This code is the "universal" code, it gets included on every page that requires it. Its purpose is simple, connect to the database, hold universal variables/functions. Oh, and i left the mysql connect info because its localhost, and obviously no one can do much with that. Also, the error stuff in the beginning of the below code is just there for debugging and testing, it will be disabled before i post it to the web.
Code: Select all
<?PHP
/*
Title: Universal Info, mysql.php
Author: Dylan G.
Directory: /forum/
Purpose: To contain universal variables/functions, connect to server
Orignal Draft: July 27, 2010
Last Update: July 28, 2010
*/
//Debug settings
ini_set('error_reporting', 'On');
error_reporting(E_ALL);
//Connection Section
$mysql_username = "root";
$mysql_password = "";
$mysql_host = "localhost";
$U_salt = "*****";
mysql_connect($mysql_host,$mysql_username,$mysql_password) or die("Could Not Connect To Mysql Server:<br>". mysql_error());
//Universal Variables
$U_host = "http://localhost";
//Universal Functions
function _generateHash($in1,$in2,$in3) {
$hashed = md5($in1.$in3.$in2.$U_salt);
return $hashed;
}
?>Code: Select all
<?PHP
/*
Title: Login Checker, checklogin.php
Author: Dylan G.
Directory: /forum/auth/
Purpose: To validate login information and if login is successfull, create session.
Orignal Draft: July 27, 2010
Last Update: July 28, 2010
*/
//Connect to server, gather universal functions and variables
require("/../mysql.php");
//Define outside urls
$errorURL = $U_host."/auth/index.php?status=failed";
$success = $U_host."/index.php?status=complete";
//Define Database
mysql_select_db("members") or die("Could not select database:<br>".mysql_error());
//Cleanup Variables
if ((!isset($_POST['username']) || (!isset($_POST['password'])) {
header("Location: ".$errorURL."&reason=missinginfo");
die();
}
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$password = mysql_real_escape_string(stripslashes($_POST['password']));
//Retrieve Private Salt
$sql = "SELECT psalt,powerlevel FROM users WHERE username='".$username."'";
$execute = mysql_query($sql) or die(mysql_error());
//If user doesnt exist aka salt doesnt exist
if (mysql_num_rows($execute) == 0) {header("Location: ".$errorURL."&reason=udne"); die();}
//Get salt
while ($row = mysql_fetch_assoc($execute)) {
$salt = $row['psalt'];
$pwrLVL = $row['powerlevel'];
}
//Generate hashed password
$password = _generateHash($username,$password,$salt);
//Login Check
$sql = "SELECT id FROM users WHERE username='".$username."' AND password='".$password."'";
$execute = mysql_query($sql) or die(mysql_error());
//If only one person matches create login
if (mysql_num_rows($execute) == 1) {
session_start();
$pepper = rand(10000,9999999);
$_SESSION['username'] = $username;
//Added username for gaurenteed unique
$_SESSION['visitid'] = md5($pepper.$username);
$_SESSION['PL385'] = rand(10,99).$pwrLVL.rand(1,99);
//update visit id
$sql = "UPDATE users SET visitid WHERE username='".$username."'";
$execute = mysql_query($sql) or die(mysql_error());
header("Location: ".$success);
die();
}
//Anything eles gets an error
else { header("Location: ".$errorURL."&reason=badinfo"); die();}
?>PHP - 5.3.0
MySQL - 5.1.36
Thanks For Reading
-BB5