Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $dbConn = mysql_connect('localhost', '****', '****')
- or die(print_r(mysql_error()));
- mysql_select_db('base_logger') or die(print_r(mysql_error()));
- $username = $_POST['user'];
- $password = $_POST['pass'];
- $name = $_POST['name'];
- $id = $_POST['id'];
- signIn($username, $password, $name, $dbConn, $id);
- function signIn($username, $password, $name, $dbConn, $id) {
- $username = htmlspecialchars($username);
- $password = htmlspecialchars($password);
- $salt = '';
- $query = "select salt from users where username = '".dbEsc($username). "';";
- $result = mysql_query($query);
- $row = mysql_fetch_array($result, MYSQL_ASSOC);
- $salt = $row['salt'];
- $hash = sha1($salt.$password);
- $query2 = "select user_id from users where username = '" . dbEsc($username) . "' AND password = '" . $hash . "';";
- $result2 = mysql_query($query2);
- $row2 = mysql_fetch_array($result2, MYSQL_ASSOC);
- if ($row2['user_id'] != '') {
- createToken($dbConn, $row2['user_id'], $name, $id, $username);
- } else {
- echo 'error';
- }
- }
- function createToken($dbConn, $user_id, $name, $id, $username) {
- $token = rand().rand().rand().rand();
- $query = "INSERT INTO tokens (token, user_id, computer_name, computer_id) VALUES ('".$token."', '".dbEsc($user_id)."', '".dbEsc($name)."', '".dbEsc($id)."')";
- $result = mysql_query($query);
- if ($result) {
- echo $token;
- } else {
- echo 'error';
- }
- }
- function dbEsc($theString) {
- $theString = mysql_real_escape_string($theString);
- return $theString;
- }
- function dbError(&$xmlDoc, &$xmlNode, $theMessage) {
- $errorNode = $xmlDoc->createElement('mysqlError', $theMessage);
- $xmlNode->appendChild($errorNode);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
