I'm making Ajax login form, for 2d security (mobile/mail), and this script is so slow what I made.
After 2 sec it echo 1, on mobile on and fsocietyF on, I need more faster then it, if anyone want think near me.
For more text..
session_start();
include('admin/phppath/d.php');
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
if(#isset($_SERVER['HTTP_REFERER']))
{
if($_POST['token'] == $_SESSION['token2']) {
$email = $_POST['email'];
$password = $_POST['password'];
$q = "SELECT * FROM `signup9501` WHERE email = '$email'";
$r = mysqli_query($c,$q);
$row = mysqli_fetch_array($r);
$securityF = $row['securityF'];
$onoff = $row['onoff'];
if($onoff == 'mobile' && $securityF == 'on'){
echo 1;
}else if($onoff == 'email' && $securityF == 'on'){
echo 1;
}
$rowpassword = $row['password'];
$blocked = $row['blocked'];
if (password_verify("$password", $rowpassword) && $blocked != '1') {
$usrid = $row['id'];
$usernum = $row['phone'];
if($onoff == 'off' && $securityF == 'off' || $onoff == 'on' && $securityF == 'on'){
$_SESSION['email'] = $email;
echo 3;
}else if($onoff == 'email' && $securityF == 'on'){
$code = rand(1111,9999);
$upq = "UPDATE `signup9501` SET `emailcode` = '$code' WHERE `signup9501`.`id` = $usrid";
$upr = mysqli_query($c,$upq);
if($upr){
echo 1;
$_SESSION['path'] = $email;
mail("$email", 'Welcome.io 2D security', "Code: $code", null, '-fsupport#prado.io');
}else{
echo 0;
}
}else if($onoff == 'mobile' && $securityF == 'on') {
$code = rand(1111,9999);
$upq = "UPDATE `signup9501` SET `smscode` = '$code' WHERE `signup9501`.`id` = $usrid";
$upr = mysqli_query($c,$upq);
if($upr){
include ( "admin/eng/src/NexmoMessage.php" );
$nexmo_sms = new NexmoMessage('3241fdsg', '5431gdsgs1243252');
$info = $nexmo_sms->sendText( "$usernum", "Prado.io", "SMS Code: $code");
$_SESSION['path'] = $email;
}else{
echo 0;
}
}
} else {
echo 5;
}
}
else {
header('Location: http://prado.io/admin/eng/logout.php');
}
}
else {
header('Location: http://prado.io/admin/eng/logout.php');
}
}
else {
header('Location: http://prado.io/admin/eng/logout.php');
}
Related
i change the server from php 5.2 to php 7.3 & from centos 6 to centos 7.3 , i use also smarty
when i upgrade the host the code not working
i cant login to admin dashboard
its give error " Invalid username/password entered. "
can any please help
if ($_SESSION['ADMINID'] != "" && $_SESSION['ADMINUSERNAME'] != "" && $_SESSION['ADMINPASSWORD'] != "")
{
$redirect = $config['adminurl']."/home.php";
header("location: $redirect");
}
else
{
if($_POST['login']!="")
{
$adminusername = cleanit($_POST['username']);
$adminpassword = cleanit($_POST['password']);
if ($adminusername == "")
{
$error = "Error: Username not entered.";
}
elseif ($adminpassword == "")
{
$error = "Error: Password not entered.";
}
else
{
$encodedadminpassword = md5($adminpassword);
$query="SELECT * FROM administrators WHERE username='".mysqli_real_escape_string($adminusername)."' AND password='".mysqli_real_escape_string($encodedadminpassword)."'";
$executequery=$conn->execute($query);
$getid = $executequery->fields['ADMINID'];
$getusername = $executequery->fields['username'];
$getpassword = $executequery->fields['password'];
if (is_numeric($getid) && $getusername != "" && $getpassword != "" && $getusername == $adminusername && $getpassword == $encodedadminpassword)
{
$_SESSION['ADMINID'] = $getid;
$_SESSION['ADMINUSERNAME'] = $getusername;
$_SESSION['ADMINPASSWORD'] = $encodedadminpassword;
$redirect = $config['adminurl']."/home.php";
header("location: $redirect");
}
else
{
$error = "Invalid username/password entered.";
}
}
}
STemplate::assign('message',$message);
STemplate::assign('error',$error);
STemplate::display('administrator/index.tpl');
}
problem in below
$encodedadminpassword = md5($adminpassword);
$query="SELECT * FROM administrators WHERE username='".mysqli_real_escape_string($adminusername)."' AND password='".mysqli_real_escape_string($encodedadminpassword)."'";
$executequery=$conn->execute($query);
$getid = $executequery->fields['ADMINID'];
$getusername = $executequery->fields['username'];
$getpassword = $executequery->fields['password'];
My login script displays an error message after pressing the reg button, and I can only get one echo message back.
Edit one
Is it meaningful to use elseif or should i use if ... else ...?
Edit two
After the program has finished, how can I display all available errors the program encountered under the input boxes?
PHP
<?php
if($_POST['reg'] == "Registrieren"){
$email = $_POST['email'];
$username = $_POST['user'];
$password = $_POST['pw'];
$passwordrep = $_POST['pwrep'];
$email = stripslashes($email);
$username = stripslashes($username);
$password = stripslashes($password);
$passwordrep = stripslashes($passwordrep);
/*if(isset($_SESSION['log']) OR $_SESSION['log'] == 1){
$error['already_online'] = 1;
$error['main'] = 1;
}else*/if(empty($username)){
$error['username_empty'] = 1;
$error['main'] = 1;
}else{
if(empty($email)){
$error['email_empty'] = 1;
$error['main'] = 1;
}else{
if(empty($password) OR empty($passwordrep)){
$error['passwords_empty'] = 1;
$error['main'] = 1;
}else{
if($password == $passwordrep){
$error['password_confirm'] = 1;
$error['main'] = 1;
}else{
if(strlen($username) < 6 OR strlen($username) > 64){
$error['username_too_short'] = 1;
$error['main'] = 1;
}else{
if(strlen($password) < 8 OR strlen($passwordrep) < 8){
$error['password_too_short'] = 1;
$error['main'] = 1;
}else{
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$error['email_invalid'] = 1;
$error['main'] = 1;
}else{
if(!preg_match('/^[a-z\d]{2,64}$/i', $username)){
$error['username_invalid'] = 1;
$error['main'] = 1;
}else{
if($error['main'] = 0){
include_once("config/db_config.php");
$email = mysqli_real_escape_string($con, $email);
$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);
$passwordrep = mysqli_real_escape_string($con, $passwordrep);
$sql = "SELECT * FROM hp_user WHERE username = '$username'";
$query = mysqli_query($con, $sql) or die($msg_signup["signup_no_connection_aviable"]);
$row = mysqli_num_rows($query);
if($row == 1){
$error['username_exists'] = 1;
$error['main'] = 1;
}else{
$sql = "SELECT * FROM hp_user WHERE email = '$email'";
$query = mysqli_query($con, $sql) or die($msg_signup["signup_no_connection_aviable"]);
$row = mysqli_num_rows($query);
if($row == 1){
$error['email_exists'] = 1;
$error['main'] = 1;
}else{
$_SESSION['log'] = 1;
$_SESSION['user'] = $query->username;
$_SESSION['email'] = $query->email;
$add = mysqli_query($con,"INSERT INTO `agptest`.`hp_user` (`ID`, `username`, `email`, `password`, `date`, `locked`, `permission`) VALUES (NULL, '$username', '$email', '$passwordrep', CURRENT_TIMESTAMP, '0', '1');");
$error['main'] = 0;
mysqli_close();
}
}
}
}
}
}
}
}
}
}
}
}
?>
<?php
if ($error['main'] == "0") {
header("Location: http://www.allgameplay.de/?site=default");
}else{
echo "<h1>Registrierung</h1>";
echo "<form method=\"post\" action=\"index.php\">\n";
echo "Benutzername:<br><input name=\"user\" type=\"text\" size=\"30\"><br>";
if($error['username_empty'] == 1){
echo $msg_signup['signup_user_empty'];
}
if($error['username_too_short'] == 1){
echo $msg_signup['signup_user_too_short'];
}
if($error['username_invalid'] == 1){
echo "Dein Benutzername ist ungültig!";
}
echo "<br>E-Mail Adresse:<br><input name=\"email\" type=\"text\" size=\"30\"><br>";
if($error['email_empty'] == 1){
echo "Du hast keine E-Mail Adresse angegeben!";
}
if($error['email_invalid'] == 1){
echo "Dies ist keine richtige E-Mail Adresse!";
}
echo "<br>Passwort:<br><input name=\"pw\" type=\"password\" size=\"30\"><br>";
if($error['passwords_empty'] == 1){
echo "Du hast kein Passwort angegeben!";
}
echo "<br>Passwort wiederholen:<br><input name=\"pwrep\" type=\"password\" size=\"30\"><br>";
if($error['passwords_empty'] == 1){
echo "Du hast kein Passwort angegeben!";
}
if($error['password_confirm'] == 1){
echo "Die Passwörter stimmen nicht überein!";
}
echo "<br><input type=\"submit\" name=\"reg\" value=\"Registrieren\"><br>";
}
?>
Edit One
Yes, you should use elseif, it makes your code look cleaner.
Edit Two
You can use GET method to return your errors with switch statement and foreach loops.
Either that or you can use jQuery to check for errors and configure it without PHP.
jQuery Validation Implementation
EDIT:
$error = array('abc','def', 'ghi');
foreach ($error as $i) {
switch ($i) {
case "abc":
echo $i;
case "def":
echo $i;
case "ghi":
echo $i;
default:
echo "No case found!";
}
}
I hope this clears your doubt on foreach loops.
replace
if($password == $passwordrep)
to
if($password != $passwordrep)
and you need to declare error array before if($_POST['reg'] == "Registrieren")
i have a login system to backoffice, but user verification don't work.
My code to login is:
$userName = isset($_POST["user-name"]) ? $_POST["user-name"]: '';
$userPass = isset($_POST["user-pass"]) ? $_POST["user-pass"]: '';
if ($userName != '0' && $userPass != '0'){
$criptSen = hash("whirlpool", $userPass);
$rediURL = isset($_GET["url"]) ? $_GET["url"]: '';
$SQL = "SELECT Usuario, Senha, Rank FROM utilizadores WHERE Usuario='$userName' AND Senha='$criptSen' limit 1";
$query = mysql_query($SQL);
if (mysql_num_rows($query)>0)
{
$row = mysql_fetch_array($query);
$_SESSION['Usuario'] = $row['Usuario'];
$_SESSION['Rank'] = $row['Rank'];
mysql_free_result($query);
if($row['Rank'] == 0){
header("Location: membro.php");
} else {
if($row['Rank'] == 1) {
header("Location: admin/index1.php");
}
}
} else {
if (isset($query)){
mysql_free_result($query);
}
header('location: index.php');
}
} else {
header('location: index.php');
}
?>
My code to verify session is true is:
When i login he doens't work fine, i think this code is wrong and i need your help to build it correctly.
<?php
#$Usuario = $_SESSION["Usuario"];
#$Rank = $_SESSION['Rank']
if(!(isset($Usuario) && isset($Senha))){
$url = explode("/", $_SERVER["REQUEST_URI"]);
header("Location: index1.php?url=$url[3]");
} else if(isset($Usuario) && isset($Senha)){
$SQL = mysql_query("SELECT Usuario, Senha FROM utilizadores WHERE Usuario='$Usuario' AND Senha='$Senha' AND Rank=1");
if(mysql_num_rows($SQL) == 0){
echo "<script>alert(\"Area Restrita\");</scrpit>";
header("Location: ../index.php");
}
}
?>
I have this code and I have tried everything i can think of to get it to work on my WAMP local server any help would be greatly appreciated. I am PHP stupid. This works on a live server but not my WAMP server. I do get logged in just the pages do not seem to be passing the session variable to the proper user level. That's what's not working sorry for the poor description the first time.
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['login']))
{
if ($level == "Administrator") {
echo 'My Content';
}
elseif ($level == "Bank Officer") {
echo "";
}
elseif ($level == "Agent") {
echo "";
}
elseif(!empty($_POST['login']) && !empty($_POST['password']))
{
$login = mysql_real_escape_string($_POST['login']);
$password = $_POST['password'];
$checklevel = mysql_query("SELECT * FROM users WHERE login = '".$login."' AND password = '".$password."' ");
if(mysql_num_rows($checklevel) == 1)
{
$row = mysql_fetch_array($checklevel);
$level = $row['level'];
$_SESSION['level'] = $level;
}
$checklogin = mysql_query("SELECT * FROM users WHERE login = '".$login."' AND password = '".$password."' AND level='".$level."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$firstname = $row['firstname'];
$login = $row['login'];
$agent = $row['agent'];
$_SESSION['agent'] = $agent;
$_SESSION['firstname'] = $firstname;
$_SESSION['login'] = $login;
$_SESSION['LoggedIn'] = 1;
Thanks you for any help at all.
if ($_SESSION['level'] == "Bank Officer")
{
header('Location: index3.php');
exit;
}
elseif ($_SESSION['level'] == "Agent")
{
header('Location: index4.php');
exit;
}
elseif ($_SESSION['level'] == "Bank Manager")
{
header('Location: index5.php');
exit;
}
else
{
echo "Contact Administrator";
exit;
}
I basically took in 3 pieces of data from a form, and before processing them, I just wanted to make sure that all fields were filled in. So the focus of this is the second to last IF statement, checking if the different variables are empty. It seems to only be working for the first variable and I can't figure out how to make it apply to all of them.
<?php
include ("account.php") ;
include ("connect.php") ;
$isdone = FALSE;
$un = $_REQUEST [ "un"] ;
$pw = $_REQUEST [ "pw"] ;
$data = mysql_query("SELECT * FROM `auth` WHERE username = '$un'") or die(mysql_error());
$info = mysql_fetch_array($data);
$info['username'];
$password = $info['pw'];
session_start();
if(trim($un) != '' && trim($pw) != '' && $password == $pw)
{
$_SESSION['uze']=$un;
include "problem.html";
}
elseif( !isset($_POST['submit1']) && $isdone == FALSE)
{
echo "wrong password";
}
$selected = $_REQUEST [ "type"] ;
if($selected == 'afs')
{
$typeinc = 'afs';
}
else if($selected == 'db')
{
$typeinc = 'database';
}
else if($selected == 'cs')
{
$typeinc = 'computer systems';
}
else if($selected == 'pw')
{
$typeinc = 'password';
}
else if($selected == 'hw')
{
$typeinc = 'hardware';
}
else if($selected == 'other')
{
$typeinc = 'other';
}
$text = $_REQUEST ["inc"];
$selected2 = $_REQUEST ["yesno"];
if($selected2 == 'yes')
{
$email = 'yes';
}
else
{
$email = 'no';
}
if(isset($_POST['submit1']))
{
if(empty($typeinc) || empty($text) || empty($email))
{
print( 'You have not filled in all fields, click to sign in and re-enter' );
}
}
else{
mysql_query("INSERT INTO `swp5_proj`. `inci` (`type`, `date`, `time`, `reporter`, `desc`) VALUES ('$typeinc', CURDATE(), CURTIME(), '".$_SESSION['uze']."', '$text');") or die(mysql_error());
mysql_query("DELETE FROM inci WHERE type = ' '");
$isdone = TRUE;
}
if(isset($_POST['submit1']) && $isdone == TRUE)
{
echo "session over";
}
?>
Make sure you clean your REQUEST variables before you put them in a MySQL query.
if((trim($un) !== '') && (trim($pw) !== '') && ($password == $pw))
You're setting $email to yes or no in the line just above.
In your if statement you are using the shortcut OR operator.... As soon as a single statement evaluates to true, the entire statement evaluates to true and there is no need to continue processing further.