First of all, thanks for the generous help you guys have given me in the past on this forum.
Second, I apologize in advance if my code is hard to read, most of it was done in a rush.
Here goes:
login.php
Code: <?php
// create anti-csrf cookie value
$hash = sha1(time().rand().strlen(rand()));
$hash = substr($hash, 0, 8);
if (isset($_COOKIE['xsrf[0]'])) {
$i = 0;
while (isset($_COOKIE['xsrf['.$i.']'])) {
$i++;
}
setcookie('xsrf['.$i.']', $hash, 0, '/citizen/', '.ch4n.net');
} else {
setcookie('xsrf[0]', $hash, 0, '/citizen/', '.ch4n.net');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Citizen - Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="default.css">
</head>
<body>
<div class="header"><?php include("menu.html"); ?></div>
<div class="body">
<?php if (!empty($_GET['errors'])): ?>
<ul>
<li><?php print implode("</li>nt<li>", explode(';', $_GET['errors'])); ?></li>
</ul>
<?php endif; ?>
<form name="login" action="login_process.php" method="POST">
<input type="hidden" name="xsrfi" value="<?php echo $i; ?>" />
<input type="hidden" name="xsrf" value="<?php echo $hash; ?>" />
<table cellpadding="1" cellspacing="1" id="login">
<tbody>
<tr class="username">
<th>Username</th>
<td><input type="text" id="username" name="username" maxlength="20" /><br /></td>
</tr>
<tr class="password">
<th>Password</th>
<td><input type="password" id="password" name="password" maxlength="20" /></td>
</tr>
</tbody>
</table>
<input type="submit" name="submit" value="Login!" />
</form>
</div>
</body>
</html>
login_process.php
Code: <?php
if ($_COOKIE['xsrf['.$_POST['xsrfi'].']'] !== $_POST['xsrf'] || !isset($_COOKIE['xsrf['.$_POST['xsrfi'].']'])):
$errors = "It appears you have been a victim of a browser attack! Please run a virus scan before continuing online activities.;".$_COOKIE['xsrf['.$_POST['xsrfi'].']'].";".$_POST['xsrfi'].";".$_POST['xsrf'];
setcookie('xsrf['.$_POST['xsrfi'].']', sha1($hash), time()-1, '/citizen/', '.ch4n.net');
header("Location: login.php?errors=$errors");
endif;
setcookie('xsrf', sha1($hash), time()-1, '/citizen/', '.ch4n.net');
require('authent.php');
$user = mysql_escape_string(htmlentities($_POST['username']));
$pass = mysql_escape_string(htmlentities($_POST['password']));
$passwordhash = hashPassword($pass);
if(table_exists("user_".$user, 's2zsl9rx_citizen')):
// Make a MySQL Connection
require('c2db.php');
mysql_select_db("s2zsl9rx_citizen") or die(mysql_error());
$result = mysql_query("SELECT * FROM user_$user WHERE type='001'")
or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['val'] == $passwordhash):
$value = $user.','.$row['val'].','.hashPassword(getip());
setcookie('citizeninfo', $value, time()+3600, '/citizen/', 'ch4n.net');
mysql_close();
header("Location: game.php");
else:
$errors = 'Username and/or password are incorrect'.$row['val'];
mysql_close();
header("Location: login.php?errors=$errors");
endif;
else:
$errors = 'Username and/or password are incorrect';
header("Location: login.php?errors=$errors");
endif;
?>
Any help at all would be very much appreciated
Saving PHP output as a file
I wondered if anyone knows how to save the rendered output of a PHP script as a file?I have a script that creates dynamic PDF documents, but want to save it as a file, rather than render it to the
get url?
how do i get the url of the page i'm currently on, on my website.. i think its get header.. how do i do that?
FROM_UNIXTIME($phpdate);
Hello, I tried to use this : $date = FROM_UNIXTIME($phpdate); ANd I was told that FROM_UNIXTIME() is an 'unidentified function'. Any ideas why this might be? I've used it before with no problems.
add 20 000 to the rowcnt
Hi ... I need to add 20 000 to the row count but just cant find a way to do this i am new to php coding so please can u help me,the reason i need this is so i can clear the mysql database after it
quotes changing
hi allin my contentopening quotes " changes to “close quotes " changes to �what should i use.example :Code: sams’s “whip lashâ€
AutoChoosing a CSS file based on URL
Hey everyone,I have a site that has multiple URLs and CSS files.Based on the URL that the user goes to I want that CSS file to load.This is what I have thus far in the <head> of my
Facebook status update API
Hello,So, I'm trying to create my first Facebook application with PHP.Basic ideas for my application:My website includes feature called “tip of the week" and i would like to create a code
Custom list order
Hi there,I have checked this tutorial and it's great till the point where I want to display my data by a variable. Let's say that I have in my table these fields:- id- name- usort- categoryI want to
Problem with HTML form
Hello,I made a HTML form with some fields and check box.Everything works fine except when i receive the email, only fields appear in the email not the content of the check box.I have attached the
displaying email without attracting a ton of spam
Hello,this is maybe the wrong place to ask.How would you display an email address on a website without attraciting all the spammers of the world to fill your mailbox ?does anybody use something
