First of all, thanks for the generous help you guys have given me in the past on this forum.
Second, I apologize in advance if my code is hard to read, most of it was done in a rush.
Here goes:
login.php
Code: <?php
// create anti-csrf cookie value
$hash = sha1(time().rand().strlen(rand()));
$hash = substr($hash, 0, 8);
if (isset($_COOKIE['xsrf[0]'])) {
$i = 0;
while (isset($_COOKIE['xsrf['.$i.']'])) {
$i++;
}
setcookie('xsrf['.$i.']', $hash, 0, '/citizen/', '.ch4n.net');
} else {
setcookie('xsrf[0]', $hash, 0, '/citizen/', '.ch4n.net');
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Citizen - Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="default.css">
</head>
<body>
<div class="header"><?php include("menu.html"); ?></div>
<div class="body">
<?php if (!empty($_GET['errors'])): ?>
<ul>
<li><?php print implode("</li>nt<li>", explode(';', $_GET['errors'])); ?></li>
</ul>
<?php endif; ?>
<form name="login" action="login_process.php" method="POST">
<input type="hidden" name="xsrfi" value="<?php echo $i; ?>" />
<input type="hidden" name="xsrf" value="<?php echo $hash; ?>" />
<table cellpadding="1" cellspacing="1" id="login">
<tbody>
<tr class="username">
<th>Username</th>
<td><input type="text" id="username" name="username" maxlength="20" /><br /></td>
</tr>
<tr class="password">
<th>Password</th>
<td><input type="password" id="password" name="password" maxlength="20" /></td>
</tr>
</tbody>
</table>
<input type="submit" name="submit" value="Login!" />
</form>
</div>
</body>
</html>
login_process.php
Code: <?php
if ($_COOKIE['xsrf['.$_POST['xsrfi'].']'] !== $_POST['xsrf'] || !isset($_COOKIE['xsrf['.$_POST['xsrfi'].']'])):
$errors = "It appears you have been a victim of a browser attack! Please run a virus scan before continuing online activities.;".$_COOKIE['xsrf['.$_POST['xsrfi'].']'].";".$_POST['xsrfi'].";".$_POST['xsrf'];
setcookie('xsrf['.$_POST['xsrfi'].']', sha1($hash), time()-1, '/citizen/', '.ch4n.net');
header("Location: login.php?errors=$errors");
endif;
setcookie('xsrf', sha1($hash), time()-1, '/citizen/', '.ch4n.net');
require('authent.php');
$user = mysql_escape_string(htmlentities($_POST['username']));
$pass = mysql_escape_string(htmlentities($_POST['password']));
$passwordhash = hashPassword($pass);
if(table_exists("user_".$user, 's2zsl9rx_citizen')):
// Make a MySQL Connection
require('c2db.php');
mysql_select_db("s2zsl9rx_citizen") or die(mysql_error());
$result = mysql_query("SELECT * FROM user_$user WHERE type='001'")
or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['val'] == $passwordhash):
$value = $user.','.$row['val'].','.hashPassword(getip());
setcookie('citizeninfo', $value, time()+3600, '/citizen/', 'ch4n.net');
mysql_close();
header("Location: game.php");
else:
$errors = 'Username and/or password are incorrect'.$row['val'];
mysql_close();
header("Location: login.php?errors=$errors");
endif;
else:
$errors = 'Username and/or password are incorrect';
header("Location: login.php?errors=$errors");
endif;
?>
Any help at all would be very much appreciated
Update not working ... please help
Hi,I am trying to update a row using an edit form by passing id of the row .. but it is not working .. can anybody find what went wrong ........Code: [Select]echo '<a
disable all input buttons
Hello Friends,suppose i do have a file ( file.php ) has a submit buttonCode: [Select]<input type=submit name=add value=go> is there any way so i can make the button shown but in same
Simple Variable Question
Hi everyone.... again,I am really getting into php still. Learning more every day. I love it.But I have run into a problem I cannot solve.From what I understand, you can only "echo
type check while uploading
Hi Everyone,How can I check the exact type of a file while uploading on my site?Here is the scenario:I have allowed only .jpg, .gif, .png files to be uploaded on my site. Suppose an user renames his
Stumped by Third Day of Month problem
I am trying to build an algorithm that will essentially do this: Code: [Select]$this_month = October$third_sunday = CalculateThirdSunday(October)if ( ( TodaysDate before $third_sunday ) | ( TodaysDate
building a function with multiple outputs
I want to build a function that has multiple outputs.I know but am not to sure how I should go about that, the only thing I know won't work is return a;return b;return c; that will return one result
Join Query Help
Hi all,I am having problems with the below code, which we shall call 'my first join query'! Suprise suprise its not working and I am getting an error I have not seen before:QuoteParse error: parse
Undefined variable: adHTML
Hello:While checking my site error logs, I've noticed one repetitive error that fills the log file. The error is "PHP Notice: Undefined variable: adHTML in /.../bot_jrheader.php on line
Session login issue
I'm wondering how to fix a problem I'm having with a session-based login systemSay I go to http://www.website.comThe page that processes the login then returns the now-logged-in user to
generate seo frienly url from a text like wordpress
Convert: "åäö" to "aao", "space" to "-", "!?" to "nothing", and all to lower case.function MakeSeo($string){ ???}i want a php
