include "util.php"; if (check_login() == 1) { die('You\'re already logged in!'); } if (isset($_POST['username'])) { $username = test_input_sql_injection($_POST['username']); } else { die('username empty'); } if (isset($_POST['password'])) { $password = sha1(test_input_sql_injection($_POST['password'])); } else { die('password empty'); } if (isset($_POST['mail'])) { $email = test_input_sql_injection($_POST['mail']); } else { die('email empty'); } try { $con = connect(); $result = mysqli_query($con, "SELECT * FROM users WHERE username = '******' ") or die('err'); while ($row = mysqli_fetch_array($result)) { die('Username already exists!'); } $result = mysqli_query($con, "INSERT INTO users (username,password,email,joined_date,type,reputation,blocked_until ) VALUES ('{$username}','{$password}','{$email}',NOW(),'regular',0,NULL) ") or die('err'); echo 'OK!'; header('Location: ../home.php'); mysqli_close($con); } catch (Exception $e) { die('err');
function check_login() { if (!isset($_SESSION)) { session_start(); } if (!isset($_SESSION["sessionid"])) { return 0; } else { $username = test_input_sql_injection($_SESSION["username"]); $password = test_input_sql_injection($_SESSION["sessionid"]); try { $con = connect(); $result = mysqli_query($con, "SELECT * FROM users WHERE username = '******'") or die('query err'); $pas; if ($row = mysqli_fetch_array($result)) { $pas = $row['password']; } mysqli_close($con); if ($pas == $password) { return 1; } else { return 0; } } catch (Exception $e) { return 0; } } }
<?php require_once "util.php"; if (!isset($_SESSION)) { session_start(); } if (check_login() == 1) { die('You\'re already logged in!'); } if (isset($_POST['username'])) { $username = test_input_sql_injection($_POST['username']); } else { die('username empty'); } if (isset($_POST['password'])) { $password = test_input_sql_injection($_POST['password']); } else { die('password empty'); } try { $con = connect(); $getPwdSql = "SELECT password,blocked_until FROM Users WHERE username = '******' "; $result = mysqli_query($con, $getPwdSql) or die('err'); if ($row = mysqli_fetch_array($result)) { if ($row['password'] != sha1($password)) { die('passwords not match'); } $blockeduntil = $row['blocked_until']; $nowis = date('Y-m-d H:i:s', time()); if ($nowis < $blockeduntil) { die('You are blocked until ' . $blockeduntil);