function login($data, $ip)
{
//separate data
if ($obs = json_decode($data, true)) {
//sanitization
$user = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['n']), ENT_QUOTES, "utf-8");
$pw = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['p']), ENT_QUOTES, "utf-8");
//retrieve pass and id from DB
$res = json_decode(processLogin($user), true);
$dbPass = $res[0]['password'];
$id = $res[0]['userId'];
//hash entered password
$cPass = hashPass($pw);
//compare hashed pws
if ($cPass == $dbPass) {
//generate token
$token = createToken($ip, $id);
//set cookie to token value
$time = time() + 86400 / 2;
setcookie("token", $token, $time, "/");
session_start();
setLoginData($_SESSION['user_id'], $user);
return 1;
} else {
setcookie("token", " ", time() - 1);
return -1;
}
} else {
return -1;
}
}
function createUser($data)
{
if ($obs = json_decode($data, true)) {
$user = htmlentities(preg_replace("/[^a-zA-Z]*/", "", $obs['u']), ENT_QUOTES, "utf-8");
$pw = htmlentities(preg_replace("/[^a-zA-Z]*/", "", $obs['p']), ENT_QUOTES, "utf-8");
$cp = htmlentities(preg_replace("/[^a-zA-Z]*/", "", $obs['cp']), ENT_QUOTES, "utf-8");
if (strlen($user) < 6 || strlen($pw) < 6 || strlen($user) > 20 || strlen($pw) > 20) {
return -1;
}
if ($pw != $cp) {
return -1;
} elseif (checkUsername($user) > 0) {
return -1;
} else {
$cPass = hashPass($pw);
if (!storeNewUser($user, $cPass)) {
return -1;
} else {
//account successfully created, so we will automatically log them in
if (login(json_encode(array("n" => $user, "p" => $pw)), $_SERVER['REMOTE_ADDR']) == 1) {
return 1;
} else {
return -1;
}
}
}
} else {
return -1;
}
}
function registerUser()
{
//grab posted values and escape since user input
//grabbed from form input "names"
$num = esc($_POST[number]);
$pass = esc($_POST[pass]);
$first = esc($_POST[first]);
$last = esc($_POST[last]);
$address = esc($_POST[address]);
$phone = esc($_POST[phone]);
$crew = esc($_POST[crew]);
$position = esc($_POST[position]);
//hash the pass
$hash = hashPass($pass);
$sql = "INSERT INTO employee (number, first, last, address, phone, crew, position, hash)\n\t\tVALUES ('{$num}', '{$first}', '{$last}', '{$address}',\n\t\t\t'{$phone}', '{$crew}', '{$position}', '{$hash}')";
//just query, if it failed it will output error in that function
if (dbQuery($sql)) {
echo "Added User Entry!";
redir("../login.html");
} else {
//if it failed redirect back to registration
//because we pre-check values, can only fail if
//employee already in system (or database fails)
echo "Employee already exists in system!<br>";
redir("../login.html");
}
}
<?php
include_once 'header.php';
echo "<div class='header'>Log In</div>";
echo "<h3>Please enter your details to log in.</h3>";
$error = $email = $pass = $forname = $surname = $isActive = $userLevel = "";
if (isset($_POST['email'])) {
$email = sanitizeString($_POST['email']);
$pass = sanitizeString($_POST['pass']);
if ($email == "" || $pass == "") {
$error = "Not all fields were entered<br />";
} else {
$hashed = hashPass("{$pass}");
$query = "SELECT email,password,forname,surname,isActive,userLevel FROM users where email='{$email}' AND password='******'";
$result = queryMysql($query);
if (mysql_num_rows($result) == 0) {
$error = "<span class='error'>Email/Password invalid</span><br /><br />";
} else {
$_SESSION['email'] = $email;
$_SESSION['pass'] = $hashed;
$_SESSION['forname'] = mysql_result($result, 0, 'forname');
$_SESSION['surname'] = mysql_result($result, 0, 'surname');
$_SESSION['isActive'] = mysql_result($result, 0, 'isActive');
$_SESSION['userLevel'] = mysql_result($result, 0, 'userLevel');
header('Location: /index.php');
echo "You are now logged in. Please <a href='index.php'>click here</a> to continue<br /><br />";
echo <<<_END
<script type="text/javascript" language="JavaScript">
window.location = 'index.php';
</script>
_END;
$admin_repeat_pass = $_POST['repeat_admin_pass'];
if ($admin_pass != $admin_repeat_pass) {
printError('The passwords do not correspond.');
exit - 1;
}
// Create the tables or die
$sql_file = dirname(__FILE__) . '/sql/import.sql';
try {
$sql = file_get_contents($sql_file);
$bdd->exec($sql);
} catch (PDOException $e) {
printError($e->getMessage());
exit - 1;
}
// Generate the hash
$hash_pass = hashPass($admin_pass);
// Insert the new admin
$req = $bdd->prepare('INSERT INTO admin (admin_id, admin_pass) VALUES (?, ?)');
$req->execute(array($admin_username, $hash_pass));
unlink($sql_file);
rmdir(dirname(__FILE__) . '/sql');
printSuccess('Well done, OpenVPN-Admin is installed.');
} else {
require dirname(__FILE__) . '/include/html/menu.php';
require dirname(__FILE__) . '/include/html/form/installation.php';
}
exit - 1;
}
// --------------- CONFIGURATION ---------------
if (!isset($_GET['admin'])) {
if (isset($error) && $error == true) {
$pompom_nonsportif_on = !empty($_POST['quota_pompom_nonsportif_on']);
$fanfaron_nonsportif_on = !empty($_POST['quota_fanfaron_nonsportif_on']);
$cameraman_nonsportif_on = !empty($_POST['quota_cameraman_nonsportif_on']);
$logins = $pdo->query('SELECT ' . 'login ' . 'FROM ecoles ' . 'WHERE ' . 'id <> ' . $ecole['id']) or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$logins = $logins->fetchAll(PDO::FETCH_ASSOC);
if (in_array($_POST['login'], $logins)) {
$erreur_maj = 'login';
} else {
if (!empty($_POST['pass']) && (empty($_POST['pass_repetition']) || $_POST['pass'] != $_POST['pass_repetition'])) {
$erreur_maj = 'pass';
} else {
if ($filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_total'] || $logement_on && $filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_logement'] || $_POST['quota_sportif'] > $_POST['quota_total'] || $_POST['quota_sportif'] < $ecole['quota_sportif_view'] || $pompom_on && $_POST['quota_pompom'] > $_POST['quota_total'] || $fanfaron_on && $_POST['quota_fanfaron'] > $_POST['quota_total'] || $cameraman_on && $_POST['quota_cameraman'] > $_POST['quota_total'] || $pompom_on && $_POST['quota_pompom'] < $ecole['quota_pompom_view'] || $fanfaron_on && $_POST['quota_fanfaron'] < $ecole['quota_fanfaron_view'] || $cameraman_on && $_POST['quota_cameraman'] < $ecole['quota_cameraman_view'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] || $pompom_nonsportif_on && $pompom_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_pompom'] || $fanfaron_nonsportif_on && $fanfaron_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_fanfaron'] || $cameraman_nonsportif_on && $cameraman_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_cameraman'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $garcons_on && $_POST['quota_garcons_loges'] < $ecole['quota_garcons_loges_view'] || $filles_on && $_POST['quota_filles_logees'] < $ecole['quota_filles_logees_view'] || $_POST['quota_total'] < $ecole['quota_inscriptions']) {
$erreur_maj = 'quotas';
} else {
$erreur_maj = false;
$pdo->exec('UPDATE ecoles SET ' . 'nom = "' . secure($_POST['nom']) . '", ' . 'ecole_lyonnaise = ' . secure($_POST['ecole_lyonnaise']) . ', ' . 'adresse = "' . secure($_POST['adresse']) . '", ' . 'code_postal = "' . secure($_POST['code_postal']) . '", ' . 'ville = "' . secure($_POST['ville']) . '", ' . 'email_ecole = "' . secure($_POST['email_ecole']) . '", ' . 'telephone_ecole = "' . secure($_POST['telephone_ecole']) . '", ' . 'login = "******", ' . (!empty($_POST['pass']) ? 'pass = "******", ' : null) . 'quota_total = ' . (int) $_POST['quota_total'] . ', ' . 'quota_filles_on = ' . ($filles_on ? '1' : '0') . ', ' . 'quota_garcons_on = ' . ($garcons_on ? '1' : '0') . ', ' . 'quota_filles_logees = ' . (int) $_POST['quota_filles_logees'] . ', ' . 'quota_garcons_loges = ' . (int) $_POST['quota_garcons_loges'] . ', ' . 'quota_logement_on = ' . ($logement_on ? '1' : '0') . ', ' . 'quota_logement = ' . (int) $_POST['quota_logement'] . ', ' . 'quota_sportif = ' . (int) $_POST['quota_sportif'] . ', ' . 'quota_pompom_on = ' . ($pompom_on ? '1' : '0') . ', ' . 'quota_cameraman_on = ' . ($cameraman_on ? '1' : '0') . ', ' . 'quota_fanfaron_on = ' . ($fanfaron_on ? '1' : '0') . ', ' . 'quota_pompom_nonsportif_on = ' . ($pompom_nonsportif_on ? '1' : '0') . ', ' . 'quota_cameraman_nonsportif_on = ' . ($cameraman_nonsportif_on ? '1' : '0') . ', ' . 'quota_fanfaron_nonsportif_on = ' . ($fanfaron_nonsportif_on ? '1' : '0') . ', ' . 'quota_pompom = ' . (int) $_POST['quota_pompom'] . ', ' . 'quota_cameraman = ' . (int) $_POST['quota_cameraman'] . ', ' . 'quota_fanfaron = ' . (int) $_POST['quota_fanfaron'] . ', ' . 'quota_pompom_nonsportif = ' . (int) $_POST['quota_pompom_nonsportif'] . ', ' . 'quota_cameraman_nonsportif = ' . (int) $_POST['quota_cameraman_nonsportif'] . ', ' . 'quota_fanfaron_nonsportif = ' . (int) $_POST['quota_fanfaron_nonsportif'] . ', ' . 'nom_respo = "' . secure($_POST['nom_respo']) . '", ' . 'prenom_respo = "' . secure($_POST['prenom_respo']) . '", ' . 'email_respo = "' . secure($_POST['email_respo']) . '", ' . 'telephone_respo = "' . secure($_POST['telephone_respo']) . '", ' . 'nom_corespo = "' . secure($_POST['nom_corespo']) . '", ' . 'prenom_corespo = "' . secure($_POST['prenom_corespo']) . '", ' . 'email_corespo = "' . secure($_POST['email_corespo']) . '", ' . 'telephone_corespo = "' . secure($_POST['telephone_corespo']) . '", ' . 'malus = ' . abs((double) $_POST['malus']) . ' ' . 'WHERE ' . 'id = ' . $ecole['id']);
}
}
}
$_POST['id'] = $ecole['id'];
$_POST['quota_logement_on'] = $logement_on;
$_POST['quota_filles_on'] = $filles_on;
$_POST['quota_garcons_on'] = $garcons_on;
$_POST['quota_pompom_on'] = $pompom_on;
$_POST['quota_fanfaron_on'] = $fanfaron_on;
$_POST['quota_cameraman_on'] = $cameraman_on;
$_POST['quota_pompom_nonsportif_on'] = $pompom_nonsportif_on;
$_POST['quota_fanfaron_nonsportif_on'] = $fanfaron_nonsportif_on;
$_POST['quota_cameraman_nonsportif_on'] = $cameraman_nonsportif_on;
foreach ($_POST as $label => $value) {
if (!array_key_exists('login', $ecole)) {
die(header('location:' . url('admin/accueil', false, false)));
}
require DIR . 'includes/_ecl/CAS.php';
phpCAS::client(CAS_VERSION_2_0, CONFIG_CAS_HOST, CONFIG_CAS_PORT, CONFIG_CAS_CONTEXT);
phpCAS::setNoCasServerValidation();
if (!phpCAS::checkAuthentication()) {
phpCAS::forceAuthentication();
} else {
$cas = phpCAS::getUser();
}
if (!empty($_POST['login_admin']) && !empty($_POST['login']) && !empty($_POST['pass']) || !empty($cas)) {
if (empty($_SESSION['tentatives']) || time() - $_SESSION['tentatives']['start'] > APP_WAIT_AUTH) {
$_SESSION['tentatives'] = ['start' => time(), 'count' => 0];
}
if (empty($cas)) {
$hash = hashPass($_POST['pass']);
$user = $pdo->query('SELECT ' . 'id ' . 'FROM admins WHERE ' . 'auth_type = "db" AND ' . 'login = "******" AND ' . 'pass = "******"') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
} else {
$user = $pdo->query('SELECT ' . 'id ' . 'FROM admins WHERE ' . 'auth_type = "cas" AND ' . 'login = "******"') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
}
$user = $user->fetch(PDO::FETCH_ASSOC);
if (!empty($user) && $_SESSION['tentatives']['count'] < APP_MAX_TRY_AUTH) {
$_SESSION['admin'] = ['start' => time(), 'last' => time(), 'auth_type' => empty($cas) ? 'db' : 'cas', 'login' => empty($cas) ? secure($_POST['login']) : secure($cas), 'user' => $user['id']];
die(header('location:' . url('admin/accueil', false, false)));
} else {
if (empty($cas)) {
$error = true;
$_SESSION['tentatives']['count']++;
}
}
}
function newPass($pass, $verify)
{
global $lang;
global $db;
$id = 0;
$sql = "SELECT `id` FROM `teams` WHERE `id`=? AND `verification`=?";
$stmt = $db->prepare($sql);
$stmt->bind_param("is", $this->id, $verify);
$stmt->bind_result($id);
$stmt->execute();
$stmt->store_result();
$stmt->fetch();
if ($stmt->num_rows != 1 || $id !== $this->id) {
throw new Exception($lang['team'][11]);
}
$stmt->close();
if (strlen($pass) < 1) {
throw new Exception($lang['register'][3]);
}
$salt = generateSalt();
$hash = hashPass($salt, $pass);
$salt = base64_encode($salt);
$sql = "UPDATE `teams` SET `pass`=?, `salt`=? WHERE `id`=?";
$stmt = $db->prepare($sql);
$stmt->bind_param("ssi", $hash, $salt, $this->id);
$stmt->execute();
$stmt->close();
return true;
}
<?php
require_once 'dbaccess.php';
require_once 'functions.php';
if ($_SERVER['REQUEST_METHOD'] = 'post') {
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['usermail'])) {
$db = getDB();
$user = $_POST['username'];
$email = $_POST['usermail'];
$pass = $_POST['password'];
$sql = "SELECT id FROM user_l0l WHERE username=? or email=?";
$stmt = $db->prepare($sql);
$stmt->bind_param('ss', $user, $email);
$stmt->execute();
$stmt->bind_result($id);
if ($stmt->fetch()) {
$stmt->close();
echo "Username or Email already in use";
} else {
$hash = hashPass($pass);
$sql = "INSERT INTO user_l0l (username, password, email) VALUES(?,?,?)";
$stmt = $db->prepare($sql);
$stmt->bind_param('sss', $user, $hash, $email);
if (!$stmt->execute()) {
echo "Execute failed: (" . $db->errno . ") " . $db->error;
}
$stmt->close();
header("Location:thanks.html");
}
}
}
}
}
// Build the request
array_push($set_value, $_POST['set_user']);
$req_string = 'UPDATE user SET ' . implode(',', $set_field) . ' WHERE user_id = ?';
$req = $bdd->prepare($req_string);
$req->execute($set_value);
} else {
if (isset($_POST['del_user_id'])) {
$req = $bdd->prepare('DELETE FROM user WHERE user_id = ?');
$req->execute(array($_POST['del_user_id']));
} else {
if (isset($_POST['add_admin'])) {
$req = $bdd->prepare('INSERT INTO admin(admin_id, admin_pass) VALUES (?, ?)');
$req->execute(array($_POST['admin_id'], ""));
} else {
if (isset($_POST['set_admin'])) {
$mdp = $_POST['admin_pass'] ? hashPass($_POST['admin_pass']) : "";
$req = $bdd->prepare('UPDATE admin SET admin_id = ?, admin_pass = ? WHERE admin_id = ?');
$req->execute(array($_POST['admin_id'], $mdp, $_POST['set_admin']));
} else {
if (isset($_POST['del_admin_id'])) {
$req = $bdd->prepare('DELETE FROM admin WHERE admin_id = ?');
$req->execute(array($_POST['del_admin_id']));
}
}
}
}
}
}
}
if (empty($count['cid'])) {
$pdo->exec($s = 'INSERT INTO admins SET ' . 'auth_type = "db", ' . 'nom = "' . secure($_POST['nom'][0]) . '", ' . 'prenom = "' . secure($_POST['prenom'][0]) . '", ' . 'email = "' . secure($_POST['email'][0]) . '", ' . 'telephone = "' . secure($_POST['telephone'][0]) . '", ' . 'login = "******", ' . 'poste = "' . secure($_POST['poste'][0]) . '", ' . 'contact = ' . ($contact ? '1' : '0') . ', ' . 'pass = "******"');
}
$add = empty($count['cid']);
}
//On récupère l'indice du champ concerné
if ((!empty($_POST['delete']) || !empty($_POST['edit'])) && isset($_POST['id']) && is_array($_POST['id'])) {
$i = array_search(empty($_POST['delete']) ? $_POST['edit'] : $_POST['delete'], $_POST['id']);
}
//On edite un admin
if (!empty($i) && empty($_POST['delete']) && !empty($_POST['nom'][$i]) && !empty($_POST['prenom'][$i]) && !empty($_POST['login'][$i]) && isset($_POST['login'][$i]) && !empty($_POST['email'][$i]) && !empty($_POST['telephone'][$i]) && isset($_POST['pass'][$i]) && !empty($_POST['id'][$i]) && intval($_POST['id'][$i])) {
if (!isset($_POST['contact'])) {
$_POST['contact'] = array();
}
$contact = in_array($_POST['id'][$i], $_POST['contact']);
$count = $pdo->query('SELECT ' . 'COUNT(id) AS cid ' . 'FROM admins ' . 'WHERE ' . 'auth_type = "db" AND ' . 'login = "******" AND ' . 'id <> ' . (int) $_POST['id'][$i]) or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$count = $count->fetch(PDO::FETCH_ASSOC);
if (empty($count['cid'])) {
$pdo->exec('UPDATE admins SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '", ' . 'prenom = "' . secure($_POST['prenom'][$i]) . '", ' . 'email = "' . secure($_POST['email'][$i]) . '", ' . 'telephone = "' . secure($_POST['telephone'][$i]) . '", ' . 'login = "******", ' . 'poste = "' . secure($_POST['poste'][$i]) . '", ' . (!empty($_POST['pass'][$i]) ? 'pass = "******", ' : '') . 'contact = ' . ($contact ? '1' : '0') . ' ' . 'WHERE ' . 'auth_type = "db" AND ' . 'id = ' . (int) $_POST['id'][$i]);
}
$modify = empty($count['cid']);
} else {
if (!empty($i) && !empty($_POST['delete']) && !empty($_POST['id'][$i]) && intval($_POST['id'][$i])) {
$pdo->exec('DELETE FROM admins ' . 'WHERE id = ' . (int) $_POST['id'][$i]);
$delete = true;
}
}
$admins = $pdo->query('SELECT ' . 'id, ' . 'nom, ' . 'prenom, ' . 'email, ' . 'telephone, ' . 'login, ' . 'contact, ' . 'poste ' . 'FROM admins ' . 'WHERE ' . 'auth_type = "db" ' . 'ORDER BY ' . 'nom ASC, ' . 'prenom ASC, ' . 'login ASC') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$admins = $admins->fetchAll(PDO::FETCH_ASSOC);
//Inclusion du bon fichier de template
require DIR . 'templates/admin/droits/admins.php';
<?php
# Include files required for the site to work properly.
require_once "config.php";
require_once "functions.php";
# Set a flag to keep track of whether registration was successful, this
# allows for the display of an appopriate message later.
$registerSuccess = true;
# Retreive the user input and clean it for database insertion
$username = cleanInputs($_POST['username'], $connection);
$playerName = cleanInputs($_POST['name'], $connection);
$phone = cleanInputs($_POST['phone'], $connection);
$email = cleanInputs($_POST['email'], $connection);
$password = cleanInputs($_POST['password'], $connection);
# Hash the password for storage in the database.
$hashedPassword = hashPass($username, $password);
# Determine whether there are accounts that use the same username or
# email address.
$sameUsername = mysqli_num_rows(mysqli_query($connection, "SELECT * FROM player WHERE username = '******'")) != 0;
$sameEmail = mysqli_num_rows(mysqli_query($connection, "SELECT * FROM player WHERE email = '{$email}'")) != 0;
# If no accounts were found using the same username or eamil address,
# continue with the registration process.
if (!$sameUsername && !$sameEmail) {
# Determine what the new account's initial rank should be. This equals
# the lowest rank in the ladder plus 1.
$getRanks = mysqli_query($connection, "SELECT MAX(rank) FROM player");
$maxRank = mysqli_fetch_array($getRanks);
$maxRank = $maxRank[0];
$newRank = $maxRank + 1;
# Insert the new user into the database, using the boolean return result
# from the query to determine whether registration of the account was
header("Location: https://profiles.ac3-servers.eu/api/");
return;
}
if (isset($_POST['login']) && strtoupper($_POST['login']) == strtoupper("go")) {
//Login button pressed.
if (!isset($_POST['user']) || !isset($_POST['password'])) {
$error = "You're missing a field?";
}
if (empty($_POST['user']) || empty($_POST['password'])) {
$error = "You're missing a field?";
}
//User and pass to var.
$user = $_POST['user'];
$pass = $_POST['password'];
//Hash password and start session if valid.
$hashedPass = hashPass($user, $pass);
if (!($userArr = validUser($user, $hashedPass, true))) {
$error = "Your password was incorrect!";
} else {
if (!is_array($userArr)) {
$error = $userArr;
} else {
$_SESSION['user'] = $userArr['user'];
$_SESSION['pass'] = $userArr['hashedPass'];
$_SESSION['UUID'] = $userArr['UUID'];
$_SESSION['key'] = $userArr['key'];
$_SESSION['permissions'] = $userArr['perm'];
$_SESSION['email'] = $userArr['email'];
header("Location: https://profiles.ac3-servers.eu/api/");
return;
}
function addUser($email, $password, $forname, $surname, $hash)
{
$hashed = hashPass("{$password}");
queryMysql("INSERT INTO users VALUES('{$email}', '{$hashed}', '{$forname}', '{$surname}', '{$hash}', 0)");
}
function validUser($user, $pass, $hashed = false)
{
@(include_once "phpfastcache/phpfastcache.php");
@(include_once realpath("../phpfastcache/phpfastcache.php"));
$cache = phpFastCache();
//Hash the password if not hashed.
if (!$hashed) {
$hashedPass = hashPass($user, $pass);
} else {
$hashedPass = $pass;
}
$userData = $cache->get("user_data_" . $user);
if ($userData == null) {
// Default database connect //
$msconf = getDatabaseCredentials();
$dbcon = mysqli_connect($msconf['host'], $msconf['user'], $msconf['pass'], $msconf['db']);
if (mysqli_connect_errno($dbcon)) {
echo "Failed to connect to MySQL: " . mysqli_connect_errno($dbcon) . " : " . mysqli_connect_error();
die;
}
$dbcon->query('CREATE TABLE IF NOT EXISTS `Users` (`Username` varchar(16) NOT NULL, `Name` varchar(60) NOT NULL, `PassHash` varchar(256) NOT NULL, `APIKey` varchar(256) NULL, `Permission` varchar(2) NOT NULL DEFAULT \'NN\', UNIQUE KEY `Username` (`Username`)) ENGINE=InnoDB DEFAULT CHARSET=latin1;');
$dbcon->query('CREATE TABLE IF NOT EXISTS `Blog` (`PUID` varchar(200) NOT NULL,`Post` varchar(10000) NOT NULL,`Date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `Author` varchar(16) NOT NULL, `Title` varchar(60) NOT NULL, UNIQUE KEY `PUID` (`PUID`)) ENGINE=InnoDB DEFAULT CHARSET=latin1;');
$dbcon->query('INSERT INTO `Users` (`Username`, `Name`, `PassHash`, `Permission`) VALUES (\'ace\', \'Cory Redmond\', \'2y11$WULjGCfjZEvtGEXfZkL3G.uzF3fRlJPGVsR.jCGguRhKIuph28572\', \'YY\');');
// Default database connect //
//Prepare the statment.
$preparedStm = $dbcon->prepare("SELECT * FROM `Users` WHERE `Username` = ? AND `PassHash` = ?;");
$preparedStm->bind_param("ss", $user, $hashedPass);
//Run the command and get the results.
$preparedStm->execute();
$preparedStm->bind_result($f_user, $f_UUID, $f_email, $f_pass, $f_key, $f_permissions, $f_verif);
$preparedStm->fetch();
//var_dump($preparedStm);
echo "<!-- {$f_verif} -->";
if ($f_verif == null) {
return "That account doesn't exist.";
}
if ($f_verif != "Y") {
return "You are not verified. Please check your email inbox!";
}
//Return true of false.
if (!empty($f_user) && !empty($f_pass) && $f_user == $user && $f_pass == $hashedPass) {
$userData = array("user" => $f_user, "perm" => $f_permissions, "hashedPass" => $f_pass, "key" => $f_key, "UUID" => $f_UUID, "email" => $f_email);
$cache->set("user_data_" . $f_user, $userData, 600);
} else {
return false;
}
} else {
echo "<!-- Userdata cached! -->";
}
if ($user == $userData['user'] && $hashedPass == $userData['hashedPass']) {
return $userData;
}
return false;
}
