Browsing as a guest
Hello! You are currently browsing this thread as a guest, If you would like to reply to this thread, please
or Register


Anomaly
[PHP] Login / Register
#1
Form:
Code:
<form action="login/register.php" method="post">
            <div>
                <div>
                    <label for="navn">First Name<span>*</span></label>
                    <input type="text" name="navn" required>
                    <label for="efternavn">Last Name<span>*</span></label>
                    <input type="text" name="efternavn" required>
                    <label for="username">Username<span>*</span></label>
                    <input type="text" name="username" required>
                    <label for="email">Email<span>*</span></label>
                    <input type="email" name="email" required>
                    <?php if(isset($_GET['age']))
                    {
                        ?>
                    <font color="red">You're not old enough to register. (13+)</font>
                    <?php
                    }
                    ?>
                    <label for="alder">Age<span>*</span></label>
                    <input type="date" name="alder" required>
                    <div class="choose-gender">
                        <label for="gender">Gender<span>*</span></label>
                        <div>
                            <div>
                                <input type="radio" name="gender" value="male" checked  required>
                                <p>Male</p>
                            </div>
                            <div>
                                <input type="radio" name="gender" value="female" required>
                                <p>Female</p>
                            </div>
                        </div>
                    </div>
                </div>
                <div>
                    <label fore="password">Password<span>*</span></label>
                    <input type="password" name="password" required>
                    <label for="verify-pw">Verify Password<span>*</span></label>
                    <input type="password" name="verify-pw" required>
                    <label for="telefon">Phone Number<span>*</span></label>
                    <input type="number" name="telefon" required>
                    <label for="adresse">Address<span>*</span></label>
                    <input type="text" name="adresse" required>
                    <label for="by">City<span>*</span></label>
                    <input type="text" name="by" required>
                    <label for="postnr">Zip Code<span>*</span></label>
                    <input type="number" name="postnr" required>
                    <label for="fb_link">Facebook Profile Link<span>*</span></label>
                    <input type="url" name="fb_link" required>
                    <label for="img">Facebook Profile Picture<span>*</span></label>
                    <input type="url" name="img" required>
                    <label for="steam_link">Steam Profile Link<span>*</span></label>
                    <input type="url" name="steam_link" required>
                </div>
            </div>
            <div class="submit">
                <p>By submitting you agree to our <a href="../terms.txt">Terms of Service</a></p>
                <input type="submit" value="Submit">
            </div>
        </form>

register.php:
Code:
<?php
if($_POST['alder']>date('Y') - 13 . '-' . date('m') . '-' . date('d'))
{
    header("Location: ../register.php?age");
}
session_start();

include("../login/db.php");
$host="localhost";
$username="root";
$password="";
$db_name="yourdb";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM people WHERE username='$_POST[username]'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("Location: ../register.php?fejl1");
die();
}
$sql="SELECT * FROM people WHERE email='$_POST[email]'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("Location: ../register.php?fejl2");
die();
}
if(isset($_POST['username']))
{
    $navn=$_POST['navn'];
    $navn = stripslashes($navn);
    $navn = mysql_real_escape_string($navn);
    $fb_link=$_POST['fb_link'];
    $fb_link = stripslashes($fb_link);
    $fb_link = mysql_real_escape_string($fb_link);
    $steam_link=$_POST['steam_link'];
    $steam_link = stripslashes($steam_link);
    $steam_link = mysql_real_escape_string($steam_link);
    $img=$_POST['img'];
    $img = stripslashes($img);
    $img = mysql_real_escape_string($img);
    $email=$_POST['email'];
    $email = stripslashes($email);
    $email = mysql_real_escape_string($email);
    $username=$_POST['username'];
    $username = stripslashes($username);
    $username = mysql_real_escape_string($username);
    $password=$_POST['password'];
    $password = stripslashes($password);
    $password = mysql_real_escape_string($password);
    $efternavn=$_POST['efternavn'];
    $efternavn = stripslashes($efternavn);
    $efternavn = mysql_real_escape_string($efternavn);
    $adresse=$_POST['adresse'];
    $adresse = stripslashes($adresse);
    $adresse = mysql_real_escape_string($adresse);
    $postnr=$_POST['postnr'];
    $postnr = stripslashes($postnr);
    $postnr = mysql_real_escape_string($postnr);
    $by=$_POST['by'];
    $by = stripslashes($by);
    $by = mysql_real_escape_string($by);
    $ip=$_POST['ip'];
    $ip = stripslashes($ip);
    $ip = mysql_real_escape_string($ip);
    $alder=$_POST['alder'];
    $alder = stripslashes($alder);
    $alder = mysql_real_escape_string($alder);
    $telefon=$_POST['telefon'];
    $telefon = stripslashes($telefon);
    $telefon = mysql_real_escape_string($telefon);
$verifycode = sha1(rand(1,50000));
$password=sha1($username . ":" . $password);
$sql2="INSERT INTO `people` (`navn`,`fb_link`,`steam_link`,`status`,`img`,`premium`,`admin`,`email`,`username`,`password`,`efternavn`,`adresse`,`postnr`,`by`,`ip-adresse`,`ny`,`alder`,`email_verified`,`verify_code`,`telefon`,`trusted`,`untrusted`,`gender`,`double`,`rep`)
VALUES ('$navn','$fb_link','$steam_link','Ukendt','$img','FALSE','FALSE','$email','$username','$password','$efternavn','$adresse','$postnr','$by','$ip','TRUE','$alder','FALSE','$verifycode','$telefon','0','0','$_POST[gender]','0','0');";

mysql_query($sql2);
header("Location: ../register_success.php");
}
mysql_close();
?>

register_success.php

Code:
<?php
session_start();
if(isset($_SESSION['username']))
{
    header("Location: ../");
}
?>
<html>
    <head>
        <title>
        </title>
        <link rel="stylesheet" type="text/css" href="../main.css" />
    </head>
    <body>
        <div class="navigation">
            <div class="navigation_links">
            </div>
    </div>
    <h1 style="text-align:center;margin-top:70px;">Welcome, new member!</h1>
    <div class="register">
            <h2>Success</h2>
           Please check your inbox / spam inbox for our e-mail that has been sent to you! If you don't click on the link inside the e-mail we can not see that you have registered and therefore you will never get approved! <br />
    </div>
    </body>
</html>


Verify.php

Code:
    <div class="register">
        <h2>YOU HAVE BEEN VERIFIED!</h2>
        STATUS: <font color="green">VERIFIED</font>
            <?php
                $host="localhost"; // Host name
                $username="root"; // Mysql username
                $password=""; // Mysql password
                $db_name="yourdb"; // Database name  
                // Connect to server and select databse.
                mysql_connect("$host", "$username", "$password")or die("cannot connect");
                mysql_select_db("$db_name")or die("cannot select DB");
                            $verifycode = $_GET['code'];
                            $verifycode = stripslashes($verifycode);
                            $verifycode = mysql_real_escape_string($verifycode);
                $sql="UPDATE `people` SET `email_verified`='TRUE'  WHERE `verify_code`='$verifycode'";
                mysql_query($sql);
                mysql_close();
            ?>
    </div>

login:
Code:
    <?php
        if(isset($_SESSION['username']))
        {

        }else
        {
            ?>
        <div class="login" id="slogin">
            <form action="login/checklogin.php" method="post">
                Username<br />
                    <input type="text" placeholder="Username" name ="username" /><br />
                Password<br />
                    <input type="password" placeholder="Password" name="password" /><br />
                    <input type="submit" value="LOGIN">
        </form>
        </div>
            <?php
        }

    ?>

Checklogin.php

Code:
<?php
session_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="yourdb"; // Database name
$tbl_name="people"; // Table name
// Create connection
$conn = new mysqli($host, $username, $password, $db_name);
// Check connection
if ($conn->connect_error) {
   die("Connection failed: " . $conn->connect_error);
}
mysqli_set_charset($conn,"UTF-8");
$sql3 = "SELECT * FROM `people` WHERE `username`='$_POST[username]'";
$result4 = $conn->query($sql3);

if ($result4->num_rows > 0) {
   // output data of each row
   while($row = $result4->fetch_assoc()) {
       if($row['ny']=="TRUE")
       {
           header("Location: ../");
           die();
       }
   }
}
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username2=$_POST['username'];
$password2=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username2 = stripslashes($username2);
$password2 = stripslashes($password2);
$username2 = mysql_real_escape_string($username2);
$password2 = mysql_real_escape_string($password2);
$password2 = sha1($username2 . ":" . $password2);
$sql="SELECT * FROM $tbl_name WHERE username='$username2' and password='$password2'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$ip = $_SERVER['REMOTE_ADDR'];
// Register $myusername, $mypassword and redirect to file "login_success.php"
                $host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
                $db_name="yourdb"; // Database name  
                // Connect to server and select databse.
                mysql_connect("$host", "$username", "$password")or die("cannot connect");
                mysql_select_db("$db_name")or die("cannot select DB");
                $sql="UPDATE `people` SET `ip-adresse`='$ip' WHERE `username`='$username2'";
                mysql_query($sql);
                mysql_close();
$_SESSION['username']="$username2";
header("location:../");
}
else {
header("location:../");
}
?>

Logout.php:

Code:
<?php
session_start();
session_destroy();
header("Location: ../");
?>


SQL:
Code:
-- phpMyAdmin SQL Dump
-- version 4.0.10.14
-- http://www.phpmyadmin.net
--
-- Vært: localhost:3306
-- Genereringstid: 05. 08 2016 kl. 18:29:24
-- Serverversion: 5.5.45-cll-lve
-- PHP-version: 5.4.31

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `yourdb`
--
CREATE TABLE IF NOT EXISTS `people` (
 `id` int(255) NOT NULL AUTO_INCREMENT,
 `navn` longtext NOT NULL,
 `fb_link` longtext NOT NULL,
 `steam_link` longtext NOT NULL,
 `status` longtext NOT NULL,
 `img` longtext NOT NULL,
 `premium` longtext NOT NULL,
 `admin` longtext NOT NULL,
 `ny` longtext NOT NULL,
 `username` longtext NOT NULL,
 `password` longtext NOT NULL,
 `email` longtext NOT NULL,
 `adresse` longtext NOT NULL,
 `postnr` longtext NOT NULL,
 `telefon` longtext NOT NULL,
 `efternavn` longtext NOT NULL,
 `by` longtext NOT NULL,
 `ip-adresse` longtext NOT NULL,
 `alder` date NOT NULL,
 `email_verified` longtext NOT NULL,
 `verify_code` longtext NOT NULL,
 `untrusted` longtext NOT NULL,
 `trusted` longtext NOT NULL,
 `beskrivelse` longtext NOT NULL,
 `gender` longtext NOT NULL,
 `rep` longtext NOT NULL,
 `double` longtext NOT NULL,
 PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;



This was used(I coded most of it, though i had a little help on one of the forms.) on an old project i had with a few friends. It's down now.
So i decieded long ago to release it for free to use or edit or do whatever you want with.

The site was supposed to be a custom "forum" where you could +rep each other and stuff like that, and become "trusted" in a danish community.
It was used for steam.

We had 400+ registrations and a lot of page visits / unique visits each month.
Though we decided to close the site since nobody used it at last.

It was also supposed to warn people from scammers.
Since our project, another one opened from somebody else in this danish community.
Reply
#2
(01-03-2017, 03:48 AM)Anomaly Wrote: Form:
Code:
<form action="login/register.php" method="post">
            <div>
                <div>
                    <label for="navn">First Name<span>*</span></label>
                    <input type="text" name="navn" required>
                    <label for="efternavn">Last Name<span>*</span></label>
                    <input type="text" name="efternavn" required>
                    <label for="username">Username<span>*</span></label>
                    <input type="text" name="username" required>
                    <label for="email">Email<span>*</span></label>
                    <input type="email" name="email" required>
                    <?php if(isset($_GET['age']))
                    {
                        ?>
                    <font color="red">You're not old enough to register. (13+)</font>
                    <?php
                    }
                    ?>
                    <label for="alder">Age<span>*</span></label>
                    <input type="date" name="alder" required>
                    <div class="choose-gender">
                        <label for="gender">Gender<span>*</span></label>
                        <div>
                            <div>
                                <input type="radio" name="gender" value="male" checked  required>
                                <p>Male</p>
                            </div>
                            <div>
                                <input type="radio" name="gender" value="female" required>
                                <p>Female</p>
                            </div>
                        </div>
                    </div>
                </div>
                <div>
                    <label fore="password">Password<span>*</span></label>
                    <input type="password" name="password" required>
                    <label for="verify-pw">Verify Password<span>*</span></label>
                    <input type="password" name="verify-pw" required>
                    <label for="telefon">Phone Number<span>*</span></label>
                    <input type="number" name="telefon" required>
                    <label for="adresse">Address<span>*</span></label>
                    <input type="text" name="adresse" required>
                    <label for="by">City<span>*</span></label>
                    <input type="text" name="by" required>
                    <label for="postnr">Zip Code<span>*</span></label>
                    <input type="number" name="postnr" required>
                    <label for="fb_link">Facebook Profile Link<span>*</span></label>
                    <input type="url" name="fb_link" required>
                    <label for="img">Facebook Profile Picture<span>*</span></label>
                    <input type="url" name="img" required>
                    <label for="steam_link">Steam Profile Link<span>*</span></label>
                    <input type="url" name="steam_link" required>
                </div>
            </div>
            <div class="submit">
                <p>By submitting you agree to our <a href="../terms.txt">Terms of Service</a></p>
                <input type="submit" value="Submit">
            </div>
        </form>

register.php:
Code:
<?php
if($_POST['alder']>date('Y') - 13 . '-' . date('m') . '-' . date('d'))
{
    header("Location: ../register.php?age");
}
session_start();

include("../login/db.php");
$host="localhost";
$username="root";
$password="";
$db_name="yourdb";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM people WHERE username='$_POST[username]'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("Location: ../register.php?fejl1");
die();
}
$sql="SELECT * FROM people WHERE email='$_POST[email]'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
header("Location: ../register.php?fejl2");
die();
}
if(isset($_POST['username']))
{
    $navn=$_POST['navn'];
    $navn = stripslashes($navn);
    $navn = mysql_real_escape_string($navn);
    $fb_link=$_POST['fb_link'];
    $fb_link = stripslashes($fb_link);
    $fb_link = mysql_real_escape_string($fb_link);
    $steam_link=$_POST['steam_link'];
    $steam_link = stripslashes($steam_link);
    $steam_link = mysql_real_escape_string($steam_link);
    $img=$_POST['img'];
    $img = stripslashes($img);
    $img = mysql_real_escape_string($img);
    $email=$_POST['email'];
    $email = stripslashes($email);
    $email = mysql_real_escape_string($email);
    $username=$_POST['username'];
    $username = stripslashes($username);
    $username = mysql_real_escape_string($username);
    $password=$_POST['password'];
    $password = stripslashes($password);
    $password = mysql_real_escape_string($password);
    $efternavn=$_POST['efternavn'];
    $efternavn = stripslashes($efternavn);
    $efternavn = mysql_real_escape_string($efternavn);
    $adresse=$_POST['adresse'];
    $adresse = stripslashes($adresse);
    $adresse = mysql_real_escape_string($adresse);
    $postnr=$_POST['postnr'];
    $postnr = stripslashes($postnr);
    $postnr = mysql_real_escape_string($postnr);
    $by=$_POST['by'];
    $by = stripslashes($by);
    $by = mysql_real_escape_string($by);
    $ip=$_POST['ip'];
    $ip = stripslashes($ip);
    $ip = mysql_real_escape_string($ip);
    $alder=$_POST['alder'];
    $alder = stripslashes($alder);
    $alder = mysql_real_escape_string($alder);
    $telefon=$_POST['telefon'];
    $telefon = stripslashes($telefon);
    $telefon = mysql_real_escape_string($telefon);
$verifycode = sha1(rand(1,50000));
$password=sha1($username . ":" . $password);
$sql2="INSERT INTO `people` (`navn`,`fb_link`,`steam_link`,`status`,`img`,`premium`,`admin`,`email`,`username`,`password`,`efternavn`,`adresse`,`postnr`,`by`,`ip-adresse`,`ny`,`alder`,`email_verified`,`verify_code`,`telefon`,`trusted`,`untrusted`,`gender`,`double`,`rep`)
VALUES ('$navn','$fb_link','$steam_link','Ukendt','$img','FALSE','FALSE','$email','$username','$password','$efternavn','$adresse','$postnr','$by','$ip','TRUE','$alder','FALSE','$verifycode','$telefon','0','0','$_POST[gender]','0','0');";

mysql_query($sql2);
header("Location: ../register_success.php");
}
mysql_close();
?>

register_success.php

Code:
<?php
session_start();
if(isset($_SESSION['username']))
{
    header("Location: ../");
}
?>
<html>
    <head>
        <title>
        </title>
        <link rel="stylesheet" type="text/css" href="../main.css" />
    </head>
    <body>
        <div class="navigation">
            <div class="navigation_links">
            </div>
    </div>
    <h1 style="text-align:center;margin-top:70px;">Welcome, new member!</h1>
    <div class="register">
            <h2>Success</h2>
           Please check your inbox / spam inbox for our e-mail that has been sent to you! If you don't click on the link inside the e-mail we can not see that you have registered and therefore you will never get approved! <br />
    </div>
    </body>
</html>


Verify.php

Code:
    <div class="register">
        <h2>YOU HAVE BEEN VERIFIED!</h2>
        STATUS: <font color="green">VERIFIED</font>
            <?php
                $host="localhost"; // Host name
                $username="root"; // Mysql username
                $password=""; // Mysql password
                $db_name="yourdb"; // Database name  
                // Connect to server and select databse.
                mysql_connect("$host", "$username", "$password")or die("cannot connect");
                mysql_select_db("$db_name")or die("cannot select DB");
                            $verifycode = $_GET['code'];
                            $verifycode = stripslashes($verifycode);
                            $verifycode = mysql_real_escape_string($verifycode);
                $sql="UPDATE `people` SET `email_verified`='TRUE'  WHERE `verify_code`='$verifycode'";
                mysql_query($sql);
                mysql_close();
            ?>
    </div>

login:
Code:
    <?php
        if(isset($_SESSION['username']))
        {

        }else
        {
            ?>
        <div class="login" id="slogin">
            <form action="login/checklogin.php" method="post">
                Username<br />
                    <input type="text" placeholder="Username" name ="username" /><br />
                Password<br />
                    <input type="password" placeholder="Password" name="password" /><br />
                    <input type="submit" value="LOGIN">
        </form>
        </div>
            <?php
        }

    ?>

Checklogin.php

Code:
<?php
session_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="yourdb"; // Database name
$tbl_name="people"; // Table name
// Create connection
$conn = new mysqli($host, $username, $password, $db_name);
// Check connection
if ($conn->connect_error) {
   die("Connection failed: " . $conn->connect_error);
}
mysqli_set_charset($conn,"UTF-8");
$sql3 = "SELECT * FROM `people` WHERE `username`='$_POST[username]'";
$result4 = $conn->query($sql3);

if ($result4->num_rows > 0) {
   // output data of each row
   while($row = $result4->fetch_assoc()) {
       if($row['ny']=="TRUE")
       {
           header("Location: ../");
           die();
       }
   }
}
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$username2=$_POST['username'];
$password2=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username2 = stripslashes($username2);
$password2 = stripslashes($password2);
$username2 = mysql_real_escape_string($username2);
$password2 = mysql_real_escape_string($password2);
$password2 = sha1($username2 . ":" . $password2);
$sql="SELECT * FROM $tbl_name WHERE username='$username2' and password='$password2'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$ip = $_SERVER['REMOTE_ADDR'];
// Register $myusername, $mypassword and redirect to file "login_success.php"
                $host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
                $db_name="yourdb"; // Database name  
                // Connect to server and select databse.
                mysql_connect("$host", "$username", "$password")or die("cannot connect");
                mysql_select_db("$db_name")or die("cannot select DB");
                $sql="UPDATE `people` SET `ip-adresse`='$ip' WHERE `username`='$username2'";
                mysql_query($sql);
                mysql_close();
$_SESSION['username']="$username2";
header("location:../");
}
else {
header("location:../");
}
?>

Logout.php:

Code:
<?php
session_start();
session_destroy();
header("Location: ../");
?>


SQL:
Code:
-- phpMyAdmin SQL Dump
-- version 4.0.10.14
-- http://www.phpmyadmin.net
--
-- Vært: localhost:3306
-- Genereringstid: 05. 08 2016 kl. 18:29:24
-- Serverversion: 5.5.45-cll-lve
-- PHP-version: 5.4.31

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `yourdb`
--
CREATE TABLE IF NOT EXISTS `people` (
 `id` int(255) NOT NULL AUTO_INCREMENT,
 `navn` longtext NOT NULL,
 `fb_link` longtext NOT NULL,
 `steam_link` longtext NOT NULL,
 `status` longtext NOT NULL,
 `img` longtext NOT NULL,
 `premium` longtext NOT NULL,
 `admin` longtext NOT NULL,
 `ny` longtext NOT NULL,
 `username` longtext NOT NULL,
 `password` longtext NOT NULL,
 `email` longtext NOT NULL,
 `adresse` longtext NOT NULL,
 `postnr` longtext NOT NULL,
 `telefon` longtext NOT NULL,
 `efternavn` longtext NOT NULL,
 `by` longtext NOT NULL,
 `ip-adresse` longtext NOT NULL,
 `alder` date NOT NULL,
 `email_verified` longtext NOT NULL,
 `verify_code` longtext NOT NULL,
 `untrusted` longtext NOT NULL,
 `trusted` longtext NOT NULL,
 `beskrivelse` longtext NOT NULL,
 `gender` longtext NOT NULL,
 `rep` longtext NOT NULL,
 `double` longtext NOT NULL,
 PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;



This was used(I coded most of it, though i had a little help on one of the forms.) on an old project i had with a few friends. It's down now.
So i decieded long ago to release it for free to use or edit or do whatever you want with.

The site was supposed to be a custom "forum" where you could +rep each other and stuff like that, and become "trusted" in a danish community.
It was used for steam.

We had 400+ registrations and a lot of page visits / unique visits each month.
Though we decided to close the site since nobody used it at last.

It was also supposed to warn people from scammers.
Since our project, another one opened from somebody else in this danish community.

mysql instead of mysqli, and no SQL injection protection here. I wouldn't use this for anything but my own localhost website, if I even had a purpose for one.
Reply
#3
mysql instead of mysqli, and no SQL injection protection here. I wouldn't use this for anything but my own localhost website, if I even had a purpose for one.

I wouldn't recommend you doing so. :)

As far as i know MySQL is even being deprecated from PHP now.
As said in the thread, it's okay for studies.

And yes there IS mysqli in the script.
I assume you didn't read it through. :)
checklogin.php contains mysqli.
Reply
#4
(01-04-2017, 03:56 AM)Anomaly Wrote: mysql instead of mysqli, and no SQL injection protection here. I wouldn't use this for anything but my own localhost website, if I even had a purpose for one.

I wouldn't recommend you doing so. :)

As far as i know MySQL is even being deprecated from PHP now.
As said in the thread, it's okay for studies.

And yes there IS mysqli in the script.
I assume you didn't read it through. :)
checklogin.php contains mysqli.

I did read the script. register.php contains mysql functions:
Code:
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

The fact that you're using *some* mysqli functions is not relevant because you should NOT be mixing and matching these functions. I was making a mention that you're using mysql instead of mysqli functions, and also that there's no injection projection in your code, not that I'm suggesting you use mysql over mysqli functions. -- I was pointing out that what you had written is bad.

Not sure why you're telling me that mysql is being deprecated, because that's the reason why I was suggesting mysqli over mysql... Read the docs: http://php.net/manual/en/function.mysql-connect.php
Quote:Warning
This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
mysqli_connect()
PDO::__construct()

This is terrible code, and you've just proven that you're not very familiar with mysqli in PHP. :S mysqli_connect() should have been used instead over what you have, along with other functions you're using, and those functions are not deprecated: http://php.net/manual/en/function.mysqli-connect.php

You use mysqli in ONLY 2 places, and some OO syntax, and then you mix that with mysql functions using procedural syntax. The code also demonstrates poor session handling.
Reply
#5
(01-04-2017, 06:12 PM)bitm0de Wrote: This is terrible code, and you've just proven that you're not very familiar with MySQLi in PHP. :S


Did you not read him saying that this is an old code meant to be used to reference and edit? He stated that as far as he can recall MySQL is deprecated, so this is to be used for reference, not for use on a live site.
[Image: fyuAgEq.jpg]
Reply
#6
(01-04-2017, 06:16 PM)Silence Wrote:
(01-04-2017, 06:12 PM)bitm0de Wrote: This is terrible code, and you've just proven that you're not very familiar with MySQLi in PHP. :S


Did you not read him saying that this is an old code meant to be used to reference and edit? He stated that as far as he can recall MySQL is deprecated, so this is to be used for reference, not for use on a live site.

I didn't miss anything, even if it was old code, he uses mysqli in 2 spots which goes to show that he was probably using deprecated mysql at the time, even if it was written a while back. Aside from the fact that he mixed mysqli and mysql, there's still no SQLi protection.

My points are still valid.
Reply
#7
Reply
#8
Quote:But I see very little constructive here.

All you're pointing out is that I don't use MySQLi which you don't recommend and neither do i.

0.o... Do you have trouble reading my posts or something?

When did I not recommend MySQLi? I've been recommending it in every single post as a migration from ALL of your MySQL function calls. You questioned whether I had read your code or not after I've pointed out the flaws numerous times, so to me this "old code" thing seems to be an excuse to hide behind the fact that you still don't know what you're doing, because both the code and your responses to my remarks about this code haven't been very good indicators that you've improved at all compared to the skill level demonstrated in this code.

Just look at your earlier response as though you're still endorsing this code that you claim you wrote a long time ago:
Quote:And yes there IS mysqli in the script.
I assume you didn't read it through. :)
checklogin.php contains mysqli.

This part of your post makes me even more suspicious that my assumptions are correct:
Quote:As a matter of fact, my code is much more secure and reliable to this day.

Though all my "FREE" stuff have issues because I refuse to update it.

I've given plenty of good hints and constructive criticism. Just because you don't like it doesn't mean it isn't.

Stop mixing OO and use mysqli instead of mysql here and you'd be 1000% better off here already as I've pointed out.

If you don't recommend mysqli then what do you recommend? PDO? Look, if you can't take my word for it, show this PHP code to any other experienced PHP developer and see what they say.
Reply
#9
(01-06-2017, 07:41 AM)bitm0de Wrote:
Quote:But I see very little constructive here.

All you're pointing out is that I don't use MySQLi which you don't recommend and neither do i.

0.o... Do you have trouble reading my posts or something?

When did I not recommend MySQLi? I've been recommending it in every single post as a migration from ALL of your MySQL function calls. You questioned whether I had read your code or not after I've pointed out the flaws numerous times, so to me this "old code" thing seems to be an excuse to hide behind the fact that you still don't know what you're doing, because both the code and your responses to my remarks about this code haven't been very good indicators that you've improved at all compared to the skill level demonstrated in this code.

Just look at your earlier response as though you're still endorsing this code that you claim you wrote a long time ago:
Quote:And yes there IS mysqli in the script.
I assume you didn't read it through. :)
checklogin.php contains mysqli.

This part of your post makes me even more suspicious that my assumptions are correct:
Quote:As a matter of fact, my code is much more secure and reliable to this day.

Though all my "FREE" stuff have issues because I refuse to update it.

I've given plenty of good hints and constructive criticism. Just because you don't like it doesn't mean it isn't.

Stop mixing OO and use mysqli instead of mysql here and you'd be 1000% better off here already as I've pointed out.

If you don't recommend mysqli then what do you recommend? PDO? Look, if you can't take my word for it, show this PHP code to any other experienced PHP developer and see what they say.

That was a typo. :)
Reply
Browsing as a guest
Hello! You are currently browsing this thread as a guest, If you would like to reply to this thread, please
or Register