[PHP] Login / Register

Anomaly

Junior
31 December 2016
19
0
23
Denmark

Reputation:

Form:
Code:
<form action="login/register.php" method="post">
			<div>
				<div>
					<label for="navn">First Name<span>*</span></label>
					<input type="text" name="navn" required>
					<label for="efternavn">Last Name<span>*</span></label>
					<input type="text" name="efternavn" required>
					<label for="username">Username<span>*</span></label>
					<input type="text" name="username" required>
					<label for="email">Email<span>*</span></label>
					<input type="email" name="email" required>
					<?php if(isset($_GET['age']))
					{
						?>
					<font color="red">You're not old enough to register. (13+)</font>
					<?php
					}
					?>
					<label for="alder">Age<span>*</span></label>
					<input type="date" name="alder" required>
					<div class="choose-gender">
						<label for="gender">Gender<span>*</span></label>
						<div>
							<div>
								<input type="radio" name="gender" value="male" checked ?required>
								<p>Male</p>
							</div>
							<div>
								<input type="radio" name="gender" value="female" required>
								<p>Female</p>
							</div>
						</div>
					</div>
				</div>
				<div>
					<label fore="password">Password<span>*</span></label>
					<input type="password" name="password" required>
					<label for="verify-pw">Verify Password<span>*</span></label>
					<input type="password" name="verify-pw" required>
					<label for="telefon">Phone Number<span>*</span></label>
					<input type="number" name="telefon" required>
					<label for="adresse">Address<span>*</span></label>
					<input type="text" name="adresse" required>
					<label for="by">City<span>*</span></label>
					<input type="text" name="by" required>
					<label for="postnr">Zip Code<span>*</span></label>
					<input type="number" name="postnr" required>
					<label for="fb_link">Facebook Profile Link<span>*</span></label>
					<input type="url" name="fb_link" required>
					<label for="img">Facebook Profile Picture<span>*</span></label>
					<input type="url" name="img" required>
					<label for="steam_link">Steam Profile Link<span>*</span></label>
					<input type="url" name="steam_link" required>
				</div>
			</div>
			<div class="submit">
				<p>By submitting you agree to our <a href="../terms.txt">Terms of Service</a></p>
				<input type="submit" value="Submit">
			</div>
		</form>
register.php:
Code:
<?php
if($_POST['alder']>date('Y') - 13 . '-' . date('m') . '-' . date('d'))
{
	header("Location: ../register.php?age");
}
session_start();

include("../login/db.php");
$host="localhost"; 
$username="root";
$password="";
$db_name="yourdb";

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM people WHERE username='$_POST[username]'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("Location: ../register.php?fejl1");
die();
}
$sql="SELECT * FROM people WHERE email='$_POST[email]'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("Location: ../register.php?fejl2");
die();
}
if(isset($_POST['username']))
{
	$navn=$_POST['navn'];
	$navn = stripslashes($navn);
	$navn = mysql_real_escape_string($navn);
	$fb_link=$_POST['fb_link'];
	$fb_link = stripslashes($fb_link);
	$fb_link = mysql_real_escape_string($fb_link);
	$steam_link=$_POST['steam_link'];
	$steam_link = stripslashes($steam_link);
	$steam_link = mysql_real_escape_string($steam_link);
	$img=$_POST['img'];
	$img = stripslashes($img);
	$img = mysql_real_escape_string($img);
	$email=$_POST['email'];
	$email = stripslashes($email);
	$email = mysql_real_escape_string($email);
	$username=$_POST['username'];
	$username = stripslashes($username);
	$username = mysql_real_escape_string($username);
	$password=$_POST['password'];
	$password = stripslashes($password);
	$password = mysql_real_escape_string($password);
	$efternavn=$_POST['efternavn'];
	$efternavn = stripslashes($efternavn);
	$efternavn = mysql_real_escape_string($efternavn);
	$adresse=$_POST['adresse'];
	$adresse = stripslashes($adresse);
	$adresse = mysql_real_escape_string($adresse);
	$postnr=$_POST['postnr'];
	$postnr = stripslashes($postnr);
	$postnr = mysql_real_escape_string($postnr);
	$by=$_POST['by'];
	$by = stripslashes($by);
	$by = mysql_real_escape_string($by);
	$ip=$_POST['ip'];
	$ip = stripslashes($ip);
	$ip = mysql_real_escape_string($ip);
	$alder=$_POST['alder'];
	$alder = stripslashes($alder);
	$alder = mysql_real_escape_string($alder);
	$telefon=$_POST['telefon'];
	$telefon = stripslashes($telefon);
	$telefon = mysql_real_escape_string($telefon);
$verifycode = sha1(rand(1,50000));
$password=sha1($username . ":" . $password);
$sql2="INSERT INTO `people` (`navn`,`fb_link`,`steam_link`,`status`,`img`,`premium`,`admin`,`email`,`username`,`password`,`efternavn`,`adresse`,`postnr`,`by`,`ip-adresse`,`ny`,`alder`,`email_verified`,`verify_code`,`telefon`,`trusted`,`untrusted`,`gender`,`double`,`rep`)
VALUES ('$navn','$fb_link','$steam_link','Ukendt','$img','FALSE','FALSE','$email','$username','$password','$efternavn','$adresse','$postnr','$by','$ip','TRUE','$alder','FALSE','$verifycode','$telefon','0','0','$_POST[gender]','0','0');";

mysql_query($sql2);
header("Location: ../register_success.php");
}
mysql_close();
?>
register_success.php

Code:
<?php
session_start();
if(isset($_SESSION['username']))
{
	header("Location: ../");
}
?>
<html>
	<head>
		<title>
		</title>
		<link rel="stylesheet" type="text/css" href="../main.css" />
	</head>
	<body>
		<div class="navigation">
			<div class="navigation_links">
			</div>
	</div>
	<h1 style="text-align:center;margin-top:70px;">Welcome, new member!</h1>
	<div class="register">
			<h2>Success</h2>
 ? ? ? ? ? ?Please check your inbox / spam inbox for our e-mail that has been sent to you! If you don't click on the link inside the e-mail we can not see that you have registered and therefore you will never get approved! <br />
	</div>
	</body>
</html>

Verify.php

Code:
	<div class="register">
	 ? ?<h2>YOU HAVE BEEN VERIFIED!</h2>
	 ? ?STATUS: <font color="green">VERIFIED</font>
			<?php
				$host="localhost"; // Host name 
				$username="root"; // Mysql username 
				$password=""; // Mysql password 
				$db_name="yourdb"; // Database name ?
				// Connect to server and select databse.
				mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
				mysql_select_db("$db_name")or die("cannot select DB");
							$verifycode = $_GET['code'];
							$verifycode = stripslashes($verifycode);
							$verifycode = mysql_real_escape_string($verifycode);
				$sql="UPDATE `people` SET `email_verified`='TRUE' ?WHERE `verify_code`='$verifycode'";
				mysql_query($sql);
				mysql_close();
			?>
	</div>
login:
Code:
	<?php 
		if(isset($_SESSION['username']))
		{

		}else
		{
			?>
		<div class="login" id="slogin">
			<form action="login/checklogin.php" method="post">
				Username<br />
					<input type="text" placeholder="Username" name ="username" /><br />
				Password<br />
					<input type="password" placeholder="Password" name="password" /><br />
					<input type="submit" value="LOGIN">
		</form>
		</div>
			<?php
		}

	?>
Checklogin.php

Code:
<?php
session_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="yourdb"; // Database name 
$tbl_name="people"; // Table name 
// Create connection
$conn = new mysqli($host, $username, $password, $db_name);
// Check connection
if ($conn->connect_error) {
 ? ?die("Connection failed: " . $conn->connect_error);
} 
mysqli_set_charset($conn,"UTF-8");
$sql3 = "SELECT * FROM `people` WHERE `username`='$_POST[username]'";
$result4 = $conn->query($sql3);

if ($result4->num_rows > 0) {
 ? ?// output data of each row
 ? ?while($row = $result4->fetch_assoc()) {
 ? ?	if($row['ny']=="TRUE")
 ? ?	{
 ? ?		header("Location: ../");
 ? ?		die();
 ? ?	}
 ? ?}
}
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username2=$_POST['username']; 
$password2=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$username2 = stripslashes($username2);
$password2 = stripslashes($password2);
$username2 = mysql_real_escape_string($username2);
$password2 = mysql_real_escape_string($password2);
$password2 = sha1($username2 . ":" . $password2);
$sql="SELECT * FROM $tbl_name WHERE username='$username2' and password='$password2'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$ip = $_SERVER['REMOTE_ADDR'];
// Register $myusername, $mypassword and redirect to file "login_success.php"
				$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
				$db_name="yourdb"; // Database name ?
				// Connect to server and select databse.
				mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
				mysql_select_db("$db_name")or die("cannot select DB");
				$sql="UPDATE `people` SET `ip-adresse`='$ip' WHERE `username`='$username2'";
				mysql_query($sql);
				mysql_close();
$_SESSION['username']="$username2";
header("location:../");
}
else {
header("location:../");
}
?>
Logout.php:

Code:
<?php
session_start();
session_destroy();
header("Location: ../");
?>

SQL:
Code:
-- phpMyAdmin SQL Dump
-- version 4.0.10.14
-- http://www.phpmyadmin.net
--
-- V?rt: localhost:3306
-- Genereringstid: 05. 08 2016 kl. 18:29:24
-- Serverversion: 5.5.45-cll-lve
-- PHP-version: 5.4.31

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `yourdb`
--
CREATE TABLE IF NOT EXISTS `people` (
 ?`id` int(255) NOT NULL AUTO_INCREMENT,
 ?`navn` longtext NOT NULL,
 ?`fb_link` longtext NOT NULL,
 ?`steam_link` longtext NOT NULL,
 ?`status` longtext NOT NULL,
 ?`img` longtext NOT NULL,
 ?`premium` longtext NOT NULL,
 ?`admin` longtext NOT NULL,
 ?`ny` longtext NOT NULL,
 ?`username` longtext NOT NULL,
 ?`password` longtext NOT NULL,
 ?`email` longtext NOT NULL,
 ?`adresse` longtext NOT NULL,
 ?`postnr` longtext NOT NULL,
 ?`telefon` longtext NOT NULL,
 ?`efternavn` longtext NOT NULL,
 ?`by` longtext NOT NULL,
 ?`ip-adresse` longtext NOT NULL,
 ?`alder` date NOT NULL,
 ?`email_verified` longtext NOT NULL,
 ?`verify_code` longtext NOT NULL,
 ?`untrusted` longtext NOT NULL,
 ?`trusted` longtext NOT NULL,
 ?`beskrivelse` longtext NOT NULL,
 ?`gender` longtext NOT NULL,
 ?`rep` longtext NOT NULL,
 ?`double` longtext NOT NULL,
 ?PRIMARY KEY (`id`)
) ENGINE=InnoDB ?DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;


This was used(I coded most of it, though i had a little help on one of the forms.) on an old project i had with a few friends. It's down now.
So i decieded long ago to release it for free to use or edit or do whatever you want with.

The site was supposed to be a custom "forum" where you could +rep each other and stuff like that, and become "trusted" in a danish community.
It was used for steam.

We had 400+ registrations and a lot of page visits / unique visits each month.
Though we decided to close the site since nobody used it at last.

It was also supposed to warn people from scammers.
Since our project, another one opened from somebody else in this danish community.
 

bitm0de

Junior
24 May 2016
10
0

Reputation:

Anomaly said:
Form:
Code:
<form action="login/register.php" method="post">
			<div>
				<div>
					<label for="navn">First Name<span>*</span></label>
					<input type="text" name="navn" required>
					<label for="efternavn">Last Name<span>*</span></label>
					<input type="text" name="efternavn" required>
					<label for="username">Username<span>*</span></label>
					<input type="text" name="username" required>
					<label for="email">Email<span>*</span></label>
					<input type="email" name="email" required>
					<?php if(isset($_GET['age']))
					{
						?>
					<font color="red">You're not old enough to register. (13+)</font>
					<?php
					}
					?>
					<label for="alder">Age<span>*</span></label>
					<input type="date" name="alder" required>
					<div class="choose-gender">
						<label for="gender">Gender<span>*</span></label>
						<div>
							<div>
								<input type="radio" name="gender" value="male" checked ?required>
								<p>Male</p>
							</div>
							<div>
								<input type="radio" name="gender" value="female" required>
								<p>Female</p>
							</div>
						</div>
					</div>
				</div>
				<div>
					<label fore="password">Password<span>*</span></label>
					<input type="password" name="password" required>
					<label for="verify-pw">Verify Password<span>*</span></label>
					<input type="password" name="verify-pw" required>
					<label for="telefon">Phone Number<span>*</span></label>
					<input type="number" name="telefon" required>
					<label for="adresse">Address<span>*</span></label>
					<input type="text" name="adresse" required>
					<label for="by">City<span>*</span></label>
					<input type="text" name="by" required>
					<label for="postnr">Zip Code<span>*</span></label>
					<input type="number" name="postnr" required>
					<label for="fb_link">Facebook Profile Link<span>*</span></label>
					<input type="url" name="fb_link" required>
					<label for="img">Facebook Profile Picture<span>*</span></label>
					<input type="url" name="img" required>
					<label for="steam_link">Steam Profile Link<span>*</span></label>
					<input type="url" name="steam_link" required>
				</div>
			</div>
			<div class="submit">
				<p>By submitting you agree to our <a href="../terms.txt">Terms of Service</a></p>
				<input type="submit" value="Submit">
			</div>
		</form>
register.php:
Code:
<?php
if($_POST['alder']>date('Y') - 13 . '-' . date('m') . '-' . date('d'))
{
	header("Location: ../register.php?age");
}
session_start();

include("../login/db.php");
$host="localhost"; 
$username="root";
$password="";
$db_name="yourdb";

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM people WHERE username='$_POST[username]'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("Location: ../register.php?fejl1");
die();
}
$sql="SELECT * FROM people WHERE email='$_POST[email]'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("Location: ../register.php?fejl2");
die();
}
if(isset($_POST['username']))
{
	$navn=$_POST['navn'];
	$navn = stripslashes($navn);
	$navn = mysql_real_escape_string($navn);
	$fb_link=$_POST['fb_link'];
	$fb_link = stripslashes($fb_link);
	$fb_link = mysql_real_escape_string($fb_link);
	$steam_link=$_POST['steam_link'];
	$steam_link = stripslashes($steam_link);
	$steam_link = mysql_real_escape_string($steam_link);
	$img=$_POST['img'];
	$img = stripslashes($img);
	$img = mysql_real_escape_string($img);
	$email=$_POST['email'];
	$email = stripslashes($email);
	$email = mysql_real_escape_string($email);
	$username=$_POST['username'];
	$username = stripslashes($username);
	$username = mysql_real_escape_string($username);
	$password=$_POST['password'];
	$password = stripslashes($password);
	$password = mysql_real_escape_string($password);
	$efternavn=$_POST['efternavn'];
	$efternavn = stripslashes($efternavn);
	$efternavn = mysql_real_escape_string($efternavn);
	$adresse=$_POST['adresse'];
	$adresse = stripslashes($adresse);
	$adresse = mysql_real_escape_string($adresse);
	$postnr=$_POST['postnr'];
	$postnr = stripslashes($postnr);
	$postnr = mysql_real_escape_string($postnr);
	$by=$_POST['by'];
	$by = stripslashes($by);
	$by = mysql_real_escape_string($by);
	$ip=$_POST['ip'];
	$ip = stripslashes($ip);
	$ip = mysql_real_escape_string($ip);
	$alder=$_POST['alder'];
	$alder = stripslashes($alder);
	$alder = mysql_real_escape_string($alder);
	$telefon=$_POST['telefon'];
	$telefon = stripslashes($telefon);
	$telefon = mysql_real_escape_string($telefon);
$verifycode = sha1(rand(1,50000));
$password=sha1($username . ":" . $password);
$sql2="INSERT INTO `people` (`navn`,`fb_link`,`steam_link`,`status`,`img`,`premium`,`admin`,`email`,`username`,`password`,`efternavn`,`adresse`,`postnr`,`by`,`ip-adresse`,`ny`,`alder`,`email_verified`,`verify_code`,`telefon`,`trusted`,`untrusted`,`gender`,`double`,`rep`)
VALUES ('$navn','$fb_link','$steam_link','Ukendt','$img','FALSE','FALSE','$email','$username','$password','$efternavn','$adresse','$postnr','$by','$ip','TRUE','$alder','FALSE','$verifycode','$telefon','0','0','$_POST[gender]','0','0');";

mysql_query($sql2);
header("Location: ../register_success.php");
}
mysql_close();
?>
register_success.php

Code:
<?php
session_start();
if(isset($_SESSION['username']))
{
	header("Location: ../");
}
?>
<html>
	<head>
		<title>
		</title>
		<link rel="stylesheet" type="text/css" href="../main.css" />
	</head>
	<body>
		<div class="navigation">
			<div class="navigation_links">
			</div>
	</div>
	<h1 style="text-align:center;margin-top:70px;">Welcome, new member!</h1>
	<div class="register">
			<h2>Success</h2>
 ? ? ? ? ? ?Please check your inbox / spam inbox for our e-mail that has been sent to you! If you don't click on the link inside the e-mail we can not see that you have registered and therefore you will never get approved! <br />
	</div>
	</body>
</html>

Verify.php

Code:
	<div class="register">
	 ? ?<h2>YOU HAVE BEEN VERIFIED!</h2>
	 ? ?STATUS: <font color="green">VERIFIED</font>
			<?php
				$host="localhost"; // Host name 
				$username="root"; // Mysql username 
				$password=""; // Mysql password 
				$db_name="yourdb"; // Database name ?
				// Connect to server and select databse.
				mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
				mysql_select_db("$db_name")or die("cannot select DB");
							$verifycode = $_GET['code'];
							$verifycode = stripslashes($verifycode);
							$verifycode = mysql_real_escape_string($verifycode);
				$sql="UPDATE `people` SET `email_verified`='TRUE' ?WHERE `verify_code`='$verifycode'";
				mysql_query($sql);
				mysql_close();
			?>
	</div>
login:
Code:
	<?php 
		if(isset($_SESSION['username']))
		{

		}else
		{
			?>
		<div class="login" id="slogin">
			<form action="login/checklogin.php" method="post">
				Username<br />
					<input type="text" placeholder="Username" name ="username" /><br />
				Password<br />
					<input type="password" placeholder="Password" name="password" /><br />
					<input type="submit" value="LOGIN">
		</form>
		</div>
			<?php
		}

	?>
Checklogin.php

Code:
<?php
session_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="yourdb"; // Database name 
$tbl_name="people"; // Table name 
// Create connection
$conn = new mysqli($host, $username, $password, $db_name);
// Check connection
if ($conn->connect_error) {
 ? ?die("Connection failed: " . $conn->connect_error);
} 
mysqli_set_charset($conn,"UTF-8");
$sql3 = "SELECT * FROM `people` WHERE `username`='$_POST[username]'";
$result4 = $conn->query($sql3);

if ($result4->num_rows > 0) {
 ? ?// output data of each row
 ? ?while($row = $result4->fetch_assoc()) {
 ? ?	if($row['ny']=="TRUE")
 ? ?	{
 ? ?		header("Location: ../");
 ? ?		die();
 ? ?	}
 ? ?}
}
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username2=$_POST['username']; 
$password2=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$username2 = stripslashes($username2);
$password2 = stripslashes($password2);
$username2 = mysql_real_escape_string($username2);
$password2 = mysql_real_escape_string($password2);
$password2 = sha1($username2 . ":" . $password2);
$sql="SELECT * FROM $tbl_name WHERE username='$username2' and password='$password2'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$ip = $_SERVER['REMOTE_ADDR'];
// Register $myusername, $mypassword and redirect to file "login_success.php"
				$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
				$db_name="yourdb"; // Database name ?
				// Connect to server and select databse.
				mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
				mysql_select_db("$db_name")or die("cannot select DB");
				$sql="UPDATE `people` SET `ip-adresse`='$ip' WHERE `username`='$username2'";
				mysql_query($sql);
				mysql_close();
$_SESSION['username']="$username2";
header("location:../");
}
else {
header("location:../");
}
?>
Logout.php:

Code:
<?php
session_start();
session_destroy();
header("Location: ../");
?>

SQL:
Code:
-- phpMyAdmin SQL Dump
-- version 4.0.10.14
-- http://www.phpmyadmin.net
--
-- V?rt: localhost:3306
-- Genereringstid: 05. 08 2016 kl. 18:29:24
-- Serverversion: 5.5.45-cll-lve
-- PHP-version: 5.4.31

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `yourdb`
--
CREATE TABLE IF NOT EXISTS `people` (
 ?`id` int(255) NOT NULL AUTO_INCREMENT,
 ?`navn` longtext NOT NULL,
 ?`fb_link` longtext NOT NULL,
 ?`steam_link` longtext NOT NULL,
 ?`status` longtext NOT NULL,
 ?`img` longtext NOT NULL,
 ?`premium` longtext NOT NULL,
 ?`admin` longtext NOT NULL,
 ?`ny` longtext NOT NULL,
 ?`username` longtext NOT NULL,
 ?`password` longtext NOT NULL,
 ?`email` longtext NOT NULL,
 ?`adresse` longtext NOT NULL,
 ?`postnr` longtext NOT NULL,
 ?`telefon` longtext NOT NULL,
 ?`efternavn` longtext NOT NULL,
 ?`by` longtext NOT NULL,
 ?`ip-adresse` longtext NOT NULL,
 ?`alder` date NOT NULL,
 ?`email_verified` longtext NOT NULL,
 ?`verify_code` longtext NOT NULL,
 ?`untrusted` longtext NOT NULL,
 ?`trusted` longtext NOT NULL,
 ?`beskrivelse` longtext NOT NULL,
 ?`gender` longtext NOT NULL,
 ?`rep` longtext NOT NULL,
 ?`double` longtext NOT NULL,
 ?PRIMARY KEY (`id`)
) ENGINE=InnoDB ?DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;


This was used(I coded most of it, though i had a little help on one of the forms.) on an old project i had with a few friends. It's down now.
So i decieded long ago to release it for free to use or edit or do whatever you want with.

The site was supposed to be a custom "forum" where you could +rep each other and stuff like that, and become "trusted" in a danish community.
It was used for steam.

We had 400+ registrations and a lot of page visits / unique visits each month.
Though we decided to close the site since nobody used it at last.

It was also supposed to warn people from scammers.
Since our project, another one opened from somebody else in this danish community.
mysql instead of mysqli, and no SQL injection protection here. I wouldn't use this for anything but my own localhost website, if I even had a purpose for one.
 

Anomaly

Junior
31 December 2016
19
0
23
Denmark

Reputation:

mysql instead of mysqli, and no SQL injection protection here. I wouldn't use this for anything but my own localhost website, if I even had a purpose for one.

I wouldn't recommend you doing so. :)

As far as i know MySQL is even being deprecated from PHP now.
As said in the thread, it's okay for studies.

And yes there IS mysqli in the script.
I assume you didn't read it through. :)
checklogin.php contains mysqli.
 

bitm0de

Junior
24 May 2016
10
0

Reputation:

Anomaly said:
mysql instead of mysqli, and no SQL injection protection here. I wouldn't use this for anything but my own localhost website, if I even had a purpose for one.

I wouldn't recommend you doing so. :)

As far as i know MySQL is even being deprecated from PHP now.
As said in the thread, it's okay for studies.

And yes there IS mysqli in the script.
I assume you didn't read it through. :)
checklogin.php contains mysqli.
I did read the script. register.php contains mysql functions:
Code:
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
Warning
This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
mysqli_connect()
PDO::__construct()
 

Silence

Emerald
Emerald Upgrade
5 November 2016
83
0

Reputation:

bitm0de said:
This is terrible code, and you've just proven that you're not very familiar with MySQLi in PHP. :S

Did you not read him saying that this is an old code meant to be used to reference and edit? He stated that as far as he can recall MySQL is deprecated, so this is to be used for reference, not for use on a live site.
 

bitm0de

Junior
24 May 2016
10
0

Reputation:

Silence said:
bitm0de said:
This is terrible code, and you've just proven that you're not very familiar with MySQLi in PHP. :S

Did you not read him saying that this is an old code meant to be used to reference and edit? He stated that as far as he can recall MySQL is deprecated, so this is to be used for reference, not for use on a live site.
I didn't miss anything, even if it was old code, he uses mysqli in 2 spots which goes to show that he was probably using deprecated mysql at the time, even if it was written a while back. Aside from the fact that he mixed mysqli and mysql, there's still no SQLi protection.

My points are still valid.
 

Anomaly

Junior
31 December 2016
19
0
23
Denmark

Reputation:

bitm0de said:
Silence said:
bitm0de said:
This is terrible code, and you've just proven that you're not very familiar with MySQLi in PHP. :S

Did you not read him saying that this is an old code meant to be used to reference and edit? He stated that as far as he can recall MySQL is deprecated, so this is to be used for reference, not for use on a live site.
I didn't miss anything, even if it was old code, he uses mysqli in 2 spots which goes to show that he was probably using deprecated mysql at the time, even if it was written a while back. Aside from the fact that he mixed mysqli and mysql, there's still no SQLi protection.

My points are still valid.
 

bitm0de

Junior
24 May 2016
10
0

Reputation:

But I see very little constructive here.

All you're pointing out is that I don't use MySQLi which you don't recommend and neither do i.
0.o... Do you have trouble reading my posts or something?

When did I not recommend MySQLi? I've been recommending it in every single post as a migration from ALL of your MySQL function calls. You questioned whether I had read your code or not after I've pointed out the flaws numerous times, so to me this "old code" thing seems to be an excuse to hide behind the fact that you still don't know what you're doing, because both the code and your responses to my remarks about this code haven't been very good indicators that you've improved at all compared to the skill level demonstrated in this code.

Just look at your earlier response as though you're still endorsing this code that you claim you wrote a long time ago:
And yes there IS mysqli in the script.
I assume you didn't read it through. :)
checklogin.php contains mysqli.
This part of your post makes me even more suspicious that my assumptions are correct:
As a matter of fact, my code is much more secure and reliable to this day.

Though all my "FREE" stuff have issues because I refuse to update it.
I've given plenty of good hints and constructive criticism. Just because you don't like it doesn't mean it isn't.

Stop mixing OO and use mysqli instead of mysql here and you'd be 1000% better off here already as I've pointed out.

If you don't recommend mysqli then what do you recommend? PDO? Look, if you can't take my word for it, show this PHP code to any other experienced PHP developer and see what they say.
 

Anomaly

Junior
31 December 2016
19
0
23
Denmark

Reputation:

bitm0de said:
But I see very little constructive here.

All you're pointing out is that I don't use MySQLi which you don't recommend and neither do i.
0.o... Do you have trouble reading my posts or something?

When did I not recommend MySQLi? I've been recommending it in every single post as a migration from ALL of your MySQL function calls. You questioned whether I had read your code or not after I've pointed out the flaws numerous times, so to me this "old code" thing seems to be an excuse to hide behind the fact that you still don't know what you're doing, because both the code and your responses to my remarks about this code haven't been very good indicators that you've improved at all compared to the skill level demonstrated in this code.

Just look at your earlier response as though you're still endorsing this code that you claim you wrote a long time ago:
And yes there IS mysqli in the script.
I assume you didn't read it through. :)
checklogin.php contains mysqli.
This part of your post makes me even more suspicious that my assumptions are correct:
As a matter of fact, my code is much more secure and reliable to this day.

Though all my "FREE" stuff have issues because I refuse to update it.
I've given plenty of good hints and constructive criticism. Just because you don't like it doesn't mean it isn't.

Stop mixing OO and use mysqli instead of mysql here and you'd be 1000% better off here already as I've pointed out.

If you don't recommend mysqli then what do you recommend? PDO? Look, if you can't take my word for it, show this PHP code to any other experienced PHP developer and see what they say.
That was a typo. :)
 

About Us

Forum Authority is a general discussion forum. We currently have a variety of categories to choose from, where you can participate in discussions. We also have many features such as a powerful credits & awards system, custom upgrades, plugins + more! Here you have the opportunity to meet new people, learn something new, find unique resources & tutorials, win contests & prizes, receive freebies and be given advice or help.

Top