<?php require_once 'header.php'; $error = $user = $pass = ""; // When form is submitted, sanitize inputs and check for validity. if (isset($_POST['user'])) { $user = sanitizeString($db, $_POST['user']); $pass = sanitizeString($db, $_POST['pass']); if ($user == "" || $pass == "") { $error = "Not all fields were entered<br>"; } else { // Salt and hash passwords before adding to database. $salt1 = "2Qs0r@"; $salt2 = "J0n@\$"; $token = hash('ripemd128', "{$salt1}{$pass}{$salt2}"); $result = queryMySQL("SELECT userid,password FROM USERS\n WHERE userid='{$user}' AND password='******'"); if ($result->num_rows == 0) { $error = "<span class='error'>Username/Password\n invalid</span><br>"; } else { $_SESSION['user'] = $user; $_SESSION['pass'] = $pass; // Clear forms and present link to main app page. echo "<script>\$(\"#primaryForm\").remove();</script>"; die("You are now signed in. Please <a href='wall.php'>" . "click here</a> to continue.<br>"); } } } // Remove top sign in button, present sign in form. echo <<<_END <script> \$("#signInBtn").remove();
<?php // Example 26-7: login.php require_once 'header.php'; echo "<div class='main'><h3>Please enter your details to log in</h3>"; $error = $user = $pass = ""; if (isset($_POST['user'])) { $user = sanitizeString($_POST['user']); $pass = password_hash(sanitizeString($_POST['pass']), PASSWORD_DEFAULT); $pass = sha1(sanitizeString($_POST['pass'])); if ($user == "" || $pass == "") { $error = "Not all fields were entered<br>"; } else { $result = queryMySQL("SELECT user,pass FROM members\n WHERE user='******' AND pass='******'"); if ($result->num_rows == 0) { $error = "<span class='error'>Username/Password\n invalid</span><br><br>"; } else { $_SESSION['user'] = $user; $_SESSION['pass'] = $pass; die("You are now logged in. Please <a href='members.php?view={$user}'>" . "click here</a> to continue.<br><br>"); } } } echo $pass; echo <<<_END <form method='post' action='login.php'>{$error} <span class='fieldname'>Username</span><input type='text' maxlength='16' name='user' value='{$user}'><br> <span class='fieldname'>Password</span><input type='password' maxlength='16' name='pass' value='{$pass}'> _END;
require_once 'session.php'; //Haomin liu,12109377,assignment 2,quizfun $error = $username = $password = ""; $errorCode = 0; $errorDesc = ""; if (isset($_POST['user'])) { $username = sanitizeString($_POST['user']); $password = sanitizeString($_POST['pass']); if ($username == "" || $password == "") { $errorCode = 1; $errorDesc = "Not all fields were entered"; } else { //salt and hash for password $salt1 = "qm&h*"; $salt2 = "pg!@"; $token = hash('ripemd128', "{$salt1}{$password}{$salt2}"); //search input user in database $result = queryMySQL("SELECT username,password FROM members\n WHERE username='******' AND password='******'"); if ($result->num_rows == 0) { $errorCode = 2; $errorDesc = "Username or Password is invalid"; } else { $_SESSION['user'] = $username; $errorCode = 0; $errorDesc = "You are now logged in"; } } } echo json_encode(array('error' => $errorCode, 'errorDesc' => $errorDesc)); $connection->close();
if (isset($_SESSION['user'])) { destroySession(); } if (isset($_POST['user'])) { $user = sanitizeString($db, $_POST['user']); //Get the form fields $pass = sanitizeString($db, $_POST['pass']); $passver = sanitizeString($db, $_POST['passver']); if ($user == "" || $pass == "" || $passver == "") { $error = "Not all fields were entered<br>"; } else { if ($pass != $passver) { $error = "Passwords don't match<br>"; } else { //Check to see if username already exists $result = queryMySQL("SELECT username FROM USERS WHERE username='******'"); if ($result->num_rows > 0 || stripos($user, "admin") > -1) { $error = "Username unavailable"; } else { $token = encrypt($pass); add_user($connection, $user, $token); echo '<META http-equiv="refresh" content="3;URL=http://lamp.cse.fau.edu/~wnazaire2013/fp/index.php">'; die("Sign up sucessful! <a href='index.php'>Login here</a> if redirect fails."); } } } } echo <<<_END {$error} <div id='info' class=""></div> <div id="validation_state" class="">
<?php require_once 'all.php'; if ($loggedin) { die("<!DOCTYPE html>\n <html>\n <head>\n <title>Log in</title>\n </head>\n <body class='overbody'>\n <link type='text/css' rel='stylesheet' href='login.css'/> \n <link rel='stylesheet' href='jquery-ui.min.css'>\n <link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet'>\n <link href='http://s3.amazonaws.com/codecademy-content/courses/ltp2/css/bootstrap.min.css' rel='stylesheet'>\n <link rel='alternate' type='application/rss+xml' title='RSS' href='http://www.csszengarden.com/zengarden.xml'>\n <script src='//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script type='text/javascript' src='jquery.js'></script>\n <script src='menu.js'></script>\n <script src='filter.js'></script>\n <script src='https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script src='insideFilter.js'></script> \n \n <div class='topbar'>\n <div class='container'>\n <ul class='menu'>\n <li><a href='index.php'>Home</a></li>\n <li><a href='thread.php'>Create Thread</a></li>\n <li><a href='createLiveThread.php'>Create Live Thread</a></li>\n <li><a href='groups.php'>Groups</a></li>\n <li><a href='allChatRooms.php'>Chat</a></li>\n <li><a href='activity.php'>Activity</a></li>\n <li class='dropdown'>\n <a href='#' class='dropdown-toggle'>Me<b class='caret'></b></a>\n <ul class='dropdown-menu'>\n <li><a href='profile.php'>Profile</a></li>\n <li><a href='photos.php'>My Photos</a></li>\n <li><a href='myvideos.php'>My videos</a></li>\n <li><a href='watching.php'>Watching</a></li>\n <li><a href='watchers.php'>My Watchers</a></li>\n <li><a href='groups.php'>My Groups</a></li>\n <li><a href='mythread.php'>My Threads</a></li>\n <li><a href='logout.php'>Log out</a></li>\n <li><a href='messages.php'>Messages</a></li>\n </ul>\n </li>\n </ul>\n \n </div>\n </div>\n <div class='inputEverything'>\n <div class='logmain'>\n You are already logged in. Please <a href='profile.php?view={$user}'>\n click here</a> to continue.<br><br>\n </div>\n </div>"); } $error = $user = $password = $email = ""; if (isset($_POST['user'])) { $user = sanitizeString($_POST['user']); $password = sanitizeString($_POST['password']); $email = sanitizeString($_POST['email']); if ($user == '' || $email == '' || $password == '') { $error = "All fields are not entered<br><br>"; } else { $result = queryMySQL("SELECT user,password,email FROM members WHERE user='******' AND password='******' AND email='{$email}'"); } if ($result->num_rows == 0) { $error = "<span class='error'>Username/Password/email invalid</span><br><br>"; } else { $_SESSION['user'] = $user; $_SESSION['password'] = $password; $_SESSION['email'] = $email; $loggedin = TRUE; die("<!DOCTYPE html>\n <html>\n <head>\n <title>Log in</title>\n </head>\n <body class='overbody'>\n <link type='text/css' rel='stylesheet' href='login.css'/> \n <link rel='stylesheet' href='jquery-ui.min.css'>\n <link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet'>\n <link href='http://s3.amazonaws.com/codecademy-content/courses/ltp2/css/bootstrap.min.css' rel='stylesheet'>\n <link rel='alternate' type='application/rss+xml' title='RSS' href='http://www.csszengarden.com/zengarden.xml'>\n <script src='//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script type='text/javascript' src='jquery.js'></script>\n <script src='menu.js'></script>\n <script src='filter.js'></script>\n <script src='https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script src='insideFilter.js'></script> \n \n <div class='topbar'>\n <div class='container'>\n <ul class='menu'>\n <li><a href='index.php'>Home</a></li>\n <li><a href='thread.php'>Create Thread</a></li>\n <li><a href='createLiveThread.php'>Create Live Thread</a></li>\n <li><a href='groups.php'>Groups</a></li>\n <li><a href='allChatRooms.php'>Chat</a></li>\n <li><a href='activity.php'>Activity</a></li>\n <li class='dropdown'>\n <a href='#' class='dropdown-toggle'>Me<b class='caret'></b></a>\n <ul class='dropdown-menu'>\n <li><a href='profile.php'>Profile</a></li>\n <li><a href='photos.php'>My Photos</a></li>\n <li><a href='viewWatching.php'>Watching</a></li>\n <li><a href='viewWatchers.php'>My Watchers</a></li>\n <li><a href='groups.php'>Groups</a></li>\n <li><a href='logout.php'>Log out</a></li>\n\t\t\t <li><a href='messages.php'>Messages</a></li>\n </ul>\n </li>\n </ul>\n \n </div>\n </div>\n <div class='inputEverything'>\n <div class='logmain'>\n You are now logged in. Please <a href='profile.php?view={$user}'>\n click here</a> to continue.<br><br>\n </div>\n </div>"); } } echo <<<_A <!DOCTYPE html> <html> <head> <title>Log in</title>
$("#slide").slideToggle(3000); }); }); </script> <?php require_once 'functions.php'; $error = $user = $pass = ""; if (isset($_POST['email'])) { $email = sanitizeString($_POST['email']); $password = sanitizeString($_POST['password']); if (empty($email) || empty($password)) { $error = "Not all fields were entered"; echo "<script>alert('" . $error . "');</script>"; } else { $result = queryMySQL("SELECT email,password FROM users\n WHERE email='{$email}' AND password='******'"); if ($result->num_rows == 0) { //$error = "<span class='error'>Username/Password //invalid</span><br><br>"; echo "<script>alert('Username/Password invalid')</script>"; } else { $_SESSION['email'] = $email; $_SESSION['password'] = $password; echo "<script>alert('Success');</script>"; header('Refresh:1; url=index.html'); die; } } } ?>
<?php require_once '../functions.php'; logger("************* Started admin task *************"); $data = json_decode(file_get_contents("php://input")); logger(print_r($data, TRUE)); $username = sanitizeString($data->username); $admin = sanitizeString($data->admin); logger("username = "******" ... adminset = " . $admin); $query = "UPDATE users SET admin='{$admin}' WHERE username='******'"; $response = queryMySQL($query); logger($response); echo "Success";
*/ require_once 'functions/functions.php'; require_once 'functions/header.php'; if ($_POST) { if (!$loggedin) { $error = $user = $pass = ""; if (isset($_POST['username'])) { $user = sanitizeString($_POST['username']); $pass = sanitizeString($_POST['pass']); if ($user == "" || $pass == "") { $error = "<center>Not all fields were entered<br></center>"; } else { $s1 = "su*!#er"; $s2 = "ts&a@s#"; $token = hash('ripemd128', "{$s1}{$pass}{$s2}"); $result = queryMySQL("SELECT userid,fac_id,grid FROM Access\n WHERE userid='{$user}' AND pass='******'"); $row = mysql_fetch_array($result); if (!$row) { $error = "<br><br><center><span class='error'>Username/Password\n invalid</span><br><br></center>"; echo '' . $error; } else { insertAccessInfo($user); $_SESSION['user'] = $row['userid']; $_SESSION['fac_id'] = $row['fac_id']; $_SESSION['grid'] = $row['grid']; $sessionfac_id = $row['fac_id']; $loggedin = TRUE; echo "<br><center><div class='main'>You are now logged in.<br>" . "You are now being redirected to home page." . "<a href='index.php' style='font-size:1em; color:white;'>Click here</a> to redirect manually.<br><br></div></center>"; header("Refresh: 1; url=index.php"); exit; }
<?php require_once '../functions.php'; logger("Started fetch"); $data = json_decode(file_get_contents("php://input")); logger(print_r($data, TRUE)); $username = sanitizeString($data->username); logger("Username = "******"SELECT username, password, major, first_name, last_name, admin, locked, banned FROM users WHERE username='******'"); logger(print_r($result, TRUE)); $result->data_seek(0); $row = $result->fetch_array(MYSQLI_ASSOC); $row = json_encode($row); logger(print_r($row, TRUE)); logger("Final JSON"); logger(print_r(json_encode($row), TRUE)); echo $row;
<?php require_once '../functions.php'; logger("Started fetch for rating"); $data = json_decode(file_get_contents("php://input")); logger(print_r($data, TRUE)); $id = sanitizeString($data->id); logger("movie_id=" . $id); $query = "SELECT rating FROM ratings WHERE movie_id='{$id}'"; $result = queryMySQL($query); if (!$result) { die($connection->error); } $num_ratings = $result->num_rows; $totalRating = 0; for ($i = 0; $i < $num_ratings; $i++) { $result->data_seek($i); $row = $result->fetch_array(MYSQLI_ASSOC); $rating = $row['rating']; $totalRating = $totalRating + $rating; } $returnValue = json_encode(array("total_rating" => $totalRating, "ratings_count" => $num_ratings)); logger(print_r($returnValue, TRUE)); echo $returnValue;
die($connection->connect_error); } } if (isset($_POST['user'])) { $user = sanitizeString($db, $_POST['user']); //Get the form fields $pass = sanitizeString($db, $_POST['pass']); $passver = sanitizeString($db, $_POST['passver']); if ($user == "" || $pass == "" || $passver == "") { $error = "Not all fields were entered<br>"; } else { if ($pass != $passver) { $error = "Passwords don't match<br>"; } else { //Check to see if username already exists $result = queryMySQL("SELECT username,password FROM USERS\n WHERE username='******'"); if ($result->num_rows > 0) { $error = "<span class='error'>Username already exists</span><br><br>"; } else { $token = encrypt($pass); add_user($connection, $user, $token); die("Sign up sucessful! <a href='index.php'>Login here.</a>"); } } } } echo <<<_END {$error} <label for="user" class="sr-only">Username</label> <input type="text" name="user" class="form-control" placeholder="Choose a username" value="{$user}" required autofocus> <label for="pass" class="sr-only">Password</label>
<?php require_once '../functions.php'; $data = json_decode(file_get_contents("php://input")); logger(print_r($data, TRUE)); $username = sanitizeString($data->username); $password = sanitizeString($data->password); logger("Username = "******"Password = "******"" && $password) { $response = queryMySQL("INSERT INTO users (username, password) VALUES ('{$username}', '{$password}')"); logger($response); echo "Success!"; } ?>
<?php require_once '../functions.php'; logger("Started list"); $result = queryMySQL("SELECT username, password, major, first_name, last_name, banned, locked, admin FROM users"); logger(print_r($result, TRUE)); $num_rows = $result->num_rows; $returnVal = array(); for ($i = 0; $i < $num_rows; $i++) { $result->data_seek($i); $row = $result->fetch_array(MYSQLI_ASSOC); $returnVal[] = $row; } logger(print_r(json_encode($returnVal), TRUE)); echo json_encode($returnVal);
<!-- <script src="js/jquery-2.1.1.js"></script> --> <script src="js/showpassword.js"></script> </head> <body> <?php $error = $login_user = $login_pass = $hash_pass = ""; if (isset($_POST['user'])) { $login_user = sanitizeString($_POST['user']); $login_pass = sanitizeString($_POST['pass']); if ($login_pass != "") { $hash_pass = md5("hash" . $login_pass); } if ($login_user == "" || $login_pass == "") { $error = "<span class='error'>Not all fields were entered.</span>"; } else { $result = queryMySQL("SELECT user,pass FROM members\n\t\t\t\t\t\t\tWHERE user='******' AND pass='******'"); if ($result->num_rows == 0) { $error = "Username / Passward invalid."; echo "<script type='text/javascript'>alert('{$error}');</script>"; } else { $_SESSION['user'] = $login_user; $_SESSION['pass'] = $hash_pass; if (isset($_POST['signup'])) { header("location:profile.php"); } else { header("location:members.php"); } } } } ?>