Code: Select all
<?php
// Salt Generator
function generate_salt ()
{
// Declare $salt
$salt = '';
// And create it with random chars
for ($i = 0; $i < 3; $i++)
{
$salt .= chr(rand(35, 126));
}
return $salt;
}
function user_register($username, $password)
{
// Get a salt using our function
$salt = generate_salt();
// Now encrypt the password using that salt
$encrypted = md5(md5($password).$salt);
// And lastly, store the information in the database
$query = "insert into user (username, password, salt) values ('$username', '$encrypted', '$salt')";
mysql_query ($query) or die ('Could not create user.');
}
function user_login($username, $password)
{
// Try and get the salt from the database using the username
$query = "select salt from user where username='$username' limit 1";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);
// Try and get the user using the username & encrypted pass
$query = "select userid, username from user where username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);
// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['userid']);
$encrypted_name = md5($user['username']);
// Store the data in the session
$_SESSION['userid'] = $userid;
$_SESSION['username'] = $username;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;
if ($numrows == 1)
{
return 'Correct';
}
else
{
return false;
}
}
function user_logout()
{
// End the session and unset all vars
session_unset ();
session_destroy ();
}
function is_authed()
{
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn't been changed
if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
{
return true;
}
else
{
return false;
}
}
?>(excluding the template--this is just the form and actions)
Code: Select all
<?php if (isset($reg_error)) { ?>
There was an error: <?php echo $reg_error; ?>, please try again.
<?php } ?>
<form action="register.php" method="post">
<b>Username:</b> <input type="text" size="20" maxlength="20" name="username"
<?php if (isset($_POST['username'])) { ?> value="<?php echo $_POST[ 'username' ]; ?>" <?php } ?>/><br />
<b>Password:</b> <input type="password" size="20" maxlength="10" name="password" /><br />
<b>Confirm Password:</b> <input type="password" size="20" maxlength="10" name="confirmpass" /><br />
<input type="submit" name="submit" value="Register!" />
</form>
<?php
// Include init file
include 'init.php';
if (!isset($_POST['submit']))
{
// Show the form
include 'register_form.inc.php';
exit;
}
else
{
// Check if any of the fields are missing
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['confirmpass']))
{
// Reshow the form with an error
$reg_error = 'One or more fields missing';
include 'register_form.inc.php';
exit;
}
// Check if the passwords match
if ($_POST['password'] != $_POST['confirmpass'])
{
// Reshow the form with an error
$reg_error = 'Your passwords do not match';
include 'register_form.inc.php';
exit;
}
// Everything is ok, register
user_register ($_POST['username'], $_POST['password']);
echo 'Thank you for registering on our site, <a href="index.php">click here</a> to go back.';
}
?>"Parse error: syntax error, unexpected T_STRING in /home/content/m/e/l/melindash/html/functions.php on line 6"
line 6 of functions.php :
Code: Select all
$salt = '';Thanks a bunch, Melinda