Mercurial > boosterpack
diff logintets/login.phps @ 0:477258d09353 boosterpack
[svn r1] initial import
author | robert |
---|---|
date | Sun, 30 Aug 2009 02:19:26 -0400 |
parents | |
children |
line wrap: on
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/logintets/login.phps Sun Aug 30 02:19:26 2009 -0400 1.3 @@ -0,0 +1,4 @@ 1.4 +<code><font color="#000000"> 1.5 +<font color="#0000BB"><?php 1.6 </font><font color="#FF8000">/*********************** 1.7 Makes use of two MySQL tables. 1.8 1.9 users: 1.10 CREATE TABLE `users` ( 1.11 `id` int(11) NOT NULL auto_increment, 1.12 `username` varchar(20) default NULL, 1.13 `password` varchar(40) default NULL, 1.14 `fullname` varchar(30) default NULL, 1.15 PRIMARY KEY (`id`) 1.16 ) TYPE=MyISAM 1.17 1.18 seeds: 1.19 CREATE TABLE `seeds` ( 1.20 `id` int(11) NOT NULL auto_increment, 1.21 `seed` timestamp(14) NOT NULL, 1.22 PRIMARY KEY (`id`) 1.23 ) TYPE=MyISAM 1.24 1.25 */ 1.26 1.27 // connect to mysql 1.28 </font><font color="#0000BB">$mysql </font><font color="#007700">= </font><font color="#0000BB">mysql_connect</font><font color="#007700">(</font><font color="#DD0000">'localhost'</font><font color="#007700">,</font><font color="#DD0000">'###USERNAME###'</font><font color="#007700">,</font><font color="#DD0000">'###PASSWORD###'</font><font color="#007700">); 1.29 1.30 </font><font color="#FF8000">// fail on database errors 1.31 </font><font color="#007700">if (!</font><font color="#0000BB">$mysql</font><font color="#007700">) { 1.32 die(</font><font color="#DD0000">'false|Could not connect to MySQL'</font><font color="#007700">); 1.33 } 1.34 1.35 </font><font color="#FF8000">// connect to the database 1.36 </font><font color="#0000BB">mysql_select_db</font><font color="#007700">(</font><font color="#DD0000">'jamesdam_ajaxlogin'</font><font color="#007700">, </font><font color="#0000BB">$mysql</font><font color="#007700">); 1.37 1.38 </font><font color="#FF8000">// one task of the server is to provide random values to hash with 1.39 </font><font color="#007700">if (</font><font color="#0000BB">$_GET</font><font color="#007700">[</font><font color="#DD0000">'task'</font><font color="#007700">]==</font><font color="#DD0000">'getseed'</font><font color="#007700">) 1.40 { 1.41 </font><font color="#0000BB">mysql_query</font><font color="#007700">(</font><font color="#DD0000">'INSERT INTO seeds VALUES()'</font><font color="#007700">); </font><font color="#FF8000">// insert a new row with default values 1.42 1.43 // get the values from the row back 1.44 </font><font color="#0000BB">$result </font><font color="#007700">= </font><font color="#0000BB">mysql_query</font><font color="#007700">(</font><font color="#DD0000">'SELECT id, seed FROM seeds ORDER BY id DESC LIMIT 1'</font><font color="#007700">); 1.45 1.46 if (!</font><font color="#0000BB">$result</font><font color="#007700">) { </font><font color="#FF8000">// fail on error 1.47 </font><font color="#007700">die(</font><font color="#DD0000">'false|'</font><font color="#007700">.</font><font color="#0000BB">mysql_error</font><font color="#007700">()); 1.48 } 1.49 1.50 </font><font color="#0000BB">$row </font><font color="#007700">= </font><font color="#0000BB">mysql_fetch_assoc</font><font color="#007700">(</font><font color="#0000BB">$result</font><font color="#007700">); </font><font color="#FF8000">// only one row so take the first row 1.51 </font><font color="#007700">echo(</font><font color="#0000BB">$row</font><font color="#007700">[</font><font color="#DD0000">'id'</font><font color="#007700">].</font><font color="#DD0000">'|'</font><font color="#007700">.</font><font color="#0000BB">$row</font><font color="#007700">[</font><font color="#DD0000">'seed'</font><font color="#007700">]); </font><font color="#FF8000">// write back the data in form id|random_value 1.52 </font><font color="#007700">} 1.53 1.54 </font><font color="#FF8000">// the other task of the server is to check a username/password combination 1.55 1.56 </font><font color="#007700">else if (</font><font color="#0000BB">$_GET</font><font color="#007700">[</font><font color="#DD0000">'task'</font><font color="#007700">]==</font><font color="#DD0000">'checklogin'</font><font color="#007700">) { 1.57 </font><font color="#FF8000">// formulate query for username 1.58 </font><font color="#0000BB">$sql </font><font color="#007700">= </font><font color="#DD0000">'SELECT * FROM users WHERE username = \'' </font><font color="#007700">. </font><font color="#0000BB">mysql_real_escape_string</font><font color="#007700">(</font><font color="#0000BB">$_GET</font><font color="#007700">[</font><font color="#DD0000">'username'</font><font color="#007700">]) . </font><font color="#DD0000">'\''</font><font color="#007700">; 1.59 </font><font color="#0000BB">$result </font><font color="#007700">= </font><font color="#0000BB">mysql_query</font><font color="#007700">(</font><font color="#0000BB">$sql</font><font color="#007700">); 1.60 1.61 </font><font color="#FF8000">// fail on sql failure 1.62 </font><font color="#007700">if (!</font><font color="#0000BB">$result</font><font color="#007700">) { 1.63 die(</font><font color="#DD0000">'false|Could not connect to login database. Please try again'</font><font color="#007700">); 1.64 } 1.65 1.66 </font><font color="#FF8000">// get the first user with username in the table (should only be one) 1.67 </font><font color="#0000BB">$user_row </font><font color="#007700">= </font><font color="#0000BB">mysql_fetch_assoc</font><font color="#007700">(</font><font color="#0000BB">$result</font><font color="#007700">); 1.68 1.69 </font><font color="#FF8000">// if there isn't one 1.70 </font><font color="#007700">if (!</font><font color="#0000BB">$user_row</font><font color="#007700">) 1.71 { 1.72 </font><font color="#FF8000">// then the username doesn't exist, but don't let the user know that this is the problem 1.73 // rather inform them more vaguely that the combination is incorrect; prevents someone from 1.74 // fishing for valid usernames 1.75 </font><font color="#007700">die(</font><font color="#DD0000">'false|Invalid username and password combination.'</font><font color="#007700">); 1.76 } 1.77 1.78 </font><font color="#FF8000">// formulate query for random timestamp for given id 1.79 </font><font color="#0000BB">$sql </font><font color="#007700">= </font><font color="#DD0000">'SELECT * FROM seeds WHERE id=' </font><font color="#007700">. (int)</font><font color="#0000BB">$_GET</font><font color="#007700">[</font><font color="#DD0000">'id'</font><font color="#007700">]; 1.80 </font><font color="#0000BB">$result </font><font color="#007700">= </font><font color="#0000BB">mysql_query</font><font color="#007700">(</font><font color="#0000BB">$sql</font><font color="#007700">); 1.81 1.82 </font><font color="#FF8000">// die if no value for given id 1.83 </font><font color="#007700">if (!</font><font color="#0000BB">$result</font><font color="#007700">) { 1.84 die(</font><font color="#DD0000">'false|Unknown error (hacking attempt).'</font><font color="#007700">); 1.85 } 1.86 1.87 </font><font color="#FF8000">// get the first (only) seed 1.88 </font><font color="#0000BB">$seed_row </font><font color="#007700">= </font><font color="#0000BB">mysql_fetch_assoc</font><font color="#007700">(</font><font color="#0000BB">$result</font><font color="#007700">); 1.89 1.90 </font><font color="#FF8000">// fail if no row 1.91 </font><font color="#007700">if (!</font><font color="#0000BB">$seed_row</font><font color="#007700">) { 1.92 die(</font><font color="#DD0000">'false|Unknown error (hacking attempt).'</font><font color="#007700">); 1.93 } 1.94 1.95 </font><font color="#FF8000">// if the md5 hashes are equal to those generated by the clientside js 1.96 </font><font color="#007700">if (</font><font color="#0000BB">md5</font><font color="#007700">(</font><font color="#0000BB">$user_row</font><font color="#007700">[</font><font color="#DD0000">'password'</font><font color="#007700">] . </font><font color="#0000BB">$seed_row</font><font color="#007700">[</font><font color="#DD0000">'seed'</font><font color="#007700">]) == </font><font color="#0000BB">$_GET</font><font color="#007700">[</font><font color="#DD0000">'hash'</font><font color="#007700">]) { 1.97 </font><font color="#FF8000">// logged in 1.98 </font><font color="#007700">echo(</font><font color="#DD0000">'true|' </font><font color="#007700">. </font><font color="#0000BB">$user_row</font><font color="#007700">[</font><font color="#DD0000">'fullname'</font><font color="#007700">]); 1.99 1.100 </font><font color="#FF8000">// now remove the random key that was made for this request 1.101 </font><font color="#0000BB">mysql_query</font><font color="#007700">(</font><font color="#DD0000">'DELETE FROM s WHERE id=' </font><font color="#007700">. (int)</font><font color="#0000BB">$_GET</font><font color="#007700">[</font><font color="#DD0000">'id'</font><font color="#007700">]); 1.102 } 1.103 else 1.104 { 1.105 </font><font color="#FF8000">// not logged in.. incorrect password 1.106 </font><font color="#007700">die(</font><font color="#DD0000">'false|Invalid username and password combination.'</font><font color="#007700">); 1.107 } 1.108 } 1.109 </font><font color="#0000BB">?></font> 1.110 +</font> 1.111 +</code> 1.112 \ No newline at end of file