-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.php
137 lines (103 loc) · 4.02 KB
/
server.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<?php
header('P3P: CP="CAO PSA OUR"');
session_start();
$errors = array();
$uid = uniqid();
$salt = random_int(18, 952018);
#### Server php file handeles user logins and registration
# log in register and forgeot password will have there php code here
#
//database connection initialization
$db = mysqli_connect('192.168.0.6', 'Client', 'Y&0E1{8u){S?', 'Budget');
// DIE statment
if (mysqli_connect_errno()) {
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// LOGIN USER
if (isset($_POST['login'])) {
// login is escaped
if ($embeded != "1"){
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['passphrase']);
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (empty($username)) {
array_push($errors, "Who are you !?");
}
if (count($errors) == 0) {
$query = " SELECT password, salt, uid FROM Users WHERE username='$username'" ;
$result = mysqli_query($db, $query);
$row = mysqli_fetch_array($result);
$salt = $row['salt'];
$oldpassword = $row['password'];
$user = $row['uid'];
$newpassword = crypt($password, $salt);
if ( $newpassword == $oldpassword ) {
$_SESSION['auth'] = '952018';
$_SESSION['success'] = "You are now logged in";
$_SESSION['User'] = $user;
$class = "CREATE TABLE IF NOT EXISTS Budget.Budget_$user (
Category VARCHAR(255) NOT NULL,
Created DECIMAL(8,2) DEFAULT NULL,
Actual DECIMAL(8,2) DEFAULT NULL,
id_num INT(11) DEFAULT NULL PRIMARY KEY AUTO_INCREMENT
)";
mysqli_query($db, $class);
$category = "CREATE TABLE IF NOT EXISTS Budget.Category_$user (
Uid VARCHAR(255) PRIMARY KEY,
Category VARCHAR(255) NOT NULL
)";
mysqli_query($db, $category);
$budget = "CREATE TABLE IF NOT EXISTS Budget.Budget_date (
uid VARCHAR(255) PRIMARY KEY NOT NULL,
Lastdate DATE,
Nextdate DATE,
Legnth INT(11) NOT NULL,
Paid DECIMAL(8,2) DEFAULT NULL,
id_num INT(11)
)";
mysqli_query($db, $budget);
$target = "CREATE TABLE IF NOT EXISTS Budget.Target_$user (
Category VARCHAR(255) NOT NULL PRIMARY KEY,
Amount DECIMAL(8,2) DEFAULT NULL
)";
mysqli_query($db, $target);
header('location: index.php');
} else {
array_push($errors, "Wrong username/password combination ");
}
}
}
// REGISTERING USER
if (isset($_POST['register'])) {
$username = mysqli_real_escape_string($db, $_POST['Username']);
$password1 = mysqli_real_escape_string($db, $_POST['Password_1']);
$password2 = mysqli_real_escape_string($db, $_POST['Password_2']);
if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($password1)) { array_push($errors, "Password is required"); }
if ($password1 != $password2) { array_push($errors, "The two passwords do not match"); }
if ($password1 == $username){
array_push($errors, "please pick a diffrent username or password ");
}
if (strlen($password1) > 20 || strlen($password1) < 5) {
array_push($errors, "Password must be between 5 and 20 characters long!");
}
$user_check_query = "SELECT * FROM Budget.Users WHERE username='$username' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);
if ($user['username'] === $username) {
array_push($errors, "This Username is registered with and account");
}
if (count($errors) == 0) {
$status = '0';
$password0 = crypt($password1, $salt); // Password hashed with salt
// This password is one way encryped
$query = "INSERT INTO Budget.Users ( uid, username, password, salt )
VALUES( '$uid', '$username', '$password0', '$salt' )";
mysqli_query($db, $query);
array_push($errors, "You have been registered! ");
}
}
?>