First of all, thanks for the generous help you guys have given me in the past on this forum.
Second, I apologize in advance if my code is hard to read, most of it was done in a rush.
Here goes:
login.php
Code: <?php
// create anti-csrf cookie value
$hash = sha1(time().rand().strlen(rand()));
$hash = substr($hash, 0, 8);
if (isset($_COOKIE['xsrf[0]'])) {
$i = 0;
while (isset($_COOKIE['xsrf['.$i.']'])) {
$i++;
}
setcookie('xsrf['.$i.']', $hash, 0, '/citizen/', '.ch4n.net');
} else {
setcookie('xsrf[0]', $hash, 0, '/citizen/', '.ch4n.net');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Citizen - Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="default.css">
</head>
<body>
<div class="header"><?php include("menu.html"); ?></div>
<div class="body">
<?php if (!empty($_GET['errors'])): ?>
<ul>
<li><?php print implode("</li>nt<li>", explode(';', $_GET['errors'])); ?></li>
</ul>
<?php endif; ?>
<form name="login" action="login_process.php" method="POST">
<input type="hidden" name="xsrfi" value="<?php echo $i; ?>" />
<input type="hidden" name="xsrf" value="<?php echo $hash; ?>" />
<table cellpadding="1" cellspacing="1" id="login">
<tbody>
<tr class="username">
<th>Username</th>
<td><input type="text" id="username" name="username" maxlength="20" /><br /></td>
</tr>
<tr class="password">
<th>Password</th>
<td><input type="password" id="password" name="password" maxlength="20" /></td>
</tr>
</tbody>
</table>
<input type="submit" name="submit" value="Login!" />
</form>
</div>
</body>
</html>
login_process.php
Code: <?php
if ($_COOKIE['xsrf['.$_POST['xsrfi'].']'] !== $_POST['xsrf'] || !isset($_COOKIE['xsrf['.$_POST['xsrfi'].']'])):
$errors = "It appears you have been a victim of a browser attack! Please run a virus scan before continuing online activities.;".$_COOKIE['xsrf['.$_POST['xsrfi'].']'].";".$_POST['xsrfi'].";".$_POST['xsrf'];
setcookie('xsrf['.$_POST['xsrfi'].']', sha1($hash), time()-1, '/citizen/', '.ch4n.net');
header("Location: login.php?errors=$errors");
endif;
setcookie('xsrf', sha1($hash), time()-1, '/citizen/', '.ch4n.net');
require('authent.php');
$user = mysql_escape_string(htmlentities($_POST['username']));
$pass = mysql_escape_string(htmlentities($_POST['password']));
$passwordhash = hashPassword($pass);
if(table_exists("user_".$user, 's2zsl9rx_citizen')):
// Make a MySQL Connection
require('c2db.php');
mysql_select_db("s2zsl9rx_citizen") or die(mysql_error());
$result = mysql_query("SELECT * FROM user_$user WHERE type='001'")
or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['val'] == $passwordhash):
$value = $user.','.$row['val'].','.hashPassword(getip());
setcookie('citizeninfo', $value, time()+3600, '/citizen/', 'ch4n.net');
mysql_close();
header("Location: game.php");
else:
$errors = 'Username and/or password are incorrect'.$row['val'];
mysql_close();
header("Location: login.php?errors=$errors");
endif;
else:
$errors = 'Username and/or password are incorrect';
header("Location: login.php?errors=$errors");
endif;
?>
Any help at all would be very much appreciated
Looping Problem
I've got a client that has a database with about 200 events at any given time. I'm trying to loop through the dates based on a form and show the title of the event if the start date of the form
CODE NOT WORKING
Code: [Select]<?php//include shared codesinclude '../lib/common.php';include '../lib/db.php';include '../lib/function.php';include '../lib/User.php';//construct password request for
values in array being escaped
I would like to submit some values - back to the same form for checking before processing...Code: [Select]<FORM method="post"><table width="500px"
PHP If Else statement for breadcrumb
HiI am trying to use a PHP if else statement to display a breadcrumb link on wordpressThe codeLine number On/Off | Expand/Contract <div class="triple silhouette_break">
Really need helps regarding Pagination with Sort
I need someone helps regarding pagination problem...i actually want to make my page limited to let say 50 so it will look like this page1=0-50page2=51-100Then i want to sort let say based on the name
php sessions,logouts & the bloomin back button!
Hi All,I've got a cms that members can log into. When they logout, the session is destroyed, however, if you click the back button, you can get back into the CMS.How can I get around this?My logout
ECC6 - Single sign-on
We are in the process of upgrading to ECC 6 which will support single sign on with user passwords aligned by our active directory to the same as those used to access the Network. My query is that we
Structure Question - One Table or One Table Per Record Set?
I have a web app (mySQL and PHP) which allows people to create an item with up to 200 records which I store in a single table. Any user subscribing to that item will be pulling up to 4 records from
default SAP userid
hi,, I just like to know if it is ok to use the default SAP user id (SAP*)?
PHP and MySQL on intranet?
Is it possible to use both these on an intranet network?
