PDA

View Full Version : (PHP) Authorization Script



Daniel
11-12-2009, 09:40 AM
Well, this was basically my first PHP script after BobboHobbo wanted something like this. I took that moment as an opportunity to start learning PHP. I based it off a template, which had about 7 lines in it, and built it from there.

At first, Tootoot222 helped me on one little tiny thing i read about, SQL Injections. He just told me to use mysql_real_escape_string to escape most injection attacks, so I rolled with it :cool:

After that, i had a significant amount of help from ss23 when he was online ( <3 ), suggestions and some help xD. Another major help was my trial and error :p. Simtoon kept asking me to check out http://thesimtoon.com/ for PHP help, but his website had nothing related to my questions :p

So, after about 2 weeks of development (on and off, firstly i spent like 1 hour a day on it (for about 2 days :p) then went to about 30 minutes, then back up because it was nearly finished) i present to you my Authorization system!:

Automatically creates the table and database if they don't exist, default password hashing is using the Secure Hashing Algorithm-2 (SHA-2) and can be fully customized (i.e. You can add your own salting method). It uses MySQLi (as suggested by ss23), so I'm not sure, but some MySQLi functions require PHP5 or greater (i think). Feel free to use, but keep credits in-tact please :)

Basically you can pick up what the variables in the "Script Setup" section mean, just by reading the examples on how to create an account or validate an account in the top section of the script :)


<?php
/*-------------------------
//
// -- Authorization system created by Mayazcherquoi
// -- Version 1.01
// -- Release 17/01/2010
//
-------------------------*/
/*-------------------------
// -- To create an account, you must
// -- supply the following (using
// -- default parametres):
// -- http://yourdomain.com/authorization.php?ins=1&usr=username&psw=password&anm=admin&apw=passw
// -- This will successfully create
// -- an account with those details.
//
// -- To identify an account, you must
// -- do the following:
// -- http://yourdomain.com/authorization.php?usr=username&psw=password
//
// Other then that, hope you enjoy
// the creation of this script
-------------------------*/

/*
Setup all the required global variables:
*/

//Administrator Details
$admName = "admin"; //Administrator account name?
$admPass = "passw"; //Administrator account password?

//Script Details
$pswhash = false; //Do you want to encrypt (hash) the password?
$usrImp = "usr"; //Username parametre variable?
$pswImp = "psw"; //Password parametre variable?
$hasImp = "hsh"; //Hashing parametre variable?
$insImp = "ins"; //Insert account parametre variable?
$anmImp = "anm"; //Administrator name account parametre variable?
$apwImp = "apw"; //Administrator password account parametre variable?

//MySQL Details
$sqlhost = "localhost"; //MySQL Database Host (leave localhost if you don't know)?
$sqlport = "3306"; //MySQL Database Port (default is 3306)?
$sqluser = "root"; //MySQL Username (default is root)?
$sqlpass = ""; //MySQL Password (default is none)?
$sqldbse = "cndb"; //MySQL Database name?

/*
NOTE: ONLY change these setting
IF the table DOESN'T exist yet.
*/
$maxUsrLnth = 16; //Maximum characters allowed in username (recommended at 16)?
$maxPswLnth = 225; //Maximum characters allowed in password (recommended at 40, leave at 40 if you're SHA1 hashing)?

// -- YOU CAN IGNORE THE REST -- \\

$bsHTML = "<!-- Script created by Mayazcherquoi\n Authorization Version: 1.01".
"\n Release Date: 17th January, 2010 -->\n".
"<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">".
"\n<html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"".
"text/html;charset=utf-8\">\n <title>\n Mayazcherquoi's Autho".
"rization Script\n </title>\n </head>\n <body style=\"background-color: white;\">\n ".
"<font style=\"color: black; font-size:16px; font-family: Arial;\">\n ";
$enHTML = "\n </font>\n </body>\n</html>\n<!-- Script created by Mayazcherquoi\n".
"Authorization Version: 1.01\n Release Date: 17th January, 2010 -->\n\n";

/*
Simple hash algorithm.
Replace with your own if you want
(you can salt it in here too ;) ).
*/
function hashstr($thestring)
{
$sLen = strlen($thestring);
if($sLen == 0)
{
return hash("sha224", " ");
}
return hash("sha224", $thestring);
}

/*
Connect to the MySQL Database, if
can't connect, print's "Connection Error.".
*/
$cnection = new mysqli($sqlhost, $sqluser, $sqlpass, "", $sqlport);
if (mysqli_connect_errno()) {
die("Connection Error.");
}

/*
Convert the administrator username
and password to be able to use this
system.
*/
$admName = substr($cnection->real_escape_string(strtolower($admName)), 0, $maxUsrLnth);
$admPass = substr($cnection->real_escape_string(strtolower($admPass)), 0, $maxPswLnth);

/*
Get username and password,
protects from SQL injection,
converts them to lower-case
and hashes the password with
your custom algorithm.
*/
$username = substr($cnection->real_escape_string(strtolower($_GET[$usrImp])), 0, $maxUsrLnth);
if($pswhash) {
$password = substr(hashstr(strtolower($cnection->real_escape_string($_GET[$pswImp]))), 0, $maxPswLnth);
} else {
$password = substr(strtolower($cnection->real_escape_string($_GET[$pswImp])), 0, $maxPswLnth);
}

/*
Will select the database,
otherwise create the database,
otherwise "Database Error.".
*/
function cdatabase()
{
global $cnection;
global $cntdb;
global $sqldbse;

$cntdb = $cnection->select_db($sqldbse);
if(!$cntdb) {
$cntdb = $cnection->query("SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\"");
if(!$cntdb) {
die($bsHTML . "Database Error." . $enHTML);
}
$cntdb = $cnection->query("CREATE DATABASE `" . $sqldbse . "` DEFAULT CHARACTER SET utf8 COLLATE utf8_bin");
if(!$cntdb) {
die($bsHTML . "Database Error." . $enHTML);
}
$cntdb = $cnection->query("USE `" . $sqldbse . "`");
if(!$cntdb) {
die($bsHTML . "Database Error." . $enHTML);
}
}
return $cnection->select_db($sqldbse);
}

/*
Making sure that the table exists,
otherwise will create it.
*/
function ctable()
{
global $sqldbse;
global $cnection;
global $arrSQL;
global $maxUsrLnth;
global $maxPswLnth;

$sql = $cnection->query("SELECT 1 FROM users");
if(!$sql) {
if(strtolower($cnection->error) == "table '". $sqldbse . ".users' doesn't exist") {
$sql = $cnection->query("CREATE TABLE IF NOT EXISTS `users` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, " .
"`user` varchar(" . $maxUsrLnth . ") COLLATE utf8_bin NOT NULL, `pass` char(" . $maxPswLnth . ") COLLATE utf8_bin NOT NULL, " .
"UNIQUE KEY `id` (`id`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2");
if(!$sql) {
die($bsHTML . "Table creation error." . $enHTML);
}
$sql = $cnection->query("SELECT 1 FROM users");
if(!$sql) {
die($bsHTML . "Table creation error." . $enHTML);
}
}
}
return $cnection->query("SELECT * FROM users LIMIT 1");
// return $cnection->query("SELECT 1 FROM users");
}

/*
Checks if table and database exist,
otherwise will create one. Otherwise
error.
*/
cdatabase();
ctable();

/*
Creates an account with the supplied
parametres. If this is creating the
Administrator account, it will ignore
script termination when finished.
*/
function createacc($usr, $psw) {
global $admName;
global $cnection;

if(cdatabase()) {
if(ctable()) {
$usreX = $cnection->query("SELECT * FROM users WHERE user = '" . $usr . "'");
if($usreX->num_rows > 0) {
if(!$usr == $admName)
die($bsHTML . "Account already exists." . $enHTML);
} else {
$r = $cnection->query("SELECT MAX(id) AS maxid FROM users")->fetch_assoc();
$hId = $r['maxid'] + 1;
$cnection->query("INSERT INTO users (id, user, pass) VALUES ('" . $hId . "', '" . $usr . "', '" . $psw . "')");
}
}
}
if($cnection->query("SELECT * FROM users WHERE user = \"" . $usr . "\"")->num_rows == 0) {
if(!$usr == $admName)
{
die($bsHTML . "Account creation error." . $enHTML);
} else
{
die($bsHTML . "Administrator account creation error." . $enHTML);
}
} else
if(!($usr == $admName))
die($bsHTML . "Account created successfully." . $enHTML);
}

/*
Checks if the administrator account
exists, otherwise will create it.
*/
$admExists = $cnection->query("SELECT * FROM users WHERE user = '" . $admName . "'");
if($cnection->fetch_row == 0) {
if($pswhash) {
createacc($admName, hashstr(strtolower($cnection->real_escape_string($admPass))));
} else {
createacc($admName, strtolower($cnection->real_escape_string($admPass)));
}
}

/*
If the hash parametre if present,
then will output the custom hash
function on the string supplied in
the hash parametre.
*/
if($_GET[$hasImp]) {
die($bsHTML . hashstr(strtolower($cnection->real_escape_string($_GET[$hasImp]))) . $enHTML);
}

/*
Checks for administrator account
penetration.
*/
if($username == $admName)
die($bsHTML . "You cannot check for authorization with the administrator username.\n<br>\n" .
"You can find your administrator account details within the first few lines of this PHP script.\n" . $enHTML);

/*
Checks to see if account insertation
is directed. Will then check all the
required parametres and their values.
Will create the account with variables
$username and $password as details if
no errors occurred.
*/
if($_GET[$insImp] == "1") {
if(!$_GET[$usrImp] || !$_GET[$pswImp] || !$_GET[$anmImp] || !$_GET[$apwImp]) {
die($bsHTML . "Invalid parametres for account creation." . $enHTML);
}
$sSQL = $cnection->query("SELECT * FROM users WHERE user =\"" . $username . "\"");
if($sSQL->num_rows > 0) {
die($bsHTML . "Account already exists." . $bsHTML);
}
$receiveanm = substr($cnection->real_escape_string(strtolower($_GET[$anmImp])), 0, $maxUsrLnth);
$receiveapw = substr($cnection->real_escape_string(strtolower($_GET[$apwImp])), 0, $maxPswLnth);
if($pswhash)
$receiveapw = hashstr($receiveapw);
if(($_GET[$anmImp] == $admName) && ($_GET[$apwImp] == $admPass))
createacc($username, $password);
}

/*
Makes sure database and table
exist (again) and checks whether
the account stored in variables
$username and $password exist.
"Successful." if all was successful,
"Invalid Password." if account exists
but the password was wrong, and
"Invalid Username." if the username
could not be found.
*/
if(cdatabase()) {
if(ctable()) {
$qSQL = $cnection->query("SELECT * FROM users WHERE user =\"" . $username . "\"");
if($qSQL->num_rows > 0) {
$arrSQL = $qSQL->fetch_assoc();
if($password == $arrSQL['pass']) {
echo $bsHTML . "Successful." . $enHTML;
} else {
die($bsHTML . "Invalid password." . $enHTML);
}
} else {
die($bsHTML . "Invalid username." . $enHTML);
}
}
}

?>

Thanks r!ch!e for leading me to find an error in the above script. I also fixed up the '[' brackets :)

Enjoy :D

*comments and constructive criticism please, as this was basically my first PHP script (discluding <?php echo "Hello World"; ?>, and other similar variants :p)*

EvilChicken!
11-13-2009, 03:41 AM
First thing I noticed was that you use way too many curly brackets.

It's like always typing a begin&end after every single 'then' you write.

noidea
11-13-2009, 05:03 AM
First thing I noticed was that you use way too many curly brackets.

It's like always typing a begin&end after every single 'then' you write.

My Java teacher goes off at me if I don't use them EVERYWHERE :<

Daniel
11-13-2009, 05:22 AM
First thing I noticed was that you use way too many curly brackets.

It's like always typing a begin&end after every single 'then' you write.
lol.

That's what i thought was compulsary when i first began to make this script. Then, i saw others and realised you that you didn't have to have the {}'s if only one line code follows, which is why you mainly still see those {}'s in some places, and others not.

Thanks EvilChicken! :)

Zyt3x
11-13-2009, 08:03 AM
lol.

That's what i thought was compulsary when i first began to make this script. Then, i saw others and realised you that you didn't have to have the {}'s if only one line code follows, which is why you mainly still see those {}'s in some places, and others not.

Thanks EvilChicken! :)Exact same thing happened when I wrote my first Java script :p
Nice script for your first try :)

Daniel
11-14-2009, 01:21 AM
Exact same thing happened when I wrote my first Java script :p
Nice script for your first try :)

Thank you :)

Nadeem
11-14-2009, 03:47 AM
You should've made classes, it would've been easier to import into scripts to use + more secure ;)

Also, alot of your code can be shortened down, ex:

function hashstr($thestring)
{
return hash("sha224", strlen($thestring) == 0 ? " " : $thestring);
}

And it is not too good to use globals, because in alot of the servers the global_registers are turned off



~NS

Daniel
11-14-2009, 10:22 AM
You should've made classes, it would've been easier to import into scripts to use + more secure ;)

Also, alot of your code can be shortened down, ex:

function hashstr($thestring)
{
return hash("sha224", strlen($thestring) == 0 ? " " : $thestring);
}

And it is not too good to use globals, because in alot of the servers the global_registers are turned off



~NS

lol, i only just started. Still in the process of completely learning the OOP in PHP :p Also, how would they make it much more secure?

Also, the hashstr() was meant for people to customize.

What other alternatives other than "global" can i use then to use those variables inside and outside of functions?

Thanks Nadeem :)

Nadeem
11-14-2009, 07:03 PM
lol, i only just started. Still in the process of completely learning the OOP in PHP :p Also, how would they make it much more secure?

Also, the hashstr() was meant for people to customize.

What other alternatives other than "global" can i use then to use those variables inside and outside of functions?

Thanks Nadeem :)
I mean sorry, not more secure, but in terms of accessibility its more secure due to the use of identifiers (public, private, protected etc...). And using classes can eliminate too many uses of globals. Also using define can eliminate use of globals aswell.



~NS

Daniel
11-15-2009, 12:15 AM
I mean sorry, not more secure, but in terms of accessibility its more secure due to the use of identifiers (public, private, protected etc...). And using classes can eliminate too many uses of globals. Also using define can eliminate use of globals aswell.



~NS

Oh, thanks Nadeem. I'll be sure to put what you suggested into practice in further PHP scripts of mine :)

<3

phantombmx
12-02-2009, 09:05 AM
First thing I noticed was that you use way too many curly brackets.

It's like always typing a begin&end after every single 'then' you write.
I feel that there should always be curly brackets... if you plan on expanding your code in any way, there is way less problems down the line by using proper curly brackets.

Coding standards people, live by 'em... :)

Sex
12-02-2009, 09:41 AM
I feel that there should always be curly brackets... if you plan on expanding your code in any way, there is way less problems down the line by using proper curly brackets.

Coding standards people, live by 'em... :)
Omg.
You are back.
You haven't posted in like 3 years. Haha.

Daniel
12-02-2009, 10:30 AM
Omg.
You are back.
You haven't posted in like 3 years. Haha.

And probably his last for about another 3 years <_>



phantombmx - i noticed on that script someone said something about braces...
phantombmx - like why are there so many
Mayazcherquoi - lol
Mayazcherquoi - Yer
Mayazcherquoi - My authorization one?
phantombmx - yeah
Mayazcherquoi - lol
Mayazcherquoi - I can see :P
phantombmx - i can't stand things without braces...
Mayazcherquoi - But others have told me to constantly use the,.
Mayazcherquoi - *them
phantombmx - yeah, i'd recommend it
Mayazcherquoi (7:47:31 PM) - Since it is easier to add code if you want to.
Mayazcherquoi (7:47:33 PM) - Or w/e
phantombmx (7:47:35 PM) - that way if you expand your code that 1 extra line, you can without probs
phantombmx (7:47:37 PM) - yeah
Mayazcherquoi - Contradict him :P
Mayazcherquoi - :D
phantombmx - i should...
Mayazcherquoi - :P


:p

phantombmx
12-02-2009, 06:32 PM
I've just been in another community... I'll start trying to visit more often. As long as I have Dan on my MSN, I'm sure I'll be visiting. :)

mrpickle
12-09-2009, 03:56 AM
Offtopic: Why does phantombmx not have an old timer cup? xD

OnTopic: Can we use the code you posted for our own use?

noidea
12-09-2009, 04:25 AM
Offtopic: Why does phantombmx not have an old timer cup? xD

OnTopic: Can we use the code you posted for our own use?

He is too sexy for Yoda.

Can some one check out Sex please? He is starting to bug me. You've only been here for 3 months, but know things that have happened for the years past?

Sex
12-09-2009, 07:21 AM
I looked at his posts and his last post in 2006...

Daniel
12-10-2009, 05:40 AM
Offtopic: Why does phantombmx not have an old timer cup? xD

Because he's olllllllllllllllllllllllllld.


OnTopic: Can we use the code you posted for our own use?
Yes you can :)

marpis
01-16-2010, 02:36 PM
Parse error: syntax error, unexpected T_IF in /home/a4103096/public_html/authsystem.php on line 108
:s

Help?

code841
01-16-2010, 03:42 PM
Parse error: syntax error, unexpected T_IF in /home/a4103096/public_html/authsystem.php on line 108
:s

Help?

That's because of the PHP tag in vbulletin, it converted some characters and displayed it differently.


strtolower($_GET[$anmImp])), 0, $maxUsrLnth);
all of that is getting commented out due to the hash (#) on multiple lines.


<?php
/*-------------------------
//
// -- Authorization system created by Mayazcherquoi
// -- Version 1.0
// -- Release 12/11/2009
//
-------------------------*/
/*-------------------------
// -- To create an account, you must
// -- supply the following (using
// -- default parametres):
// -- http://yourdomain.com/authorization.php?ins=1&usr=username&psw=password&anm=admin&apw=12345
// -- This will successfully create
// -- an account with those details.
//
// -- To identify an account, you must
// -- do the following:
// -- http://yourdomain.com/authorization.php?usr=username&psw=password
//
// Other then that, hope you enjoy
// the creation of this script
-------------------------*/

/*
Setup all the required global variables:
*/

//Administrator Details
$admName = "admin"; //Administrator account name?
$admPass = "passw"; //Administrator account password?

//Script Details
$pswhash = TRUE; //Do you want to encrypt (hash) the password?
$usrImp = "usr"; //Username parametre variable?
$pswImp = "psw"; //Password parametre variable?
$hasImp = "hsh"; //Hashing parametre variable?
$insImp = "ins"; //Insert account parametre variable?
$anmImp = "anm"; //Administrator name account parametre variable?
$apwImp = "apw"; //Administrator password account parametre variable?

//MySQL Details
$sqlhost = "localhost"; //MySQL Database Host (leave localhost if you don't know)?
$sqlport = "3306"; //MySQL Database Port (default is 3306)?
$sqluser = "root"; //MySQL Username (default is root)?
$sqlpass = ""; //MySQL Password (default is none)?
$sqldbse = "cndb"; //MySQL Database name?

/*
NOTE: ONLY change these setting
IF the table DOESN'T exist yet.
*/
$maxUsrLnth = 16; //Maximum characters allowed in username (recommended at 16)?
$maxPswLnth = 225; //Maximum characters allowed in password (recommended at 40, leave at 40 if you're SHA1 hashing)?

// -- YOU CAN IGNORE THE REST -- \\

$bsHTML = "<!-- Script created by Mayazcherquoi\n Authorization Version: 1.0".
"\n Release Date: 12th November, 2009 -->\n".
"<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">".
"\n<html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"".
"text/html;charset=utf-8\">\n <title>\n Mayazcherquoi's Autho".
"rization Script\n </title>\n </head>\n <body style=\"background-color: white;\">\n ".
"<font style=\"color: black; font-size:16px; font-family: Arial;\">\n ";
$enHTML = "\n </font>\n </body>\n</html>\n<!-- Script created by Mayazcherquoi\n".
"Authorization Version: 1.0\n Release Date: 12th November, 2009 -->\n\n";

/*
Simple hash algorithm.
Replace with your own if you want
(you can salt it in here too ;) ).
*/
function hashstr($thestring)
{
$sLen = strlen($thestring);
if($sLen == 0)
{
return hash("sha224", " ");
}
return hash("sha224", $thestring);
}

/*
Connect to the MySQL Database, if
can't connect, print's "Connection Error.".
*/
$cnection = new mysqli($sqlhost, $sqluser, $sqlpass, "", $sqlport);
if (mysqli_connect_errno()) {
die("Connection Error.");
}

/*
Convert the administrator username
and password to be able to use this
system.
*/
$admName = substr($cnection->real_escape_string(strtolower($admName)), 0, $maxUsrLnth);
$admPass = substr($cnection->real_escape_string(strtolower($admPass)), 0, $maxPswLnth);

/*
Get username and password,
protects from SQL injection,
converts them to lower-case
and hashes the password with
your custom algorithm.
*/
$username = substr($cnection->real_escape_string(strtolower($_GET[$usrImp])), 0, $maxUsrLnth);
if($pswhash) {
$password = substr(hashstr(strtolower($cnection->real_escape_string($_GET[$pswImp]))), 0, $maxPswLnth);
} else {
$password = substr(strtolower($cnection->real_escape_string($_GET[$pswImp])), 0, $maxPswLnth);
}

/*
Will select the database,
otherwise create the database,
otherwise "Database Error.".
*/
function cdatabase()
{
global $cnection;
global $cntdb;
global $sqldbse;

$cntdb = $cnection->select_db($sqldbse);
if(!$cntdb) {
$cntdb = $cnection->query("SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\"");
if(!$cntdb) {
die($bsHTML . "Database Error." . $enHTML);
}
$cntdb = $cnection->query("CREATE DATABASE `" . $sqldbse . "` DEFAULT CHARACTER SET utf8 COLLATE utf8_bin");
if(!$cntdb) {
die($bsHTML . "Database Error." . $enHTML);
}
$cntdb = $cnection->query("USE `" . $sqldbse . "`");
if(!$cntdb) {
die($bsHTML . "Database Error." . $enHTML);
}
}
return $cnection->select_db($sqldbse);
}

/*
Making sure that the table exists,
otherwise will create it.
*/
function ctable()
{
global $sqldbse;
global $cnection;
global $arrSQL;
global $maxUsrLnth;
global $maxPswLnth;

$sql = $cnection->query("SELECT 1 FROM users");
if(!$sql) {
if(strtolower($cnection->error) == "table '". $sqldbse . ".users' doesn't exist") {
$sql = $cnection->query("CREATE TABLE IF NOT EXISTS `users` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, " .
"`user` varchar(" . $maxUsrLnth . ") COLLATE utf8_bin NOT NULL, `pass` char(" . $maxPswLnth . ") COLLATE utf8_bin NOT NULL, " .
"UNIQUE KEY `id` (`id`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=2");
if(!$sql) {
die($bsHTML . "Table creation error." . $enHTML);
}
$sql = $cnection->query("SELECT 1 FROM users");
if(!$sql) {
die($bsHTML . "Table creation error." . $enHTML);
}
}
}
return $cnection->query("SELECT * FROM users LIMIT 1");
// return $cnection->query("SELECT 1 FROM users");
}

/*
Checks if table and database exist,
otherwise will create one. Otherwise
error.
*/
cdatabase();
ctable();

/*
Creates an account with the supplied
parametres. If this is creating the
Administrator account, it will ignore
script termination when finished.
*/
function createacc($usr, $psw) {
global $admName;
global $cnection;

if(cdatabase()) {
if(ctable()) {
$usreX = $cnection->query("SELECT * FROM users WHERE user = '" . $usr . "'");
if($usreX->num_rows > 0) {
if(!$usr == $admName)
die($bsHTML . "Account already exists." . $enHTML);
} else {
$r = $cnection->query("SELECT MAX(id) AS maxid FROM users")->fetch_assoc();
$hId = $r['maxid'] + 1;
$cnection->query("INSERT INTO users (id, user, pass) VALUES ('" . $hId . "', '" . $usr . "', '" . $psw . "')");
}
}
}
if($cnection->query("SELECT * FROM users WHERE user = \"" . $usr . "\"")->num_rows == 0) {
if(!$usr == $admName)
{
die($bsHTML . "Account creation error." . $enHTML);
} else
{
die($bsHTML . "Administrator account creation error." . $enHTML);
}
} else
if(!($usr == $admName))
die($bsHTML . "Account created successfully." . $enHTML);
}

/*
Checks if the administrator account
exists, otherwise will create it.
*/
$admExists = $cnection->query("SELECT * FROM users WHERE user = '" . $admName . "'");
if($cnection->fetch_row == 0) {
if($pswhash) {
createacc($admName, hashstr(strtolower($cnection->real_escape_string($admPass))));
} else {
createacc($admName, strtolower($cnection->real_escape_string($admPass)));
}
}

/*
If the hash parametre if present,
then will output the custom hash
function on the string supplied in
the hash parametre.
*/
if($_GET[$hasImp]) {
die($bsHTML . hashstr(strtolower($cnection->real_escape_string($_GET[$hasImp]))) . $enHTML);
}

/*
Checks for administrator account
penetration.
*/
if($username == $admName)
die($bsHTML . "You cannot check for authorization with the administrator username.\n<br>\n" .
"You can find your administrator account details within the first few lines of this PHP script.\n" . $enHTML);

/*
Checks to see if account insertation
is directed. Will then check all the
required parametres and their values.
Will create the account with variables
$username and $password as details if
no errors occurred.
*/
if($_GET[$insImp] == "1") {
if(!$_GET[$usrImp] || !$_GET[$pswImp] || !$_GET[$anmImp] || !$_GET[$apwImp]) {
die($bsHTML . "Invalid parametres for account creation." . $enHTML);
}
$sSQL = $cnection->query("SELECT * FROM users WHERE user =\"" . $username . "\"");
if($sSQL->num_rows > 0) {
die($bsHTML . "Account already exists." . $bsHTML);
}
$receiveanm = substr($cnection->real_escape_string(strtolower($_GET[$anmImp])), 0, $maxUsrLnth);
$receiveapw = substr($cnection->real_escape_string(strtolower($_GET[$apwImp])), 0, $maxPswLnth);
if($pswhash)
$receiveapw = hashstr($receiveapw);
if(($_GET[$anmImp] == $admName) && ($_GET[$apwImp] == $admPass))
createacc($username, $password);
}

/*
Makes sure database and table
exist (again) and checks whether
the account stored in variables
$username and $password exist.
"Successful." if all was successful,
"Invalid Password." if account exists
but the password was wrong, and
"Invalid Username." if the username
could not be found.
*/
if(cdatabase()) {
if(ctable()) {
$qSQL = $cnection->query("SELECT * FROM users WHERE user =\"" . $username . "\"");
if($qSQL->num_rows > 0) {
$arrSQL = $qSQL->fetch_assoc;
if($password == $arrSQL['pass']) {
echo $bsHTML . "Successful." . $enHTML;
} else {
die($bsHTML . "Invalid password." . $enHTML);
}
} else {
die($bsHTML . "Invalid username." . $enHTML);
}
}
}

?>

Edit: using the CODE tags converts back to what it should be :P

tls
01-16-2010, 06:05 PM
He is too sexy for Yoda.

Can some one check out Sex please? He is starting to bug me. You've only been here for 3 months, but know things that have happened for the years past?

Obviousness... he is da0wner

Simtoon
01-16-2010, 09:58 PM
Obviousness... he is da0wner

Yeh he is.

Everyone worked it out on irc a while ago

tls
01-17-2010, 04:55 AM
Yeh he is.

Everyone worked it out on irc a while ago

well his email is kyle@kyleis1337.com, so it was extremely obvious.

Sex
01-17-2010, 05:15 AM
well his email is kyle@kyleis1337.com, so it was extremely obvious.
.info* ;).

Zyt3x
01-17-2010, 10:13 AM
Yeh he is.

Everyone worked it out on irc a while agoI feel left out :(
I didn't know until after he added me to msn

Daniel
01-17-2010, 02:36 PM
BTW guys, if you didn't notice, I updated the first post and fixed a tiny error (thanks r!ch!e) as well as using different syntax highlighting tags which don't output ['s with their corresponding character code :)

marpis
01-17-2010, 09:05 PM
I got it working! This is so awesome! :)
If I get rich with this you might get a tip ;)

Daniel
01-18-2010, 08:57 AM
I got it working! This is so awesome! :)
If I get rich with this you might get a tip ;)

;) Enjoy :D