function register_user() { global $db_server, $db_username, $db_password, $db_database; // read input variables $name = isset($_POST['name']) ? $_POST['name'] : ""; $username = isset($_POST['username']) ? $_POST['username'] : ""; $email = isset($_POST['email']) ? $_POST['email'] : ""; $password = isset($_POST['password']) ? $_POST['password'] : ""; // something is missing if ($name == "" || $username == "" || $email == "" || $password == "") { display_form("One or more input fields are empty", $name, $username, $email, $password); } else { $mysqli = new mysqli($db_server, $db_username, $db_password, $db_database); $stmt = $mysqli->prepare("INSERT INTO reg(name, username, email, password) VALUES(?,?,?,?)"); $stmt->bind_param('ssss', $name, $username, $email, get_password_hash($password)); $stmt->execute(); if ($stmt->affected_rows == 1) { echo "Registration successful"; } $stmt->close(); $mysqli->close(); } }
$pass_errors['current'] = 'Molim vas unesite svoju lozinku!'; } if (preg_match('/^(\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*){6,20}$/', $_POST['pass1'])) { if ($_POST['pass1'] == $_POST['pass2']) { $p = mysqli_real_escape_string($dbc, $_POST['pass1']); } else { $pass_errors['pass2'] = 'Vasa lozinka nije nadena u bazi podataka!'; } } else { $pass_errors['pass1'] = 'Molim unesite ispravnu lozinku!'; } if (empty($pass_errors)) { $q = "SELECT id FROM users WHERE pass='******' AND id={$_SESSION['user_id']}"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { $q = "UPDATE users SET pass='******' WHERE id={$_SESSION['user_id']} LIMIT 1"; if ($r = mysqli_query($dbc, $q)) { echo '<h3>Vasa lozinka je promjenjena.</h3>'; include './includes/footer.html'; exit; } else { trigger_error('Vasa lozinka nije mogli biti promjenjena zbog sistemskog errora.'); } } else { $pass_errors['current'] = 'Vasa trenutna lozinka je netocna'; } } } require './includes/form_functions.inc.php'; ?> <h3>Promijenite vasu lozinku</h3>
function update_user($username, $email, $password, $firstName, $lastName, $age, $zipcode) { $password = get_password_hash($password); $SQL = "UPDATE user SET username = '******', firstName = '" . $firstName . "', lastName = '" . $lastName . "', age = '" . $age . "'\n\t, email = '" . $email . "', password = '******', zipcode = '" . $zipcode . "' where username = '******';"; return mysql_query($SQL) or die(mysql_error()); }
require MYSQL; require "stock.php"; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $login_errors = array(); if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string($dbc, $_POST['email']); } else { $login_errors['email'] = 'Molimo unesite važeæu e-mail adresu!'; } if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string($dbc, $_POST['pass']); } else { $login_errors['pass'] = '******'; } if (empty($login_errors)) { $q = "SELECT id, username, type FROM users WHERE(email='{$e}' AND pass='******')"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { $row = mysqli_fetch_array($r, MYSQLI_NUM); if ($row[2] == 'admin') { session_regenerate_id(true); $_SESSION['user_admin'] = true; } $_SESSION['user_id'] = $row[0]; $_SESSION['username'] = $row[1]; } else { $login_errors['login'] = '******'; } } $o = "DELETE FROM current WHERE id=1"; $hi = mysqli_query($dbc, $o);
$pass_errors = array(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $q = 'SELECT id FROM users WHERE email="' . mysqli_real_escape_string($dbc, $_POST['email']) . '"'; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { list($uid) = mysqli_fetch_array($r, MYSQLI_NUM); } else { $pass_errors['email'] = 'Zadana email adresa ne slaze sa onim u arhivi!'; } } else { $pass_errors['email'] = 'Molim unesite vazecu email adresu!'; } if (empty($pass_errors)) { $p = substr(md5(uniqid(rand(), true)), 15, 15); $q = "UPDATE users SET pass='******' WHERE id={$uid} LIMIT 1"; $r = mysqli_query($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { $body = "Vasa sifra za logiranje na web sucelje za prodaju je privremeno promjenjena '{$p}'. \n\t\t\tMolim da se logirate pomocu te zaporke i ove email adrese. Tada mozete promjeniti vasu sifru\n\t\t\tna nesto poznatije."; mail($_POST['email'], 'Vasa privremena lozinka.', $body, 'From: system0@net.hr'); echo '<h3>Vasa sifra je promjenjena.</h3><p>Primit cete novu, privremenu zaporku emailom. Nakon sto ste se logirali sa novom sifrom, mozete ju promjeniti.</p>'; include './includes/footer.html'; exit; } else { trigger_error('Vasa zaporka se nije mogla promjeniti zbog sistemskog errora.'); } } } require './includes/form_functions.inc.php'; ?>
// Validate the email address: if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string($dbc, $_POST['email']); } else { $login_errors['email'] = 'Please enter a valid email address!'; } // Validate the password: if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string($dbc, $_POST['pass']); } else { $login_errors['pass'] = '******'; } if (empty($login_errors)) { // OK to proceed! // Query the database: $q = "SELECT * FROM users WHERE (email='{$e}' AND pass='******')"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) == 1) { // A match was made. // Get the data: $row = mysqli_fetch_assoc($r); // If the user is an administrator, create a new session ID to be safe: // This code is created at the end of Chapter 4: // Store the data in a session: $_SESSION['user_id'] = $row['id']; $_SESSION['username'] = $row['username']; // Only indicate if the user's account is not expired: } else { // No match was made. $login_errors['login'] = '******'; }
if ($refundSum > 0) { $moneyflowTable->add(array("user" => $oldFields['user'], "sum" => $refundSum, "detailsname" => "refund", "detailsid" => $oldFields['id'])); } break; } } else { if ($oldFields['detailsname'] == 'adminpay') { $moneyflowTable = new table('moneyflow'); $moneyflowTable->add(array("user" => $oldFields['user'], "sum" => -money($oldFields['sum']), "detailsname" => "adminpay", "detailsid" => $oldFields['detailsid'])); } } } return $newFields; }, 'master' => function ($id, $newFields) { if (isset($newFields['password'])) { $newFields['password'] = get_password_hash($newFields['password']); } return $newFields; }); $afterEditRenderers = array('user' => function ($id, $newFields, $oldFields) { // Router migration if (isset($newFields['router'])) { if (intval($oldFields['router'])) { controllerRouterQueue($oldFields['router'], "delete", $id); } controllerRouterQueue($newFields['router'], "update", $id); } else { if (isset($newFields['login']) || isset($newFields['password']) || isset($newFields['disabled']) || isset($newFields['iplist'])) { controllerRouterQueue($oldFields['router'], "update", $id); } }
<?php function get_password_hash($password) { return $password; } if (isset($_POST["username"])) { include "connect.php"; $q = "SELECT `id`,`password_hash` FROM `users` WHERE email = '" . $_POST["username"] . "'"; $user = mysql_fetch_object(mysql_query($q)); if ($user != null && $user->password_hash == get_password_hash($_POST["password"])) { session_start(); $_SESSION['user'] = $user->id; print "success"; exit; } else { print "error"; exit; } }
<?php function get_password_hash($password) { // Generate a bcrypt encrypted password hash. // This hash will always be 60 characters long. return password_hash($password, PASSWORD_BCRYPT); } function verify_password_hash($password, $hash) { // Verify a bcrypt hashed password. return password_verify($password, $hash); } $password = ""; if (isset($_GET['password'])) { $password = $_GET['password']; } $hash = get_password_hash($password); $hash_verified = verify_password_hash($password, $hash); echo "Password: "******"<br>"; echo "Password hash: " . $hash . "<br>"; echo "Hash verified: " . ($hash_verified ? "True" : "False");
if (empty($reg_errors)) { // If everything's OK... // Make sure the email address and username are available: $q = "SELECT email, username FROM users WHERE email='{$e}' OR username='******'"; $r = mysqli_query($dbc, $q); // Get the number of rows returned: $rows = mysqli_num_rows($r); if ($rows == 0) { // No problems! // Add the user to the database... // Temporary: set expiration to a month! // Change after adding PayPal! //$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . get_password_hash($p) . "', '$fn', '$ln', ADDDATE(NOW(), INTERVAL 1 MONTH) )"; // New query, updated in Chapter 6 for PayPal integration: // Sets expiration to yesterday: $q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('{$u}', '{$e}', '" . get_password_hash($p) . "', '{$fn}', '{$ln}', SUBDATE(NOW(), INTERVAL 1 DAY) )"; $r = mysqli_query($dbc, $q); if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. // Get the user ID: // Store the new user ID in the session: // Added in Chapter 6: $uid = mysqli_insert_id($dbc); // $_SESSION['reg_user_id'] = $uid; // Display a thanks message: // Original message from Chapter 4: echo '<h3>Thanks!</h3><p>Thank you for registering! You may now log in and access the site\'s content.</p>'; // Updated message from Chapter 6: //echo "<h3>Thanks!</h3><p>Thank you for registering! To complete the process, please now click the button below so that you may pay for your site access via PayPal. The cost is $10 (US) per year.</p>"; // PayPal link added in Chapter 6: echo '<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
} if (preg_match('/^(\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*){6,20}$/', $_POST['pass1'])) { if ($_POST['pass1'] == $_POST['pass2']) { $p = mysqli_real_escape_string($dbc, $_POST['pass1']); } else { $reg_errors['pass2'] = 'Vasa zaporka nije jednaka prihvacenoj zaporci!'; } } else { $reg_errors['pass1'] = 'Molim unesite zaporku!'; } if (empty($reg_errors)) { $q = "SELECT email, username FROM users WHERE email='{$e}' OR username='******'"; $r = mysqli_query($dbc, $q); $rows = mysqli_num_rows($r); if ($rows == 0) { $q = "INSERT INTO users (username, email, pass, first_name, last_name) VALUES ('{$u}', '{$e}', '" . get_password_hash($p) . "', '{$fn}', '{$ln}')"; $r = mysqli_query($dbc, $q); $concat = $fn . " " . $ln; $z = "INSERT INTO db_cart_example_customer( name, email) VALUES('{$concat}', '{$e}')"; $w = mysqli_query($dbc, $z); $uid = mysqli_insert_id($dbc); echo '<h3>Zdravo</h3><p>Hvala vam na registraciji, ako zelite nastaviti ulogirajte se na desnoj strani sa vasim korisnickim racunom </p>'; echo 'Nadam se da ce vam se svidjeti ova stranica'; // Mail poslan korisniku kada se registrira //$body = "Hvala vam na vasoj registraciji na nasoj stranici."; //mail($_POST['email'], 'Registracija potvrdena', $body, 'From: system0@net.hr'); include './includes/footer.html'; exit; } else {