That's rather dirty coding. Here, I revised it for you.
* The PHP syntax BELOW should be in a file named: index.php
<?php
# Created by ccbtimewiz (ccbtimewiz@jeunosky.net)
# ====================================================== #
// Defining all things called by this file as 'Cornet'
define('Cornet', 1);
// Grabbing the server PHP file...
require_once(dirname(__FILE__) . '/Server.php');
// Ending the session.
session_destroy();
// End of everything.
exit();
?>
* The PHP syntax BELOW should be in a file named: Server.php
<?php
# Created by ccbtimewiz (ccbtimewiz@jeunosky.net)
# ====================================================== #
if (!defined('Cornet'))
die();
function clean_username($user)
{
// An array of special characters that we don't want...
$bad_characters = array_merge(range('{', '~'), range(':', '@'));
// We're cleaning the username by removing ALL special characters.
if (!empty($user))
str_replace($bad_characters, '', $user);
return $user;
}
// This is faster and more secure-- creating a file deep within root that stores all banned IPs.
$banned_ips = file_get_contents('home/user/.bannedips');
// Were we able to get the banned ips file? If not, we're killing this script.
if (empty($banned_ips))
exit();
// Creating and assigning a name to a session.
session_start();
// Grabbing the IP address using getenv(), which works similar to the super-global $_SERVER, but faster.
$user_ip = getenv('HTTP_X_FORWARDED_FOR') ? getenv('HTTP_X_FORWARDED_FOR') : getenv('REMOTE_ADDR');
// If their IP exists in the file.. that means they're banned! >:)
if (!strpos($banned_ips, $user_ip) !== false)
die("<strong>You are banned from accessing this form!</strong>");
// Server setting information...
$dbhost = 'mysql3.freehostia.com';
$dbname = 'jasjon63_acacian';
$dbuser = 'jasjon63_acacian';
$dbpass = '279656';
// ---------------------------------------------
// Connecting to the database using the server setting information.
$connection = mysql_pconnect($dbhost, $dbuser, $dbpass);
// If we weren't able to connect, stop the script and show an error.
if (!$connection)
die('Unable to query database. Error returned:/n<tt>' . mysql_error() . '</tt>');
// Selecting which database to use...
$db_selected = mysql_select_db($dbname, $connection);
// If we weren't able to select this database, stop the script and show an error.
if (!$db_selected)
die('Unable to select ' . $dbname . ' as a database user. Error returned: /n<tt>' . mysql_error() . '</tt>');
// Escaping the information that was retrivied from the login form.
$username = mysql_real_escape_string(clean_username($_REQUEST['username']));
$password = mysql_real_escape_string($_REQUEST['password']);
// We're logging them in. :)
require_once('Login.php');
?>
* The PHP syntax BELOW should be in a file named: Login.php
<?php
# Created by ccbtimewiz (ccbtimewiz@jeunosky.net)
# ====================================================== #
if (!defined('Cornet'))
die();
function Login()
{
$is_logged = false;
global $username, $password;
// Did they forget to submit their username?
if (empty($_REQUEST['username']))
die('You forgot to fill in a username.');
// Did they forget to submit their password?
if (empty($_REQUEST['passwd']))
die('You forgot to fill in a password.');
// Querying the DB with the submitted information, so we can check and/or verify. Then eventually log them in.
// !!! I added a new field to keep track of users, named 'id'
$query = "
SELECT `username`, `password`, 'id'
FROM user
WHERE `username`='" . $username . "'
";
// Storing the query into query format in $result.
$result = mysql_query($query);
// If the record was not found, then the username doesn't exist. Show an error.
if (mysql_num_rows($result) != 1)
die("The username you submitted ($username) was not valid. If this is your first visit to this website, you may need to <a href=\"../register.php\">create an account</a>.");
// Checking out the result...
while ($row = mysql_fetch_assoc($result))
{
// If their password is wrong, stop and tell them this. Else, continue with the information.
if (sha1($password) !== $row['password'])
die('The password you submitted was incorrect.');
else
$is_logged = true;
// If the user got their pass right, let's store their information into an array.
if ($is_logged)
{
$user = array(
'id' => $row['id'],
'email' => $row['email'],
'username' => $row['username'],
'password' => $row['password'],
);
// And then echo all the information for the hell of it.
echo "
Welcome, {$user['username']}. You're currently logged in.\n
Your password is {$user['password']}, and your email is {$user['email']}.\n
Your user ID is {$user['id']}.\n
";
}
}
mysql_free_result($result);
}
// Calculate the login.
login();
// Set the cookie
setcookie("LoginData", $username, time()+3600);
?>
* The (x)HTML syntax below should be in a file named: Template-Login.php
<html>
<head>
<title>Login</title>
</head>
<body>
<form name="login" method="post" action="authenticate.php">
<table width="100%" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td width="50%"><b>Login</b></td>
<td width="50%"><input name="login" type="text" class="textfield" id="login" /></td>
</tr>
<tr>
<td width="50%"><b>Password</b></td>
<td width="50%"><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<td width="50%"> </td>
<td width="50%"><input type="submit" name="Submit" value="Login" /></td>
</tr>
</table>
</form>
</body>
</html>
Topic: Need help logging in (Read 6573 times)
June 30, 2006, 10:12:50 am