· 9 years ago · Apr 07, 2017, 07:00 PM
1ob_start();
2function sec_session_start() {
3
4
5
6$session_name = 'sec_session';
7$secure = true;
8$httponly = true;
9//ini_set('session.use_only_cookies', 1);
10$cookieParams = session_get_cookie_params();
11session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"],
12$cookieParams["domain"], $secure, $httponly);
13session_name($session_name);
14$ip = $_SERVER['REMOTE_ADDR'];
15$time=time();
16$sessionid = hash('sha512', $ip.$time);
17session_start($sessionid);
18
19if(isset($_SESSION['username']))
20 $username=$_SESSION['username'];
21
22if(isset($_SESSION['user_id']))
23 $id=$_SESSION['user_id'];
24
25
26if(isset($_SESSION['login_string']))
27 $logstring = $_SESSION['login_string'];
28
29if(isset($_SESSION['ip'])){
30 $ipsess = $_SESSION['ip'];
31 if($ip!=$ipsess){
32 echo "Tentativo di Hacking il Sito Elysium ha prontamente Protetto i Tuoi Dati ";
33 $_SESSION = array();
34 session_destroy();
35
36 }
37
38 }
39
40
41
42
43$random=time()+time();
44$sessionid = hash('sha512', $ip.$random);
45
46session_start($sessionid);
47$_SESSION['username']= $username;
48$_SESSION['user_id']= $id;
49$_SESSION['login_string']= $logstring;
50
51
52//session_regenerate_id(true); // Rigenera la sessione e cancella quella creata in precedenza.
53 }
54
55sec_session_start();
56
57if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
58
59$captcha = $_POST['g-recaptcha-response'];
60
61$secretKey = "google Key";
62
63$ip = $_SERVER['REMOTE_ADDR'];
64
65$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip);
66
67$responseKeys = json_decode($response,true);
68
69 if(intval($responseKeys["success"]) == 1) {
70
71
72
73 // Define $myusername and $mypassword
74
75 $username=$_POST['form-username'];
76
77 $password=$_POST['form-password'];
78
79 $password = md5($password);
80
81 // To protect MySQL injection (more detail about MySQL injection)
82
83 $username = stripslashes($username);
84
85 $password = stripslashes($password);
86
87 include('databese/core.php');
88
89 $username = mysqli_real_escape_string($returned,$username);
90
91 $password = mysqli_real_escape_string($returned,$password);
92
93 $sql="SELECT * FROM users WHERE username='$username' and password='$password'";
94
95 $result=mysqli_query($returned,$sql);
96
97 mysqli_close($returned);
98
99 // Mysql_num_row is counting table row
100
101 $count=mysqli_num_rows($result);
102
103 $row=mysqli_fetch_assoc($result);
104
105 $attivazione=$row['attivazione'];
106
107 $id=$row['id'];
108
109
110
111
112
113
114
115 if($count==1){
116
117
118
119 if($attivazione==1){
120
121 $time=time();
122
123
124
125 include('databese/core.php');
126
127 $sql="UPDATE users SET last_ip = '$ip', last_login = '$time' WHERE username='$username' and password='$password'";
128
129 mysqli_query($returned,$sql);
130
131 mysqli_close($returned);
132
133 $user_browser = $_SERVER['HTTP_USER_AGENT'];
134
135 $logstring= hash('sha512', $password.$user_browser.$ip);
136
137 $_SESSION['username'] = $username;
138
139 $_SESSION['login_string']= $logstring;
140
141 $_SESSION['user_id']= $id;
142
143 $_SESSION['ip']= $ip;
144
145
146 echo 1;
147
148 }}}}
149
150sec_session_start();
151 if(isset($_SESSION['user_id'], $_SESSION['username'],
152 $_SESSION['login_string'])) {
153
154 $user_id = $_SESSION['user_id'];
155
156 $login_string = $_SESSION['login_string'];
157
158 $user_browser = $_SERVER['HTTP_USER_AGENT']; // reperisce la stringa 'user-agent' dell'utente.
159 include('../databese/core.php');
160
161 $result = mysqli_query($returned,"SELECT password FROM users WHERE id =
162 $user_id LIMIT 1");
163
164 mysqli_close($returned);
165
166 $row=mysqli_fetch_assoc($result);
167
168 $password =$row['password'];
169
170 $ip = $_SERVER['REMOTE_ADDR'];
171
172 $login_check = hash('sha512', $password.$user_browser.$ip);
173
174 if($login_check == $login_string) {
175
176 //page content
177 }