function nyAdmin($brukernavn, $passord1, $passord2, $rotpassord) { if ($rotpassord != "superhemmeligHBHLpassord") { return "<p class=\"feilmelding\">Feil rotpassord.</p>"; } if (!preg_match("/^[a-zæøå]{2,45}\$/i", $brukernavn)) { return "<p class=\"feilmelding\">Brukernavn kan kun inneholde bokstaver. Minst to og maks 45.</p>"; } if ($passord1 != $passord2) { return "<p class=\"feilmelding\">Passordene er ikke like.</p>"; } if (strlen($passord1) < 6) { return "<p class=\"feilmelding\">Passordet må være på minst 6 tegn.</p>"; } $db = new sql(); $brukernavn = renStreng($brukernavn, $db); $passord1 = renStreng($passord1, $db); $resultat = $db->query("SELECT * FROM webprosjekt_admin WHERE Brukernavn='{$brukernavn}'"); if (!$resultat) { return "<p class=\"feilmelding\">En databasefeil oppsto ved oppretting av ny admin. (NYA01)</p>"; } if ($db->affected_rows == 1) { return "<p class=\"feilmelding\">En administrator med dette brukernavnet finnes fra før.</p>"; } $dbPassord = cryptPass($passord1, $brukernavn); $resultat = $db->query("INSERT INTO webprosjekt_admin (Brukernavn,Passord) VALUES('{$brukernavn}','{$dbPassord}')"); if (!$resultat || $db->affected_rows < 1) { return "<p class=\"feilmelding\">En databasefeil oppsto ved oppretting av ny admin. (NYA02)</p>"; } return "<p class=\"okmelding\">Administratorbrukeren ble opprettet.</p><p>Brukernavn: {$brukernavn}<br>Passord: <a onClick=\"alert('{$passord1}')\">********</a> (klikk på stjernene for å se passordet)</p>"; }
function regKunde() { $fornavn = $this->fornavn; $etternavn = $this->etternavn; $adresse = $this->adresse; $postnr = $this->postnr; $telefonnr = $this->telefonnr; $epost = $this->epost; $db = new sql(); $resultat = $db->query("INSERT INTO webprosjekt_kunde (Fornavn,Etternavn,Adresse,PostNr,Telefonnr,Epost,Passord)" . " VALUES('{$fornavn}','{$etternavn}','{$adresse}','{$postnr}','{$telefonnr}','{$epost}','temporary')"); $KNr = $db->insert_id; if ($db->affected_rows < 1) { return "<p class=\"feilmelding\">Databasefeil ved registrering av ny bruker. Vennligst forsøk på nytt eller ta kontakt med supporten. (Errno NK01)</p>"; } $passord = genPassord(); $dbPassord = cryptPass($passord, $KNr . $epost); $resultat = $db->query("UPDATE webprosjekt_kunde SET Passord='{$dbPassord}' WHERE KNr='{$KNr}'"); if ($db->affected_rows < 1) { return "<p class=\"feilmelding\">Databasefeil ved registrering av ny bruker. Vennligst forsøk på nytt eller ta kontakt med supporten. (Errno NK02)</p>"; } $db->close(); $emne = "Registrering i Nettbutikken"; $tekst = "Hei\r\n\r\n" . "Din nye bruker i HBHL nettbutikk er nå registrert.\r\n\r\n" . "Her er din innloggingsinformasjon:\r\n" . "Brukernavn: {$epost} \r\n" . "Passord: {$passord} \r\n\r\n" . "For å logge inn, gå til http://nettbutikk.henrikh.net/ \r\n" . "Du kan selvsagt bytte passord når du har logget inn.\r\n\r\n" . "Hilsen,\r\nHiranBårdHenrikLars."; $hode = 'From: nettbutikk@henrikh.net' . "\r\n" . 'Reply-To: nettbutikk@henrikh.net' . "\r\n" . 'Content-type: text/plain; charset=iso-8859-1' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $resultat = @mail($epost, $emne, $tekst, $hode); if ($resultat) { return "<p class=\"okmelding\">Brukeren din har nå blitt opprettet. Brukernavn og passord er sendt på e-post til {$epost}.</p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>"; } else { return "<p class=\"okmelding\">Brukeren din har nå blitt opprettet.</p>" . "<p>Her er din innloggingsinformasjon:<br>" . "Brukernavn: {$epost} <br>" . "Passord: {$passord} </p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>"; } }
<?php ############################### AN EXAMPLE OF PASSWORD HASHING############## function cryptPass($pass, $rounds = 10) { $salt = ''; #merge all elements into the same array. It contains all the possible #characters that could be used to generate a random salt $saltChars = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9)); #generate a random salt of 22 characters for ($i = 0; $i < 22; $i++) { #array_rand chose a random index and takes the corrispent element $salt .= $saltChars[array_rand($saltChars)]; } return crypt($pass, sprintf('$2y$%02d$', $rounds) . $salt); } $input_pass = "******"; $pass = "******"; $hashed_pass = cryptPass($pass); echo $hashed_pass; if (crypt($input_pass, $hashed_pass) == $hashed_pass) { echo "Passwords match"; } else { echo "Passwords don't match"; }
echo "[Self-Destruction In "; include "delete_account_countdown.php"; } } } } } } } if ($_POST['action'] == "delete_account") { $id = $_POST['id']; $ids = $_POST['ids']; $password_delete_account_mixed = $_POST["password_delete_account"]; $password_delete_account = "musemu838" . $password_delete_account_mixed; $password_cookie = cryptPass(sha1(md5($password_delete_account))); $password_delete_account = cryptPass(md5(sha1($password_cookie))); $mysql = mysql_query("SELECT id FROM members WHERE id='{$id}' AND id='{$ids}' AND password='******'"); $pass_check_num = mysql_num_rows($mysql); if ($_POST["password_delete_account"] == "") { echo "[Missing Password]"; } else { if ($pass_check_num < 1) { echo "[Incorrect Password]"; } else { if ($pass_check_num > 0) { mysql_query("UPDATE members SET delete_member='0' WHERE id='{$ids}'"); mysql_query("UPDATE members_log SET delete_member='0' WHERE id='{$ids}'"); mysql_query("UPDATE members_planets SET delete_member='0' WHERE id='{$ids}'"); mysql_query("UPDATE economy SET delete_member='0' WHERE id='{$ids}'"); if (file_exists("../user_files/user{$ids}/")) { rename("../user_files/user{$ids}/", "../user_files/delete_user{$ids}/");
function endrePassord($gammelt, $nytt1, $nytt2) { $db = new sql(); $gammelt = renStreng($gammelt, $db); $nytt1 = renStreng($nytt1, $db); $nytt2 = renStreng($nytt2, $db); $db->close(); $gammelt = cryptPass($gammelt, $this->KNr . $this->epost); if ($gammelt != $this->passord) { return "<p class=\"feilmelding\">Feil nåværende passord.</p>"; } if ($nytt1 != $nytt2) { return "<p class=\"feilmelding\">Passordene du skrev var ikke like.</p>"; } if (strlen($nytt1) < 6) { return "<p class=\"feilmelding\">Passordet må være minst 6 tegn.</p>"; } $nytt = cryptPass($nytt1, $this->KNr . $this->epost); if ($gammelt == $nytt) { return "<p class=\"okmelding\">Passordet har blitt endret.</p>"; } $db = new sql(); $KNr = $this->KNr; $resultat = $db->query("UPDATE webprosjekt_kunde SET Passord='{$nytt}' WHERE KNr='{$KNr}'"); $errno = $db->errno; $rows = $db->affected_rows; $db->close(); if ($errno == 0 && $rows == 1) { $this->passord = $nytt; $_SESSION['kunde'] = serialize($this); return "<p class=\"okmelding\">Passordet har blitt endret.</p>"; } if ($errno == 0 && $rows == 0) { return "<p class=\"feilmelding\">Vi beklager! En ukjent feil har oppstått ved endring av passord. (EP01)</p>"; } if ($errno != 0) { return "<p class=\"feilmelding\">Vi beklager! En feil har oppstått ved endring av passord. (EP02)</p>"; } return "<p class=\"feilmelding\">Vi beklager! En ukjent feil har oppstått ved endring av passord. (EP03)</p>"; }
function glemtPassord($epost, $postnr) { if ($epost == "" || $postnr == "") { return "<p class=\"feilmelding\">Fyll ut begge felt.</p>"; } else { $db = new sql(); $epost = renStreng($epost, $db); $postnr = renStreng($postnr, $db); $resultat = $db->query("SELECT KNr FROM webprosjekt_kunde WHERE Epost = '{$epost}' AND Postnr = '{$postnr}';"); if (!$resultat) { return "<p class=\"feilmelding\">Feil - Kunne ikke koble til databasen (011)"; } if ($db->affected_rows == 0) { return "<p class=\"feilmelding\">Feil kombinasjon av epost og postnummer.</p>"; } else { $resultat = $resultat->fetch_assoc(); $KNr = $resultat['KNr']; $passord = genPassord(); $dbPassord = cryptPass($passord, $KNr . $epost); $resultat = $db->query("UPDATE webprosjekt_kunde SET Passord='{$dbPassord}' WHERE KNr='{$KNr}'"); if ($db->affected_rows == 0) { return "<p class=\"feilmelding\">Ukjent databasefeil (012)</p>"; } $db->close(); $emne = "Nytt passord i Nettbutikken"; $tekst = "Hei\r\n\r\n" . "Du har nå blitt tildelt nytt passord i nettbutikken.\r\n\r\n" . "Her er din innloggingsinformasjon:\r\n" . "Brukernavn: {$epost} \r\n" . "Passord: {$passord} \r\n\r\n" . "For å logge inn, gå til http://nettbutikk.henrikh.net/ \r\n" . "Du kan selvsagt bytte passord når du har logget inn.\r\n\r\n" . "Hilsen,\r\nHiranBårdHenrikLars."; $hode = 'From: nettbutikk@henrikh.net' . "\r\n" . 'Reply-To: nettbutikk@henrikh.net' . "\r\n" . 'Content-type: text/plain; charset=iso-8859-1' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $resultat = @mail($epost, $emne, $tekst, $hode); if ($resultat) { return "<p class=\"okmelding\">Du har nå fått tilsendt et nytt passord på e-post til {$epost}.</p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>"; } else { return "<p class=\"okmelding\">Du har nå fått generert et nytt passord.<br>" . "Passord: {$passord} </p>" . "<p>Du kan nå <a href=\"index.php?side=logginn\">logge inn</a>.</p>"; } } } }
if ($_POST["interactive_outside"] == "reset") { $email = $_POST["reset_field"]; $mysql = mysql_query("SELECT id, firstname, lastname, email FROM members WHERE email='{$email}' LIMIT 1"); $numrows = mysql_num_rows($mysql); if ($numrows == 0) { echo "Email Not In System, Please Try Again!"; exit; } else { while ($row = mysql_fetch_array($mysql)) { $id = $row["id"]; $firstname = $row["firstname"]; $lastname = $row["lastname"]; } $random_number = rand(100000000, 999999999); $temporary_password_email = $random_number . "-" . $id; $temporary_password = "******" . $temporary_password_email; $temporary_password_cookie = cryptPass(sha1(md5($temporary_password))); $temporary_password_mysql = cryptPass(md5(sha1($temporary_password_cookie))); $subject = "Temporary Password From Barterrain [" . date("F jS, Y | H:i:s") . "]"; $headers = 'From: Barterrain <*****@*****.**>' . "\r\n" . 'Reply-To: Barterrain <*****@*****.**>' . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; $message = "<html>\n\t\t\t\t\t\t<head>\n \t\t\t\t\t\t<title>" . $subject . "</title>\n\t\t\t\t\t\t</head>"; $message .= "<body style='z-index:20;overflow:hidden;height:45px;width:100%;margin:0px;padding:0px;'>\n\t\t\t\t\t\t\t<div style='z-index:20;text-align:center;position:relative;height:45px;width:100%;margin:0px;padding:0px;background-color:" . $color1 . ";'>\n\t\t\t\t\t\t\t<table style='z-index:20;text-align:center;position:relative;height:45px;width:150px;margin:0px;padding:0px;margin:auto;vertical-align:top;' align='center'><tr><td>\n \t\t \t\t\t\t\t<a href='http://www.barterrain.com/' style='text-decoration:none;height:40px;width:150px;margin:0px;padding:0px;' title='Baterrain'>\n\t\t\t\t\t\t\t\t<img src=\"http://www.barterrain.com/barterrain_email_images/main_title.png\" style='margin:auto;max-height:40px;width:150px;background:url(\"http://www.barterrain.com/barterrain_email_images/main_title.png\") no-repeat 0 0;' onMouseDown='if (event.preventDefault) event.preventDefault()'/>\n\t\t\t\t\t\t\t</a>\n\t\t\t\t\t\t\t</td></tr></table></div>\n\t\t\t\t\t\t</body>"; $message .= "<body style='z-index:10;overflow:hidden;height:45px;width:100%;margin:0px;padding:0px;float:left;'>\n\t\t\t\t\t\t<div style='z-index:10;text-align:center;position:relative;height:auto;width:100%;margin:0px;padding:0px;background-color:" . $color4 . ";float:left;'>\n\t\t\t\t\t\t<table style='margin:auto;border:0px;border-spacing:0px;text-align:justify;text-align-last:justify;padding-top:23px;padding-bottom:23px;' cellspacing='0' cellpadding='0' align='center'>\n\t\t\t\t\t\t\t<tr style='position:relative;'>\n\t\t\t\t\t\t\t<td style='width:15px;height:15px;background:url(\"http://www.barterrain.com/barterrain_outside_images/email_pass_background.png\") -0px -0px;background-repeat:no-repeat;overflow:hidden;' background=\"http://www.barterrain.com/barterrain_email_images/td_top_left.png\"></td>\n\t\t\t\t\t\t\t<td style='height:15px;background-color:#FFFFFF;'></td>\n\t\t\t\t\t\t\t<td style='width:15px;height:15px;background:url(\"http://www.barterrain.com/barterrain_outside_images/email_pass_background.png\") -235px -0px;background-repeat:no-repeat;overflow:hidden;' background=\"http://www.barterrain.com/barterrain_email_images/td_top_right.png\"></td>\n\t\t\t\t\t\t\t</tr>\n \t \t\t\t\t<tr style='position:relative;'>\n\t\t\t\t\t\t\t \t<td style='width:15px;background-color:#FFFFFF;'></td>\n\t\t\t\t\t\t\t\t<td style='width:580px;height:50px;background-color:#FFFFFF;vertical-align:top;'>\n\t\t\t\t\t\t\t\t<table><tr>\n \t\t\t\t\t\t<td style='text-align:left;float:left;vertical-align:top;'>\n\t\t\t\t\t\t\t\t\t\t<a href=\"http://www.barterrain.com/planet/planet.php?id=1\">\n\t\t\t\t\t\t\t\t\t\t\t<img src=\"http://www.barterrain.com/planet_files/planet1/planet_picture.jpg\" width='75px' height='75px' style='background-color:" . $color2 . ";'/>\n\t\t\t\t\t\t\t\t\t\t</a>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\t<td style='text-align:left;width:450px;float:left;vertical-align:top;padding-left:15px;'>\n\t\t\t\t\t\t\t\t\t\t<a href=\"http://www.barterrain.com/planet/planet.php?id=1\" style='color:" . $color1 . ";font:20px helvetica, sans-serif;font-weight:bold;text-decoration:none;margin:0px;padding:0px;'>BARTERRAIN</a>\n\t\t\t\t\t\t\t\t\t\t<br/><font style='font:16px helvetica, sans-serif;margin:0px;padding:0px;'>Temporary Password: "******"</font>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr></table>\n \t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t<td style='width:15px;background-color:#FFFFFF;'></td>\n\t\t\t\t\t\t\t</tr>\n \t\t\t\t<tr style='position:relative;'>\n\t\t\t\t\t\t\t<td style='width:15px;height:15px;background:url(\"http://www.barterrain.com/barterrain_outside_images/email_pass_background.png\") -0px -15px;background-repeat:no-repeat;overflow:hidden;' background=\"http://www.barterrain.com/barterrain_email_images/td_bottom_left.png\"></td>\n\t\t\t\t\t\t\t<td style='height:15px;background-color:#FFFFFF;'></td>\n\t\t\t\t\t\t\t<td style='width:15px;height:15px;background:url(\"http://www.barterrain.com/barterrain_outside_images/email_pass_background.png\") -235px -15px;background-repeat:no-repeat;overflow:hidden;' background=\"http://www.barterrain.com/barterrain_email_images/td_bottom_right.png\"></td>\t\t\t\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t<tr><td></td><td style='padding-top:23px;'>\n\t\t\t\t\t\t\t\t<div style='z-index:10;text-align:center;position:relative;' align='center'>\n\t\t\t\t\t\t\t\t<font style='color:#000000'>\n\t\t\t\t\t\t\t\t\tForgot your Barterrain password? \n\t\t\t\t\t\t\t\t\t<a href=\"http://www.barterrain.com?forgot_password=true\" style='color:" . $color1 . ";font:12px helvetica, sans-serif;text-decoration:none;'>\n\t\t\t\t\t\t\t\t\t\tClick here</a> to get a temporary password.\n\t\t\t\t\t\t\t\t\t<br/>Want to unsubscribe from these notification emails? \n\t\t\t\t\t\t\t\t\t<a href=\"http://www.barterrain.com/settings/settings.php?settings=notification\" style='color:" . $color1 . ";font:12px helvetica, sans-serif;text-decoration:none;'>\n\t\t\t\t\t\t\t\t\t\tClick here</a> to change notification settings.\n\t\t\t\t\t\t\t\t \t<br/>Received this email in error? Did you not sign up for Barterrain? \n\t\t\t\t\t\t\t\t\tContact <a href=\"mailto:error@barterrain.com\" style='color:" . $color1 . ";font:12px helvetica, sans-serif;text-decoration:none;'>error@barterrain.com</a>!\n\t\t\t\t\t\t\t\t</font>\n\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t</td><td></td></tr>\n \t\t\t\t</table>\n\t\t\t\t\t\t</div></body>\n\t\t\t\t\t\t</html>"; $change_mysql = mysql_query("UPDATE members SET temporary_password='******' WHERE email='{$email}'"); mail($email, $subject, $message, $headers, '*****@*****.**'); echo "Temporary Password Has Been Sent!"; } exit; }
} if ($pass2 !== $pass) { echo "*Please insert equal passwords."; exit; } /********** CHECK EMAIL *********/ $data = new MysqlConnector(); $data->connectMysql(); if ($data->isRegistered($email)) { echo "*Email already exists."; exit; } /************ CHECK PICTURE ************/ $img_name = $_FILES['imgToUpdate']['name']; if ($img_name !== "") { //Check if the file is bigger than 300kb if ($_FILES['imgToUpdate']['size'] > 300000) { echo "*Please insert a picture with a size smaller than 300Kb."; exit; } \Cloudinary::config(getCloudinaryCredentials()); $img_url = \Cloudinary\Uploader::upload($_FILES['imgToUpdate']['tmp_name'], array("crop" => "lfill", "width" => "400", "height" => "400")); $img_url = $img_url['url']; } /* IF EVERYTHING IS OKAY, CRIPT THE PASSWORD AND STORE THE NEW USER * INFORMATIONS. */ $encrypted_pass = cryptPass($pass); $data->signUp($email, $encrypted_pass, $name, $surname, $img_url); $data->disconnectMysql(); echo "Successfully registered.";
$remember = $_POST['remember']; } // Error Handling Conditional Checks Go Here if (!$email || !$password) { $error_message = 'Please Fill In All Fields!'; } else { if (preg_match('/(?i)msie [1-12]/', $_SERVER['HTTP_USER_AGENT'])) { $error_message = 'Sorry, Internet Explorer Is Not Supported.'; } else { $email = mysql_real_escape_string($email); // Secure String Before Adding To Query $password = mysql_real_escape_string($password); // Secure String Before Adding To Query $password = "******" . $password; $password_cookie = cryptPass(sha1(md5($password))); $password_mysql = cryptPass(md5(sha1($password_cookie))); $mysql1 = mysql_query("SELECT id,email,temporary_password AS password FROM members WHERE email='{$email}' AND temporary_password='******' AND email_activated='1'"); $login_check1 = mysql_num_rows($mysql1); if ($login_check1 < 1) { $mysql1 = mysql_query("SELECT id,email,password FROM members WHERE email='{$email}' AND password='******' AND email_activated='1'"); $login_check1 = mysql_num_rows($mysql1); } $mysql2 = mysql_query("SELECT id,email,password FROM members WHERE email='{$email}' AND password='******' AND email_activated='0'"); $login_check2 = mysql_num_rows($mysql2); // Checking If Email Is Activated if ($login_check2 > 0) { $error_message = "Please Check Email For Activation Link!"; } else { if ($login_check1 > 0) { while ($row = mysql_fetch_array($mysql1)) { $ids = $row["id"];
$username = "******"; $pass = "******"; //create connection $conn = mysqli_connect($servername, $username, $pass, $dbname); //check connection if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } //encrypt password function cryptPass($input, $rounds = 9) { $salt = ""; $saltChars = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9)); //seed for salt for ($i = 0; $i < 22; $i++) { $salt .= $saltChars[array_rand($saltChars)]; //loop to randomize all the chars } return crypt($input, sprintf('$2y$%05d$', $rounds) . $salt); } $hashedPass = cryptPass($password); //encrypted password //insert data into database $sql = "insert into table1 (firstname, lastname, email, password)\nvalues ('{$firstname}', '{$lastname}', '{$email}', '{$hashedPass}')"; if (mysqli_query($conn, $sql)) { echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); } mysqli_close($conn); header("Location:signin.php");