SKjWTa7Y

· 9 years ago · Jan 15, 2017, 06:22 PM
1<?php
2session_start();
3if (!isset($_SESSION['id'])) {
4  header ('Location: login.php');
5}
6require 'dblogin.php';
7$con=mysqli_connect($dbhost,$dbusername,$dbpassword,$dbname);
8if (!$con) {
9    die("We are not able to connect to the database (located on the death star). Please try again in a few hours.");
10}
11$id = $_SESSION['id'];
12$sql = "SELECT * FROM Users WHERE id = '$id'";
13$result = mysqli_query($con, $sql);
14$row = mysqli_fetch_array($result);
15if ($row['active'] != 2) {
16  $display = "false";
17} else {
18  $display = "true";
19}
20?>
21<!DOCTYPE html>
22<html lang="en">
23  <head>
24    <meta charset="utf-8">
25    <meta http-equiv="X-UA-Compatible" content="IE=edge">
26    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
27    <meta name="description" content="">
28    <meta name="keywords" content="">
29    <meta name="author" content="">
30    <title>Hallo</title>
31    <link href="css/bootstrap.min.css" rel="stylesheet">
32    <link href="css/custom.css" rel="stylesheet">
33    <link rel="icon" type="image/png" href="img/favicion.png" sizes="64x64">
34  </head>
35  <body>
36    <nav class="navbar navbar-default navbar-fixed-top">
37      <div class="navbar-header">
38        <button type="button" data-target="#navbarCollapse" data-toggle="collapse" class="navbar-toggle">
39          <span class="sr-only">Toggle navigation</span>
40          <span class="icon-bar"></span>
41          <span class="icon-bar"></span>
42          <span class="icon-bar"></span>
43        </button>
44        <a href="index.html" class="navbar-brand"><img src="img/logo.png" alt="Logo"></a>
45        <div class="logotext">
46          <p>Sample text</p>
47        </div>
48      </div>
49      <div id="navbarCollapse" class="collapse navbar-collapse">
50        <ul class="nav navbar-nav navbar-right">
51          <li class="noactief"><a href="index.php">Home</a></li>
52          <li class="notactief"><a href="logout.php">Logout</a></li>
53          <li class="notactief"><a href="login.php">Login</a></li>
54          <li class="actief"><a href="signup.php">Signup (admin only)</a></li>
55          <li class="notactief"><a href="onlyvisibleforloggedinusers.php">Only visible for loggedin users</a></li>
56        </ul>
57      </div>
58    </nav>
59
60<?php
61if ($display === "true") {
62  echo '
63  <div id="containerforum">
64    <h1>Maak een account</h1>
65    <form action="signup.php" method="post">
66      Username: <input type="text" name="username" placeholder="Username">
67      Password: <input type="password" name="password" placeholder="Password">
68      <div class="g-recaptcha" data-sitekey="6Lfh6BEUAAAAAKHQw8HPvgAVHx2ZxA5dF3m9Yulq"></div>
69      <input type="submit">
70    </form>
71  </div>
72  ';
73}
74?>
75
76
77
78    <script src="js/jquery-3.1.1.min.js"></script>
79    <script src="js/bootstrap.min.js"></script>
80    <script src="js/custom.js"></script>
81  </body>
82</html>
83
84<?php
85if ($row['active'] != 2) {
86  die("This page is only for admins.");
87}
88$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
89$id = $_SESSION['id'];
90$sql = "UPDATE Users SET ip='$ip' WHERE id=$id";
91$result = mysqli_query($con, $sql);
92if (!empty($_POST['username']) and !empty($_POST['password'])) {
93  $captcha=$_POST['g-recaptcha-response'];
94  $secretkey = "6Lfh6BEUAAAAAJL0JkEUpqEOJN1cyq-CX77WA7MH";
95  $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$captcha."&remoteip=".$ip);
96  $responsearray = json_decode($response,true);
97  if ($responsearray['success'] != true) {
98    die("DOEI");
99  }
100  $username = $_POST['username'];
101  $password = $_POST['password'];
102  $username = mysqli_real_escape_string($con, $username);
103  $password = mysqli_real_escape_string($con, $password);
104  $username = strip_tags($username);
105  $password = strip_tags($password);
106  if (strlen($username) > 20) {
107    Die("Your username is way too long. The maximum length is 20 characters. Your username is " . strlen($username) . " characters long.");
108  } elseif (strlen($password) > 30) {
109    Die("Your password is way too long. The maximum length is 30 characters. Your password is " . strlen($password) . " characters long.");
110  } elseif (strlen($password) < 7) {
111    Die("Your password must be longer than 7 characters!");
112  }
113  $salt = "idwad*&^%RFYGDhsanDSADSSADDAS";
114  $password = $password . $salt;
115  $password = password_hash($password, PASSWORD_DEFAULT);
116  if (strlen($username) < 3) {
117    Die("Your username must be longer than 3 characters!");
118  } else {
119    $sql = "SELECT * FROM Users WHERE username = '$username'";
120    $result = mysqli_query($con, $sql);
121    if (mysqli_num_rows($result) >= 1) {
122      Die("This username does already exist!");
123    }
124    $sql = "INSERT INTO Users(username,dbpassword,active) VALUES('$username','$password','0')";
125    $result = mysqli_query($con, $sql);
126    if ($result) {
127      echo "You just registered to our website. We now own your identity.";
128    } else {
129      echo "We don't know what just happend, but we were unable to register your account.";
130    }
131  }
132  mysqli_close($con);
133}
134?>