k00iEea0

1<?php
2session_start();
3if (!isset($_SESSION['id'])) {
4  header ('Location: login.php');
5}
6require 'dblogin.php';
7$con=mysqli_connect($dbhost,$dbusername,$dbpassword,$dbname);
8if (!$con) {
9    die("We are not able to connect to the database (located on the death star). Please try again in a few hours.");
10}
11$id = $_SESSION['id'];
12$sql = "SELECT * FROM Users WHERE id = '$id'";
13$result = mysqli_query($con, $sql);
14$GLOBALS['row'] = mysqli_fetch_array($result);
15$row = mysqli_fetch_array($result);
16if ($row['active'] != 2) {
17  $GLOBALS['display'] = "false";
18} else {
19  $GLOBALS['display'] = "true";
20}
21?>
22<!DOCTYPE html>
23<html lang="en">
24  <head>
25    <meta charset="utf-8">
26    <meta http-equiv="X-UA-Compatible" content="IE=edge">
27    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
28    <meta name="description" content="">
29    <meta name="keywords" content="">
30    <meta name="author" content="">
31    <title>Hallo</title>
32    <link href="css/bootstrap.min.css" rel="stylesheet">
33    <link href="css/custom.css" rel="stylesheet">
34    <link rel="icon" type="image/png" href="img/favicion.png" sizes="64x64">
35  </head>
36  <body>
37    <nav class="navbar navbar-default navbar-fixed-top">
38      <div class="navbar-header">
39        <button type="button" data-target="#navbarCollapse" data-toggle="collapse" class="navbar-toggle">
40          <span class="sr-only">Toggle navigation</span>
41          <span class="icon-bar"></span>
42          <span class="icon-bar"></span>
43          <span class="icon-bar"></span>
44        </button>
45        <a href="index.html" class="navbar-brand"><img src="img/logo.png" alt="Logo"></a>
46        <div class="logotext">
47          <p>Sample text</p>
48        </div>
49      </div>
50      <div id="navbarCollapse" class="collapse navbar-collapse">
51        <ul class="nav navbar-nav navbar-right">
52          <li class="noactief"><a href="index.php">Home</a></li>
53          <li class="notactief"><a href="logout.php">Logout</a></li>
54          <li class="notactief"><a href="login.php">Login</a></li>
55          <li class="actief"><a href="signup.php">Signup (admin only)</a></li>
56          <li class="notactief"><a href="onlyvisibleforloggedinusers.php">Only visible for loggedin users</a></li>
57        </ul>
58      </div>
59    </nav>
60
61<?php
62$display = $GLOBALS['display'];
63if ($display === "true") {
64  echo '
65  <div id="containerforum">
66    <h1>Maak een account</h1>
67    <form action="signup.php" method="post">
68      Username: <input type="text" name="username" placeholder="Username">
69      Password: <input type="password" name="password" placeholder="Password">
70      <div class="g-recaptcha" data-sitekey="6Lfh6BEUAAAAAKHQw8HPvgAVHx2ZxA5dF3m9Yulq"></div>
71      <input type="submit">
72    </form>
73  </div>
74  ';
75}
76?>
77
78
79
80    <script src="js/jquery-3.1.1.min.js"></script>
81    <script src="js/bootstrap.min.js"></script>
82    <script src="js/custom.js"></script>
83  </body>
84</html>
85
86<?php
87$row = $GLOBALS['row'];
88if ($row['active'] != 2) {
89  die("This page is only for admins.");
90}
91$ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
92$id = $_SESSION['id'];
93$sql = "UPDATE Users SET ip='$ip' WHERE id=$id";
94$result = mysqli_query($con, $sql);
95if (!empty($_POST['username']) and !empty($_POST['password'])) {
96  $captcha=$_POST['g-recaptcha-response'];
97  $secretkey = "6Lfh6BEUAAAAAJL0JkEUpqEOJN1cyq-CX77WA7MH";
98  $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$captcha."&remoteip=".$ip);
99  $responsearray = json_decode($response,true);
100  if ($responsearray['success'] != true) {
101    die("DOEI");
102  }
103  $username = $_POST['username'];
104  $password = $_POST['password'];
105  $username = mysqli_real_escape_string($con, $username);
106  $password = mysqli_real_escape_string($con, $password);
107  $username = strip_tags($username);
108  $password = strip_tags($password);
109  if (strlen($username) > 20) {
110    Die("Your username is way too long. The maximum length is 20 characters. Your username is " . strlen($username) . " characters long.");
111  } elseif (strlen($password) > 30) {
112    Die("Your password is way too long. The maximum length is 30 characters. Your password is " . strlen($password) . " characters long.");
113  } elseif (strlen($password) < 7) {
114    Die("Your password must be longer than 7 characters!");
115  }
116  $salt = "idwad*&^%RFYGDhsanDSADSSADDAS";
117  $password = $password . $salt;
118  $password = password_hash($password, PASSWORD_DEFAULT);
119  if (strlen($username) < 3) {
120    Die("Your username must be longer than 3 characters!");
121  } else {
122    $sql = "SELECT * FROM Users WHERE username = '$username'";
123    $result = mysqli_query($con, $sql);
124    if (mysqli_num_rows($result) >= 1) {
125      Die("This username does already exist!");
126    }
127    $sql = "INSERT INTO Users(username,dbpassword,active) VALUES('$username','$password','0')";
128    $result = mysqli_query($con, $sql);
129    if ($result) {
130      echo "You just registered to our website. We now own your identity.";
131    } else {
132      echo "We don't know what just happend, but we were unable to register your account.";
133    }
134  }
135  mysqli_close($con);
136}
137?>