First of all, thanks for the generous help you guys have given me in the past on this forum.
Second, I apologize in advance if my code is hard to read, most of it was done in a rush.
Here goes:
login.php
Code: <?php
// create anti-csrf cookie value
$hash = sha1(time().rand().strlen(rand()));
$hash = substr($hash, 0, 8);
if (isset($_COOKIE['xsrf[0]'])) {
$i = 0;
while (isset($_COOKIE['xsrf['.$i.']'])) {
$i++;
}
setcookie('xsrf['.$i.']', $hash, 0, '/citizen/', '.ch4n.net');
} else {
setcookie('xsrf[0]', $hash, 0, '/citizen/', '.ch4n.net');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Citizen - Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="default.css">
</head>
<body>
<div class="header"><?php include("menu.html"); ?></div>
<div class="body">
<?php if (!empty($_GET['errors'])): ?>
<ul>
<li><?php print implode("</li>nt<li>", explode(';', $_GET['errors'])); ?></li>
</ul>
<?php endif; ?>
<form name="login" action="login_process.php" method="POST">
<input type="hidden" name="xsrfi" value="<?php echo $i; ?>" />
<input type="hidden" name="xsrf" value="<?php echo $hash; ?>" />
<table cellpadding="1" cellspacing="1" id="login">
<tbody>
<tr class="username">
<th>Username</th>
<td><input type="text" id="username" name="username" maxlength="20" /><br /></td>
</tr>
<tr class="password">
<th>Password</th>
<td><input type="password" id="password" name="password" maxlength="20" /></td>
</tr>
</tbody>
</table>
<input type="submit" name="submit" value="Login!" />
</form>
</div>
</body>
</html>
login_process.php
Code: <?php
if ($_COOKIE['xsrf['.$_POST['xsrfi'].']'] !== $_POST['xsrf'] || !isset($_COOKIE['xsrf['.$_POST['xsrfi'].']'])):
$errors = "It appears you have been a victim of a browser attack! Please run a virus scan before continuing online activities.;".$_COOKIE['xsrf['.$_POST['xsrfi'].']'].";".$_POST['xsrfi'].";".$_POST['xsrf'];
setcookie('xsrf['.$_POST['xsrfi'].']', sha1($hash), time()-1, '/citizen/', '.ch4n.net');
header("Location: login.php?errors=$errors");
endif;
setcookie('xsrf', sha1($hash), time()-1, '/citizen/', '.ch4n.net');
require('authent.php');
$user = mysql_escape_string(htmlentities($_POST['username']));
$pass = mysql_escape_string(htmlentities($_POST['password']));
$passwordhash = hashPassword($pass);
if(table_exists("user_".$user, 's2zsl9rx_citizen')):
// Make a MySQL Connection
require('c2db.php');
mysql_select_db("s2zsl9rx_citizen") or die(mysql_error());
$result = mysql_query("SELECT * FROM user_$user WHERE type='001'")
or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['val'] == $passwordhash):
$value = $user.','.$row['val'].','.hashPassword(getip());
setcookie('citizeninfo', $value, time()+3600, '/citizen/', 'ch4n.net');
mysql_close();
header("Location: game.php");
else:
$errors = 'Username and/or password are incorrect'.$row['val'];
mysql_close();
header("Location: login.php?errors=$errors");
endif;
else:
$errors = 'Username and/or password are incorrect';
header("Location: login.php?errors=$errors");
endif;
?>
Any help at all would be very much appreciated
php and downloading
I want to use a php script to create two files. Then I want it to redirect (or whatever) to have those files download together. Can I have it download a folder? Or maybe have it create a zip/rar file
All possible combinations of Strings from table in PL/SQL
Hi,
Socket programming
Hello all,I have a PHP socket script. GPS trackers connect to this socket. IMEI verification takes place and if that is ok, the code is passed to a database. Also if the code contains alert-info, SMS
get url?
how do i get the url of the page i'm currently on, on my website.. i think its get header.. how do i do that?
How can i use [] tags instead of <> tags for profiles??
On my site im making ive made it so u can register, login and u have a profile which u can update..http://90.202.46.253thats the site, if u go on there, regsiter and login u will see that u can then
problem with array - multilingual page
this is my test page :Code: <?php if(isset($_GET['lang'])) { if($_GET['lang'] == "en") { require_once("languages/lang-en.php"); }
Is there a quick way to do this?
Hi all,I need to create a mysql table from php that goes a little something like thisid, name, total, place1today, place1yersterdayhowever place1today and yersterday need to goto place2, place3 upto
How to assign JS screen.width to ASP.Net variable
I've got this ASP.net routine that gets the cookie value of the screen width, but now I need to change it so that it gets the width using Javascript, in case the users don't have cookies enabled.
Looking for help on using joining mysql tables and php....
Does anyone have any good links to references on how to pull mysql data, through joining tables and how one can use php to handle the results? I need some solid clear examples to get me going in the
Help on Order Entry Form/System Where is best to begin.
I have a dilema and a very short amount of time at this point and I'm looking for some help on deciding where would be best to begin or which is the best way to approach the problem.The company I work
