function login_check($nick, $password) { global $settings; $this->nick = $nick; if (!$this->read()) { return false; } return sha512($this->salt . $password) == $this->password ? sha512(sprintf('p%sh%sp', $this->password, $settings->site_key)) : false; }
function init() { global $settings, $db, $params; $this->date = strftime('%d/%m'); $this->ip = $_SERVER['REMOTE_ADDR']; $this->origin = urlencode($_SERVER['REQUEST_URI']); /* today's lesson: the more bullshit you get into a cookie, the more secure it is. */ $this->expected_cookie = sha512(sprintf('ni%sna%sne', $settings->site_key, date('YdmYdYmdYmdY'))); $this->xsrf = substr(sha512(sprintf('el%sek%str%so', $this->expected_cookie, $this->ip, $settings->site_key)), 0, 8); if (!isset($_COOKIE[$settings->cookie])) { return false; } $tmp = base64_decode($_COOKIE[$settings->cookie]); $tmp = explode('!', $tmp); if (count($tmp) < 2) { // garbage; destroy $this->log(sprintf('Garbage cookie: %s', $_COOKIE[$settings->cookie])); $this->destroy(); return false; } if ((int) $tmp[0] == 0) { if ($this->expected_cookie == $tmp[1]) { $this->level = 'reader'; /* return already */ return true; } $this->log(sprintf('Invalid cookie: %s', $_COOKIE[$settings->cookie]), 256, true); $this->destroy(); return false; } else { $user = new User(); if ($user->cookie_check((int) $tmp[0], $tmp[1])) { $this->user = (int) $tmp[0]; $this->level = 'admin'; $this->nick = $user->nick; } else { $this->destroy(); } return false; } return false; }
<!DOCTYPE html> <html> <head> <title>User password generator</title> </head> <body> <?php $org_pw = ''; if (isset($_POST['passwd'])) { $org_pw = $_POST['passwd']; $hash_pw = sha512($org_pw); $salt = sha512(uniqid(mt_rand(1, mt_getrandmax()), true)); $pw = sha512($hash_pw . $salt); echo '<strong>Original Password:</strong> ' . $org_pw; echo '<br/>'; echo '<br/>'; echo '<strong>Password:</strong> ' . $pw; echo '<br/>'; echo '<br/>'; echo '<strong>Salt:</strong> ' . $salt; echo '<br/>'; echo '<hr/>'; echo '<br/>'; } function sha512($str = '', $raw_output = FALSE) { return hash('sha512', $str, $raw_output); } ?> <form name="form1" method="post" action=""> <label for="passwd">Password</label>
<?php include 'connect.php'; //variables goes here $name = mysqli_escape_string($_POST['name']); $email = mysqli_escape_string($_POST['email']); $password = sha256(sha512(mysqli_escape_string($_POST['password']))); $confirm = sha256(sha512(mysqli_escape_string($_POST['confirm']))); $send = $_POST['send']; //top level domain for emails $domains = array('@gmail.com', '@outlook.com', '@outlook.es', '@yahoo.com'); //validate form function validate() { $clean_email = strstr($email, '@'); if (empty($name) || !isset($name)) { echo 'please fill all fields'; } //check if array has a value if (!in_array($clean_email, $domains)) { echo 'please enter a valid email provider'; } if ($password !== $confirm) { echo 'plase check your password match'; } if (isset($_POST['register'])) { start_session(); } } validate(); function start_session()