HTMLrequester: comparison index.php

equal deleted inserted replaced

-:29ae580f12bd
+:ad69d332e9dc
 <?php
+function genID($seed, $length)
+{
+$ID = "";
+srand($seed);
+for($i = 0; $i < $length; $i++)
+{
+$chtype = rand(1, 3);
+switch($chtype)
+{
+case 1: // 0-9
+$ID .= chr(rand(48, 57));
+break;
+case 2: // A-Z
+$ID .= chr(rand(65, 90));
+break;
+case 3: // a-z
+$ID .= chr(rand(97, 122));
+break;
+}
+}
+return $ID;
+}
+function create_session($mysql, $uid, $password)
+{
+//
+// Build list of existing SIDs
+//
+$result = $mysql->query("SELECT sid FROM sessions");
+$num_rows = $result->num_rows;
+while($num_rows > 0)
+{
+$row = $result->fetch_assoc();
+$sids[$row["sid"]] = TRUE;
+$num_rows--;
+}
+$result->close();
+//
+// Generate main SID (making sure it is unique)
+//
+$max_attempts = 500000;
+$seed = crc32($password);
+do
+{
+$sid1 = genID($seed + time(), 32);
+$max_attempts--;
+} while(isset($sids[$sid1]) && $max_attempts > 0);
+if($max_attempts <= 0) // NOT GOOD
+return FALSE;
+$sid2 = genID(crc32($sid1) + time(), 32);
+//
+// Create the session: set the UID and SID in both the client's cookies and
+// the MySQL session table.
+//
+$uid = (string)$uid;
+$mysql->query("INSERT INTO sessions (sid, sid_dir, uid, signature, timeout_date, expiration_date)
+VALUES ('$sid1', '$sid2', '$uid', 'members', DATE_ADD(NOW(), INTERVAL 30 MINUTE),
+DATE_ADD(NOW(), INTERVAL 8 HOUR))");
+setcookie("sid1", $sid1, time() + 964224000);
+setcookie("sid2", $sid2, time() + 964224000);
+	#setcookie("uid", $uid, time() + 964224000);
+	exit();
+return TRUE;
+}
 	$conn = mysql_connect('localhost','www-data','www-data') or die(mysql_error());
 	mysql_select_db('members');
 	// retrieve cookie if it exists
-	if (isset($_COOKIE['n4c_ID']))
+	if (isset($_COOKIE['uid']))
 	{
-		$currID = $_COOKIE['n4c_ID'];
+		$currID = $_COOKIE['uid'];
+		$uid = $currID;
 	}
 	else
 	{
 		// SQL queries
 		$result = mysql_query("INSERT INTO creds (uid) VALUES ('')");
-		$user_id =  mysql_query("SELECT MAX(uid) as id FROM creds");
+		$uid =  mysql_query("SELECT MAX(uid) as id FROM creds");
 		$expiry = time() + (3600 * 24 * 30 * 12);
 		//create cookies
-		while ($db_field2 = mysql_fetch_assoc($user_id)) {
+		while ($db_field2 = mysql_fetch_assoc($uid)) {
-		 	setcookie('n4c_ID', $db_field2['id'] , $expiry, '/', '', 0);
+		 	setcookie('uid', $db_field2['id'] , $expiry, '/', '', 0);
 		}
-		if (!isset($_COOKIE['n4c_ID']))
+		if (!isset($_COOKIE['uid']))
 		{
 			$currID = 1;
 		}
 	}
 	mysql_close();
+	// retrieve session cookie if it exists
-	header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/details.php');
+#	$real_password = password;
+$mysql = new mysqli("localhost", "www-data", "www-data", "members");
+/* check connection */
+#if (mysqli_connect_errno()) {
+#    printf("Connect failed: %s\n", mysqli_connect_error());
+#    exit();
+#}
+$result = $mysql->query("SELECT uid,password_md5 FROM creds WHERE username='$username'");
+$row = $result->fetch_assoc();
+$real_password = $row["password_md5"];
+	#print $uid;
+	#if ((isset($_COOKIE['sid1'])) && (isset($_COOKIE['sid2'])))
+#{
+#        $sid1 = $_COOKIE['sid1'];
+#        $sid2 = $_COOKIE['sid2'];
+	#	print $sid1;
+	#	print $sid2;
+#}
+	$mysql = new mysqli("localhost", "www-data", "www-data", "members");
+	create_session($mysql, $uid, $real_password);
+	header ('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'details.php');
+$result->close();
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

changeset 3	ad69d332e9dc
parent 1	29ae580f12bd
child 4	2c829de4b83c