regex' && preg_match(substr($row['mask'], 5), $value) === 0) { $custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name'])); } } } // Is this required but not there? if (trim($value) == '' && $row['show_reg'] > 1) { $custom_field_errors[] = array('custom_field_empty', array($row['field_name'])); } } mysql_free_result($request); // Process any errors. if (!empty($custom_field_errors)) { loadLanguage('Errors'); foreach ($custom_field_errors as $error) { $reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]); } } // Lets check for other errors before trying to register the member. if (!empty($reg_errors)) { $_REQUEST['step'] = 2; return Register($reg_errors); } // If they're wanting to use OpenID we need to validate them first. if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') { // What do we need to save? $save_variables = array(); foreach ($_POST as $k => $v) { if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) { $save_variables[$k] = $v; } } require_once $sourcedir . '/lib/Subs-OpenID.php'; smf_openID_validate($_POST['openid_identifier'], false, $save_variables); } elseif ($verifiedOpenID || !empty($_POST['openid_identifier']) && $_POST['authenticate'] == 'openid') { $regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname']; $regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email']; $regOptions['auth_method'] = 'openid'; $regOptions['openid'] = !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : $_SESSION['openid']['openid_uri']; } $memberID = registerMember($regOptions, true); // What there actually an error of some kind dear boy? if (is_array($memberID)) { $reg_errors = array_merge($reg_errors, $memberID); $_REQUEST['step'] = 2; return Register($reg_errors); } // Do our spam protection now. spamProtection('register'); HookAPI::callHook('register_process'); // We'll do custom fields after as then we get to use the helper function! if (!empty($_POST['customfield'])) { require_once $sourcedir . '/Profile.php'; require_once $sourcedir . '/Profile-Modify.php'; makeCustomFieldChanges($memberID, 'register'); } // If COPPA has been selected then things get complicated, setup the template. if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) { redirectexit('action=coppa;member=' . $memberID); } elseif (!empty($modSettings['registration_method'])) { EoS_Smarty::loadTemplate('register/base'); EoS_Smarty::getConfigInstance()->registerHookTemplate('register_content_area', 'register/done'); $context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']); } else { HookAPI::callHook('integrate_activate', array($row['member_name'])); setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt'])); redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']); } }
<?php include_once "DBManager.php"; include_once "EMailManager.php"; if (isset($_GET["action"])) { switch ($_GET["action"]) { case "login": Login(); break; case "register": Register(); break; default: exit("Unknown param action=" . $_GET["action"]); } } else { exit("Empty params"); } function Login() { if (!isset($_GET["login"]) or !isset($_GET["pass"])) { exit("Login or password not set"); } $login = CleanString($_GET["login"]); $pass = CleanString($_GET["pass"]); $result = ExecQueryAndReturnResult("SELECT `Id` FROM `users` WHERE `Login` = '{$login}' and `Password` = '{$pass}' and `Banned` = 0"); if (count($result) == 1) { session_start(); $_SESSION['login_user'] = $result[0][0]; echo "OK"; } else {
function Register2($verifiedOpenID = false) { global $scripturl, $txt, $modSettings, $context, $sourcedir; global $user_info, $options, $settings, $smcFunc; // Start collecting together any errors. $reg_errors = array(); // Did we save some open ID fields? if ($verifiedOpenID && !empty($context['openid_save_fields'])) { foreach ($context['openid_save_fields'] as $id => $value) { $_POST[$id] = $value; } } // You can't register if it's disabled. if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) { fatal_lang_error('registration_disabled', false); } // Things we don't do for people who have already confirmed their OpenID allegances via register. if (!$verifiedOpenID) { // Well, if you don't agree, you can't register. if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) { redirectexit(); } // Make sure they came from *somewhere*, have a session. if (!isset($_SESSION['old_url'])) { redirectexit('action=register'); } // Are they under age, and under age users are banned? if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) { // !!! This should be put in Errors, imho. loadLanguage('Login'); fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge'])); } // Check whether the visual verification code was entered correctly. if (!empty($modSettings['reg_verification'])) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'register'); $context['visual_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['visual_verification'])) { loadLanguage('Errors'); foreach ($context['visual_verification'] as $error) { $reg_errors[] = $txt['error_' . $error]; } } } } foreach ($_POST as $key => $value) { if (!is_array($_POST[$key])) { $_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key])); } } // Collect all extra registration fields someone might have filled in. $possible_strings = array('website_url', 'website_title', 'aim', 'yim', 'skype', 'gtalk', 'location', 'birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'signature', 'personal_text', 'avatar', 'lngfile', 'secret_question', 'secret_answer'); $possible_ints = array('pm_email_notify', 'notify_types', 'icq', 'gender', 'id_theme'); $possible_floats = array('time_offset'); $possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online'); if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') { $_POST['secret_answer'] = md5($_POST['secret_answer']); } // Needed for isReservedName() and registerMember(). require_once $sourcedir . '/Subs-Members.php'; // Validation... even if we're not a mall. if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) { $_POST['real_name'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0' . ($context['utf8'] ? $context['server']['complex_preg_chars'] ? '\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}' : " -‟ ‟ " : '\\x00-\\x08\\x0B\\x0C\\x0E-\\x19\\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name'])); if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60) { $possible_strings[] = 'real_name'; } } if (isset($_POST['msn']) && preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['msn']) != 0) { $profile_strings[] = 'msn'; } // Handle a string as a birthdate... if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') { $_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate'])); } elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) { $_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']); } // By default assume email is hidden, only show it if we tell it to. $_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1; // Validate the passed language file. if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) { // Do we have any languages? if (empty($context['languages'])) { getLanguages(); } // Did we find it? if (isset($context['languages'][$_POST['lngfile']])) { $_SESSION['language'] = $_POST['lngfile']; } else { unset($_POST['lngfile']); } } else { unset($_POST['lngfile']); } // Some of these fields we may not want. if (!empty($modSettings['registration_fields'])) { // But we might want some of them if the admin asks for them. $standard_fields = array('icq', 'msn', 'aim', 'yim', 'location', 'gender'); $reg_fields = explode(',', $modSettings['registration_fields']); $exclude_fields = array_diff($standard_fields, $reg_fields); // Website is a little different if (!in_array('website', $reg_fields)) { $exclude_fields = array_merge($exclude_fields, array('website_url', 'website_title')); } // We used to accept signature on registration but it's being abused by spammers these days, so no more. $exclude_fields[] = 'signature'; } else { $exclude_fields = array('signature', 'icq', 'msn', 'aim', 'yim', 'location', 'gender', 'website_url', 'website_title'); } $possible_strings = array_diff($possible_strings, $exclude_fields); $possible_ints = array_diff($possible_ints, $exclude_fields); $possible_floats = array_diff($possible_floats, $exclude_fields); $possible_bools = array_diff($possible_bools, $exclude_fields); // Set the options needed for registration. $regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array()); // Include the additional options that might have been filled in. foreach ($possible_strings as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = $smcFunc['htmlspecialchars']($_POST[$var], ENT_QUOTES); } } foreach ($possible_ints as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (int) $_POST[$var]; } } foreach ($possible_floats as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = (double) $_POST[$var]; } } foreach ($possible_bools as $var) { if (isset($_POST[$var])) { $regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1; } } // Registration options are always default options... if (isset($_POST['default_options'])) { $_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options']; } $regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array(); // Make sure they are clean, dammit! $regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']); // If Quick Reply hasn't been set then set it to be shown but collapsed. if (!isset($regOptions['theme_vars']['display_quick_reply'])) { $regOptions['theme_vars']['display_quick_reply'] = 1; } // Check whether we have fields that simply MUST be displayed? $request = $smcFunc['db_query']('', ' SELECT col_name, field_name, field_type, field_length, mask, show_reg FROM {db_prefix}custom_fields WHERE active = {int:is_active}', array('is_active' => 1)); $custom_field_errors = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Don't allow overriding of the theme variables. if (isset($regOptions['theme_vars'][$row['col_name']])) { unset($regOptions['theme_vars'][$row['col_name']]); } // Not actually showing it then? if (!$row['show_reg']) { continue; } // Prepare the value! $value = isset($_POST['customfield'][$row['col_name']]) ? trim($_POST['customfield'][$row['col_name']]) : ''; // We only care for text fields as the others are valid to be empty. if (!in_array($row['field_type'], array('check', 'select', 'radio'))) { // Is it too long? if ($row['field_length'] && $row['field_length'] < $smcFunc['strlen']($value)) { $custom_field_errors[] = array('custom_field_too_long', array($row['field_name'], $row['field_length'])); } // Any masks to apply? if ($row['field_type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') { //!!! We never error on this - just ignore it at the moment... if ($row['mask'] == 'email' && (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $value) === 0 || strlen($value) > 255)) { $custom_field_errors[] = array('custom_field_invalid_email', array($row['field_name'])); } elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) { $custom_field_errors[] = array('custom_field_not_number', array($row['field_name'])); } elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) != '' && preg_match(substr($row['mask'], 5), $value) === 0) { $custom_field_errors[] = array('custom_field_inproper_format', array($row['field_name'])); } } } // xxx if we are editing our minecraft name, make sure there are no duplicates if (($row['col_name'] == "cust_minecra" || $row['col_name'] == "cust_rscnam") && $value != '') { $already_taken_memID = -1; $already_taken_memName = 'This user'; // first check the custom names $mc_request = $smcFunc['db_query']('', ' SELECT `id_member` FROM `{db_prefix}themes` WHERE `variable` = {string:col_name} AND `value` = {string:value}', array('col_name' => $row['col_name'], 'value' => strtolower($value))); if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) { $already_taken_memID = $mc_row['id_member']; } $smcFunc['db_free_result']($mc_request); // if custom name is not taken, compare it to account names, or just grab name $mc_request = $smcFunc['db_query']('', ' SELECT `id_member`, `real_name` FROM `{db_prefix}members` WHERE id_member = {int:already_taken_memID} OR ( ( `real_name` = {string:value} OR `member_name` = {string:value} ) )', array('already_taken_memID' => $already_taken_memID, 'value' => strtolower($value))); if ($mc_row = $smcFunc['db_fetch_assoc']($mc_request)) { $already_taken_memID = $mc_row['id_member']; $already_taken_memName = $mc_row['real_name']; } $smcFunc['db_free_result']($mc_request); if ($already_taken_memID != -1) { // then someone already is using this name global $boardurl; $what_name = $row['col_name'] == "cust_minecra" ? 'Minecraft' : 'RSC'; die('<html>Error: <a href="' . $boardurl . '/index.php?action=profile;u=' . $already_taken_memID . "\">{$already_taken_memName}</a> has already registered this {$what_name} name!</html>"); } } if ($row['col_name'] == "cust_moparcr" && $value != '' && strlen($value) != 40) { if (strlen($value) > 30) { die("<html>Error: Maximum length for MoparCraft server password is 30 characters.</html>"); } if ($value == $regOptions['password']) { die("<html>Error: You can't set your MoparCraft server password to be the same as your forum password, if you want to use your forum password, leave this blank.</html>"); } $value = sha1(strtolower($regOptions['username']) . htmlspecialchars_decode($value)); $_POST['customfield'][$row['col_name']] = $value; } // xxx end if we are editing our minecraft name, make sure there are no duplicates // Is this required but not there? if (trim($value) == '' && $row['show_reg'] > 1) { $custom_field_errors[] = array('custom_field_empty', array($row['field_name'])); } } $smcFunc['db_free_result']($request); // Process any errors. if (!empty($custom_field_errors)) { loadLanguage('Errors'); foreach ($custom_field_errors as $error) { $reg_errors[] = vsprintf($txt['error_' . $error[0]], $error[1]); } } // Lets check for other errors before trying to register the member. if (!empty($reg_errors)) { $_REQUEST['step'] = 2; return Register($reg_errors); } // If they're wanting to use OpenID we need to validate them first. if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') { // What do we need to save? $save_variables = array(); foreach ($_POST as $k => $v) { if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) { $save_variables[$k] = $v; } } require_once $sourcedir . '/Subs-OpenID.php'; smf_openID_validate($_POST['openid_identifier'], false, $save_variables); } elseif ($verifiedOpenID || !empty($_POST['openid_identifier']) && $_POST['authenticate'] == 'openid') { $regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname']; $regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email']; $regOptions['auth_method'] = 'openid'; $regOptions['openid'] = !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : $_SESSION['openid']['openid_uri']; } $memberID = registerMember($regOptions, true); // What there actually an error of some kind dear boy? if (is_array($memberID)) { $reg_errors = array_merge($reg_errors, $memberID); $_REQUEST['step'] = 2; return Register($reg_errors); } // Do our spam protection now. spamProtection('register'); // We'll do custom fields after as then we get to use the helper function! if (!empty($_POST['customfield'])) { require_once $sourcedir . '/Profile.php'; require_once $sourcedir . '/Profile-Modify.php'; makeCustomFieldChanges($memberID, 'register'); } // If COPPA has been selected then things get complicated, setup the template. if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) { redirectexit('action=coppa;member=' . $memberID); } elseif (!empty($modSettings['registration_method'])) { loadTemplate('Register'); $context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']); } else { call_integration_hook('integrate_activate', array($row['member_name'])); setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt'])); redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']); } }
$verif_pass = strlen($new_pass); if (isset($new_pass) && !empty($new_pass) && $verif_pass < 5) { header('Location: http://fc.isima.fr/~rophelizon/devweb_projet/index.php'); exit; } $pseudo = substr($pseudo, 0, 20); $pass = substr($pass, 0, 20); $new_pseudo = substr($new_pseudo, 0, 20); $new_pass = substr($new_pass, 0, 20); $new_pass_verif = substr($new_pass_verif, 0, 20); $pass = sha1($pass); $new_pass = sha1($new_pass); $new_pass_verif = sha1($new_pass_verif); //Sign in_test if (checkParam($new_pseudo) && checkParam($new_pass) && checkParam($new_pass_verif)) { if (Register($new_pseudo, $new_pass, $new_pass_verif)) { //successful sign in $_SESSION['log'] = 1; setcookie("login", $new_pseudo, time() + 31536000); header('Location: http://fc.isima.fr/~rophelizon/devweb_projet/accueil.php'); } else { //failed sign in header('Location: http://fc.isima.fr/~rophelizon/devweb_projet/index.php'); } } //login_test if (checkParam($pseudo) && checkParam($pass)) { if (checkUser($pseudo, $pass)) { //known user $_SESSION['log'] = 1; setcookie("login", $pseudo, time() + 31536000);
$direccion = $_POST['dire']; $rfc = $_POST['rfc']; $neo_User = new Usuario($tipo, $nombre, $passw, $email, $tipo_numero, $telefono, $direccion, $rfc); $soncof = $Base->addElement($neo_User); return $soncof; } function login(){ $nombre = $_POST['nombre']; $passw = $_POST['pass']; if(($nombre !="") && ($passw != "")){ } } if(($_SERVER['HTTP_REFERER']) == ("http://localhost/PoloCase/Form.html")){ if(Register($myBase)){ header('Location: Succerfull.html'); } }else{ if(Register2($myBase)){ header('Location: SuccerfullAdm.php'); } } ?>
<?php header('Access-Control-Allow-Origin: *'); function Register($username, $email, $password, $fname, $lname) { $connectionString = "host=ec2-54-225-101-64.compute-1.amazonaws.com port=5432 dbname=d1nigmib60rp1v user=jykiewmddlbjft password=kRqkD183znoOpPNTlDq6f_Xs29"; $dbconnection = pg_connect($connectionString); //Access table from SQL to insert $result = pg_query($dbconnection, "INSERT INTO useraccount (fname,lname,emailaddress,username,password,isadmin) VALUES ('{$fname}', '{$lname}', '{$email}', '{$username}', '{$password}', false);"); if (!$result) { return "fail"; } else { return "success"; } $row = pg_fetch_all($result); return $row; } if (isset($_POST['funcName'])) { switch ($_POST['funcName']) { case 'register': echo Register($_POST['username'], $_POST['email'], $_POST['password'], $_POST['fname'], $_POST['lname']); break; } } ?>
<?php include_once "conn.php"; include_once "function.php"; if ($_GET["action"] == "") { exit; } if ($_GET["action"] == "register") { echo Register($_GET["phonenum"], $_GET["password"]); } if ($_GET["action"] == "login") { echo Login($_GET["phonenum"], $_GET["password"]); } if ($_GET["action"] == "add_guardian") { echo AddGuardian($_GET["phonenum"], $_GET["guardiantel"]); } if ($_GET["action"] == "del_guardian") { echo DelGuardian($_GET["phonenum"], $_GET["guardiantel"]); } if ($_GET["action"] == "get_guardian") { echo GetGuardian($_GET["phonenum"]); } if ($_GET["action"] == "add_record") { echo AddRecord($_GET["phonenum"], $_GET["value"], $_GET["food"], $_GET["sport"], $_GET["medicine"], $_GET["round"]); } if ($_GET["action"] == "get_record") { echo GetRecord($_GET["phonenum"], $_GET["starttime"], $_GET["endtime"]); }
{ if (!empty($_POST['new_user'])) { $query = @mysql_query("SELECT * FROM Customers WHERE User_Name='{$user}'") or die(@mysql_error()); $row = @mysql_fetch_array($query); if (!empty($row['User_Name'])) { echo "<h2 class='regResult'>Sorry, this username is already in use! Please retry.</h2>"; } else { $query1 = "INSERT INTO Customers (First_Name, Last_Name, Email, User_Name, Password) VALUES ('{$first}', '{$last}', '{$email}', '{$user}', '{$token}')"; if (@mysql_query($query1)) { $_SESSION['eid'] = $user; $_SESSION['loggedin'] = true; $_SESSION['name'] = $first; echo "<h2 class='regResult'>Sign up successful! Now go check out our loot!</h2>"; } else { echo "<h2 class='regResult'>Sorry, we weren't able to create your account! Please retry.</h2>"; } } } } if (isset($_POST['signupform'])) { Register($user, $token, $first, $last, $email); } @mysql_close($conn); ?> </div> </div> </div> </body> </html>
public function login() { if ($this->postUsername == NULL or $this->postPassword == NULL) { $gcotd_msg = "Please complete all the fields."; $this->setOutput(self::$FAIL, $gcotd_msg); } $captchaVerified = true; /* $captchaVerified = false; if($this->fbid == null AND $this->fbfirstname == null AND $this->fblastname == null){ $resp = verifyRecaptcha($this->captcha); if ($resp->success == false) { $gcotd_msg = "". "The reCAPTCHA wasn't entered correctly. ". "Go back and try it again."; $this->setOutput(self::$FAIL, $gcotd_msg); } else{ $captchaVerified = true; } } */ if ($captchaVerified == true and $this->postUsername != NULL and $this->postPassword != NULL) { $check_user_stmt = $this->getDb()->prepare("SELECT * FROM users \n\t\t\t\tWHERE (name = :username OR email = :username2)"); $check_user_stmt->bindValue(':username', $this->postUsername, PDO::PARAM_STR); $check_user_stmt->bindValue(':username2', $this->postUsername, PDO::PARAM_STR); $check_user_stmt->execute(); if ($check_user_stmt->rowCount() == 0) { if ($this->fbid == null and $this->fbfirstname == null and $this->fblastname == null) { $gcotd_msg .= "This username does not exist."; $this->setOutput(self::$FAIL, $gcotd_msg); } else { $plainTxtPassword = getNewPassword(); $memip = $_SERVER['REMOTE_ADDR']; $date = date("Y-m-d H:i:s"); $password = password_hash($plainTxtPassword, PASSWORD_DEFAULT); $register = Register(); return $register->registerUser($this->fbfirstname, $this->fblastname, $this->postUsername, $memip, $date, $password, $plainTxtPassword, $fbid); } } else { $user_data = $check_user_stmt->fetch(PDO::FETCH_ASSOC); if (isset($fbid)) { $password = $user_data['password']; } if ($user_data['password'] == getPassword($this->postPassword)) { //old insecure password $user_data['password'] = password_hash($this->postPassword, PASSWORD_DEFAULT); $update_password_stmt = $this->getDb()->prepare("update users \n\t\t\t\t\t\tset password = :hashedPassword WHERE id = :user_id"); $update_password_stmt->bindValue(':hashedPassword', $user_data['password'], PDO::PARAM_STR); $update_password_stmt->bindValue(':user_id', $user_data['id'], PDO::PARAM_STR); $update_password_stmt->execute(); } if (password_verify($this->postPassword, $user_data['password'])) { if (getPassword($user_data['email']) == $password) { $gcotd_msg .= "You are being \n\t\t\t\t\t\t\tredirected to change your password, \n\t\t\t\t\t\t\tplease wait a few moments."; $this->setOutput("CHANGE_PASSWORD", $gcotd_msg); } else { // set cookie that expires in 6 months setcookie("gcotd", $user_data['id'] . "." . $user_data['password'], time() + 60 * 60 * 24 * 184, "/", $this->get_domain(), $this->get_secure(), 1); $success = true; $gcotd_msg .= "You are being logged in, \n\t\t\t\t\t\t\tplease wait a few moments."; $this->setOutput(self::$SUCCESS, $gcotd_msg); } } else { $gcotd_msg .= "Your login credentials are incorrect, \n\t\t\t\t\t\tplease try again."; $this->setOutput(self::$FAIL, $gcotd_msg); } } } }