Пример #1
0
/**
 * Creates a very secure hash. Uses blowfish by default with a fallback on SHA512.
 */
function create_hash($string, &$salt = '', $stretch_cost = 10)
{
    $salt = pseudo_rand(128);
    $salt = substr(str_replace('+', '.', base64_encode($salt)), 0, 22);
    if (function_exists('hash') && in_array($hash_method, hash_algos())) {
        return crypt($string, '$2a$' . $stretch_cost . '$' . $salt);
    }
    return _create_hash($string, $salt);
}
Пример #2
0
        $fehlermeldung = '<h3>Die Anmeldung war fehlerhaft!</h3>';
    }
}
if (isset($_POST['register']) & !empty($_POST['rbenutzer']) & !empty($_POST['rpasswort']) & !empty($_POST['rkey'])) {
    $db = $conid;
    $eingabe = cleanInputRegister();
    $sql = "SELECT `Name` FROM `User` WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($db, $eingabe['checkname']) . "' LIMIT 1";
    $result = mysqli_query($db, $sql);
    if (mysqli_num_rows($result) == 0) {
        $sql = "SELECT ID, OTP_Used, Groups_ID FROM OTP WHERE OTP_Key = '" . mysqli_real_escape_string($db, $eingabe['key']) . "' LIMIT 1";
        $result = mysqli_query($db, $sql) or die('Verbindungsfehler!');
        $zeile = mysqli_fetch_array($result);
        if (mysqli_num_rows($result) > 0 & $zeile['OTP_Used'] == 0) {
            $sql = "UPDATE `OTP` SET `OTP_Used` = 1 WHERE OTP_Key = '" . mysqli_real_escape_string($db, $eingabe['key']) . "' LIMIT 1";
            mysqli_query($db, $sql) or die('Verbindungsfehler!');
            $pseudo = pseudo_rand(128);
            $hash = create_hash($eingabe['passwort'], $pseudo);
            $sql = "INSERT INTO `User`(`Name`, `Password`, `Salt`, `Created`, `OTP_ID`) \n               VALUES ('" . mysqli_real_escape_string($db, $eingabe['benutzername']) . "', '" . $hash . "', '" . $pseudo . "', NOW(), " . $zeile['ID'] . ")";
            mysqli_query($db, $sql) or die('Verbindungsfehler!');
            $sql = "SELECT MAX(`ID`) AS User_ID FROM User";
            $result = mysqli_query($db, $sql) or die('Verbindungsfehler!');
            $maxuser = mysqli_fetch_array($result);
            $sql = "INSERT INTO `User_has_Groups` (`User_ID`, `Groups_ID`) VALUES ('" . $maxuser['User_ID'] . "', '" . $zeile['Groups_ID'] . "');";
            mysqli_query($db, $sql) or die('Verbindungsfehler!');
            $fehlermeldung = '<h3>Registration Complete</h3>';
        } else {
            $fehlermeldung = '<h3>Trying to use a wrong key ? *eyes of pity*</h3>';
        }
    } else {
        $fehlermeldung = '<h3>One of the fieds is wrong... But I won\'t say which.</h3>';
    }