From beb9cdd9ec92d82e46153619e98f5abc4f9543ce Mon Sep 17 00:00:00 2001 From: pikami Date: Sun, 12 Jun 2016 09:57:55 +0000 Subject: [PATCH] Added users system! (They can login and logout) --- includes/user.php | 33 ++++++++++++++++++++++++++++ index.php | 51 +++++++++++++++++++++++++++++++++++++++++-- login.php | 55 +++++++++++++++++++++++++++++++++++++++++++++++ post.php | 2 +- 4 files changed, 138 insertions(+), 3 deletions(-) create mode 100644 includes/user.php create mode 100644 login.php diff --git a/includes/user.php b/includes/user.php new file mode 100644 index 0000000..286fa4c --- /dev/null +++ b/includes/user.php @@ -0,0 +1,33 @@ +prepare("SELECT uid FROM sessions WHERE id=:sid AND skey=:skey"); + $stmt->bindParam(':skey', $skey); + $stmt->bindParam(':sid', $sid); + $stmt->execute(); + if($result = $stmt->fetch()){ + $conn = null; + return $result[0]; + } else { + $conn = null; + return -1; + } +} +function LogOutUserBySession($sid,$skey){ + include "config/config.php"; + $stmt = $conn->prepare("DELETE FROM sessions WHERE id=:sid AND skey=:skey"); + $stmt->bindParam(':skey', $skey); + $stmt->bindParam(':sid', $sid); + $stmt->execute(); + $conn = null; +} +function UnsetBrowserCookies(){ + //These cookies expired an hour ago! What are you doind browser? :D + setcookie("pp_sid", '', time() - 3600); + setcookie("pp_skey", '', time() - 3600); +} +function GetUsernameByID(){ + //Placeholder +} +?> \ No newline at end of file diff --git a/index.php b/index.php index cd93dfd..a34725e 100644 --- a/index.php +++ b/index.php @@ -21,16 +21,63 @@
  • Page 2
  • + + prepare('SELECT * FROM users WHERE user=?'); + $stmt->execute(array($user)); + if($result = $stmt->fetch(PDO::FETCH_ASSOC)){ + if (password_verify($pwd, $result["password"])){ //$hash = password_hash($pwd ,CRYPT_BLOWFISH); + $skey = generate_skey(); + $stmt = $conn->prepare("INSERT INTO sessions (skey, uid) + VALUES (:skey, :uid)"); + $stmt->bindParam(':skey', $skey); + $stmt->bindParam(':uid', $result["id"]); + $stmt->execute(); + $sid = $conn->lastInsertId(); + $conn = null; + if($remember == 1){ + setcookie("pp_sid", $sid, time()+63072000); //Dies in 2 years + setcookie("pp_skey", $skey, time()+63072000); //Dies in 2 years + } else { + setcookie("pp_sid", $sid); //Dies when browser closes + setcookie("pp_skey", $skey); //Dies when browser closes + } + header("Location: index.php"); + die(); + } + else echo "No!"; //TODO: Wrong password + } else echo "Fail!"; //TODO: No user or SQL fail. + $conn = null; + } +} +?> \ No newline at end of file diff --git a/post.php b/post.php index ace2446..f760650 100644 --- a/post.php +++ b/post.php @@ -12,7 +12,7 @@ function generate_uid () { $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $name = ''; for ($i = 0; $i < 8; $i++) { - $name .= $chars[mt_rand(0, 25)]; + $name .= $chars[mt_rand(0, 61)]; // $chars string length is hardcoded, should use a variable to store it? } // Check if a paste with the same uid does already exist in the database