Na wstępie poinformuję, że jestem tutaj nowy i niestety nie jestem zaawansowanym w programowaniu php. Nie jestem natomiast też całkiem zielony
Do rzeczy:
Mam skrypt systemu rejestracji, w którym chciałbym aby zapisywane hasło w db(MySQL) było hash'owane przez md5 a później podczas logowania hash wpisanego hasła porównywany był z tym wcześniej zapisanym w db. - chyba wiadomo o co chodzi?
Wygląda to tak:
join.php - dopisujący do bazy użytkowników:
Kod
<?php
error_reporting(E_ALL);
include_once("func.php");
session_register("login");
session_register("password");
session_register("loggedIn");
$messages=array();
$dbhost="localhost";
$dbuser="xxx";
$dbpass="xxx";
$dbname="xxx";
connectToDB();
checkLoggedIn("no");
if(isset($_POST["submit"])){
field_validator("Login", $_POST["login"], "alphanumeric", 4, 15);
field_validator("Hasło", $_POST["password"], "string", 4, 15);
field_validator("Powtórzenie hasła", $_POST["password2"], "string", 4, 15);
if(strcmp($_POST["password"], $_POST["password2"])) {
$messages[]="Powtórzone hasła nie pasują";
}
$query="SELECT login FROM users WHERE login='".$_POST["login"]."'";
$result=mysql_query($query, $link) or die("MySQL query $query failed. Error if any: ".mysql_error());
if( ($row=mysql_fetch_array($result)) ){
$messages[]="Login ID \"".$_POST["login"]."\" already exists. Try another.";
}
if(empty($messages)) {
newUser($_POST["login"], $_POST["password"]);
cleanMemberSession($_POST["login"], $_POST["password"]);
header("Location: members.php?".session_name()."=".session_id());
}
}
?>
<html>
<head>
<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=iso-8859-2">
<META HTTP-EQUIV="Reply-to" CONTENT="t.rosciszewski@gmail.com">
<META HTTP-EQUIV="Content-Language" CONTENT="pl">
<META NAME="Author" CONTENT="Tomasz Rościszewski">
<style type="text/css">
body{font-family: Arial, Helvetica; font-size: 10pt}
h1{font-size: 12pt}
</style>
</head>
<body>
<?php
if(!empty($messages)){
displayErrors($messages);
}
?>
<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST">
<TABLE BORDER="0">
<TR>
<TD>Login:
</td>
<td>
<input type="text" name="login" value="<?php print isset($_POST["login"]) ? $_POST["login"] : "";?>" maxlength="15">
</td>
</tr>
<tr>
<td>Password:
</td>
<td>
<input type="password" name="password" value="" maxlength="15">
</td>
</tr>
<tr>
<td>Confirm password:
</td>
<td>
<input type="password" name="password2" value="" maxlength="15">
</td>
</tr>
<tr>
<td>
</td>
<td>
<input name="submit" type="submit" value="Submit">
</td>
</tr>
</table>
</form>
</body>
</html>
error_reporting(E_ALL);
include_once("func.php");
session_register("login");
session_register("password");
session_register("loggedIn");
$messages=array();
$dbhost="localhost";
$dbuser="xxx";
$dbpass="xxx";
$dbname="xxx";
connectToDB();
checkLoggedIn("no");
if(isset($_POST["submit"])){
field_validator("Login", $_POST["login"], "alphanumeric", 4, 15);
field_validator("Hasło", $_POST["password"], "string", 4, 15);
field_validator("Powtórzenie hasła", $_POST["password2"], "string", 4, 15);
if(strcmp($_POST["password"], $_POST["password2"])) {
$messages[]="Powtórzone hasła nie pasują";
}
$query="SELECT login FROM users WHERE login='".$_POST["login"]."'";
$result=mysql_query($query, $link) or die("MySQL query $query failed. Error if any: ".mysql_error());
if( ($row=mysql_fetch_array($result)) ){
$messages[]="Login ID \"".$_POST["login"]."\" already exists. Try another.";
}
if(empty($messages)) {
newUser($_POST["login"], $_POST["password"]);
cleanMemberSession($_POST["login"], $_POST["password"]);
header("Location: members.php?".session_name()."=".session_id());
}
}
?>
<html>
<head>
<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=iso-8859-2">
<META HTTP-EQUIV="Reply-to" CONTENT="t.rosciszewski@gmail.com">
<META HTTP-EQUIV="Content-Language" CONTENT="pl">
<META NAME="Author" CONTENT="Tomasz Rościszewski">
<style type="text/css">
body{font-family: Arial, Helvetica; font-size: 10pt}
h1{font-size: 12pt}
</style>
</head>
<body>
<?php
if(!empty($messages)){
displayErrors($messages);
}
?>
<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST">
<TABLE BORDER="0">
<TR>
<TD>Login:
</td>
<td>
<input type="text" name="login" value="<?php print isset($_POST["login"]) ? $_POST["login"] : "";?>" maxlength="15">
</td>
</tr>
<tr>
<td>Password:
</td>
<td>
<input type="password" name="password" value="" maxlength="15">
</td>
</tr>
<tr>
<td>Confirm password:
</td>
<td>
<input type="password" name="password2" value="" maxlength="15">
</td>
</tr>
<tr>
<td>
</td>
<td>
<input name="submit" type="submit" value="Submit">
</td>
</tr>
</table>
</form>
</body>
</html>
login.php - logujący:
Kod
<?php
error_reporting(E_ALL);
include_once("func.php");
session_register("login");
session_register("password");
session_register("loggedIn");
$messages=array();
$dbhost="localhost";
$dbuser="xxx";
$dbpass="xxx";
$dbname="xxx";
connectToDB();
checkLoggedIn("no");
if(isset($_POST["submit"])) {
field_validator("Login", $_POST["login"], "alphanumeric", 4, 15);
field_validator("Hasło", $_POST["password"], "string", 4, 15);
if($messages){
doIndex();
exit;
}
if( !($row = checkPass($_POST["login"], $_POST["password"])) ) {
$messages[]="Incorrect login/password, try again";
}
if($messages){
doIndex();
exit;
}
cleanMemberSession($row["login"], $row["password"]);
header("Location: members.php?".session_name()."=".session_id());
} else {
doIndex();
}
function doIndex() {
global $messages;
global $title;
?>
<html>
<head>
<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=iso-8859-2">
<META HTTP-EQUIV="Content-Language" CONTENT="pl">
<style type="text/css">
body{font-family: Arial, Helvetica; font-size: 10pt}
h1{font-size: 12pt}
</style>
</head>
<body>
<h1><?=$title?></h1>
<?php
if($messages) { displayErrors($messages); }
?>
<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST">
<table>
<tr>
<td>Login:</td>
<td><input type="text" name="login" value="<?php print isset($_POST["login"]) ? $_POST["login"] : "";?>" maxlength="15"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" value="" maxlength="15"></td>
</tr>
<tr>
<td> </td>
<td><input name="submit" type="submit" value="Submit"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
?>
error_reporting(E_ALL);
include_once("func.php");
session_register("login");
session_register("password");
session_register("loggedIn");
$messages=array();
$dbhost="localhost";
$dbuser="xxx";
$dbpass="xxx";
$dbname="xxx";
connectToDB();
checkLoggedIn("no");
if(isset($_POST["submit"])) {
field_validator("Login", $_POST["login"], "alphanumeric", 4, 15);
field_validator("Hasło", $_POST["password"], "string", 4, 15);
if($messages){
doIndex();
exit;
}
if( !($row = checkPass($_POST["login"], $_POST["password"])) ) {
$messages[]="Incorrect login/password, try again";
}
if($messages){
doIndex();
exit;
}
cleanMemberSession($row["login"], $row["password"]);
header("Location: members.php?".session_name()."=".session_id());
} else {
doIndex();
}
function doIndex() {
global $messages;
global $title;
?>
<html>
<head>
<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=iso-8859-2">
<META HTTP-EQUIV="Content-Language" CONTENT="pl">
<style type="text/css">
body{font-family: Arial, Helvetica; font-size: 10pt}
h1{font-size: 12pt}
</style>
</head>
<body>
<h1><?=$title?></h1>
<?php
if($messages) { displayErrors($messages); }
?>
<form action="<?=$_SERVER["PHP_SELF"]?>" method="POST">
<table>
<tr>
<td>Login:</td>
<td><input type="text" name="login" value="<?php print isset($_POST["login"]) ? $_POST["login"] : "";?>" maxlength="15"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" value="" maxlength="15"></td>
</tr>
<tr>
<td> </td>
<td><input name="submit" type="submit" value="Submit"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
?>
oraz func.php includowany w poprzednich:
Kod
<?php
function connectToDB() {
global $link, $dbhost, $dbuser, $dbpass, $dbname;
($link = mysql_pconnect("$dbhost", "$dbuser", "$dbpass")) || die("Couldn't connect to MySQL");
mysql_select_db("$dbname", $link) || die("Nie mogę otworzyć bazy danych. Błędy: ".mysql_error() );
}
function newUser($login, $password) {
global $link;
$query="INSERT INTO users (login, password) VALUES('$login', '$password')";
$result=mysql_query($query, $link) or die("Błędy podczas zapisywania danych w bazie: ".mysql_error());
return true;
}
function displayErrors($messages) {
print("<b><font color=orange>Wystąpiły następujące problemy:</FONT></b>\n<ul>\n");
foreach($messages as $msg){
print("<li><font color=orange>$msg</Font></li>\n");
}
print("</ul>\n");
}
function checkLoggedIn($status){
switch($status){
case "yes":
if(!isset($_SESSION["loggedIn"])){
header("Location: login.php");
exit;
}
break;
case "no":
if(isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"] === true ){
header("Location: members.php?".session_name()."=".session_id());
}
break;
}
return true;
}
function checkPass($login, $password) {
global $link;
$query="SELECT login, password FROM users WHERE login='$login' and password='$password'";
$result=mysql_query($query, $link)
or die("checkPass fatal error: ".mysql_error());
if(mysql_num_rows($result)==1) {
$row=mysql_fetch_array($result);
return $row;
}
return false;
}
function cleanMemberSession($login, $password) {
$_SESSION["login"]=$login;
$_SESSION["password"]=$password;
$_SESSION["loggedIn"]=true;
}
function flushMemberSession() {
unset($_SESSION["login"]);
unset($_SESSION["password"]);
unset($_SESSION["loggedIn"]);
session_destroy();
return true;
}
function field_validator($field_descr, $field_data,
$field_type, $min_length="", $max_length="",
$field_required=1) {
global $messages;
if(!$field_data && !$field_required){ return; }
$field_ok=false;
$email_regexp="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|";
$email_regexp.="(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$";
$data_types=array(
"email"=>$email_regexp,
"digit"=>"^[0-9]$",
"number"=>"^[0-9]+$",
"alpha"=>"^[a-zA-Z]+$",
"alpha_space"=>"^[a-zA-Z ]+$",
"alphanumeric"=>"^[a-zA-Z0-9]+$",
"alphanumeric_space"=>"^[a-zA-Z0-9 ]+$",
"string"=>""
);
if ($field_required && empty($field_data)) {
$messages[] = "$field_descr jest polem wymaganym.";
return;
}
if ($field_type == "string") {
$field_ok = true;
} else {
$field_ok = ereg($data_types[$field_type], $field_data);
}
if (!$field_ok) {
$messages[] = "Wpisz poprawnie pole $field_descr.";
return;
}
if ($field_ok && ($min_length > 0)) {
if (strlen($field_data) < $min_length) {
$messages[] = "$field_descr jest nieprawidłowe, musi posiadać minimum $min_length litery.";
return;
}
}
if ($field_ok && ($max_length > 0)) {
if (strlen($field_data) > $max_length) {
$messages[] = "$field_descr jest nieprawidłowe, musi posiadać nie więcej niż $max_length liter.";
return;
}
}
}
?>
function connectToDB() {
global $link, $dbhost, $dbuser, $dbpass, $dbname;
($link = mysql_pconnect("$dbhost", "$dbuser", "$dbpass")) || die("Couldn't connect to MySQL");
mysql_select_db("$dbname", $link) || die("Nie mogę otworzyć bazy danych. Błędy: ".mysql_error() );
}
function newUser($login, $password) {
global $link;
$query="INSERT INTO users (login, password) VALUES('$login', '$password')";
$result=mysql_query($query, $link) or die("Błędy podczas zapisywania danych w bazie: ".mysql_error());
return true;
}
function displayErrors($messages) {
print("<b><font color=orange>Wystąpiły następujące problemy:</FONT></b>\n<ul>\n");
foreach($messages as $msg){
print("<li><font color=orange>$msg</Font></li>\n");
}
print("</ul>\n");
}
function checkLoggedIn($status){
switch($status){
case "yes":
if(!isset($_SESSION["loggedIn"])){
header("Location: login.php");
exit;
}
break;
case "no":
if(isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"] === true ){
header("Location: members.php?".session_name()."=".session_id());
}
break;
}
return true;
}
function checkPass($login, $password) {
global $link;
$query="SELECT login, password FROM users WHERE login='$login' and password='$password'";
$result=mysql_query($query, $link)
or die("checkPass fatal error: ".mysql_error());
if(mysql_num_rows($result)==1) {
$row=mysql_fetch_array($result);
return $row;
}
return false;
}
function cleanMemberSession($login, $password) {
$_SESSION["login"]=$login;
$_SESSION["password"]=$password;
$_SESSION["loggedIn"]=true;
}
function flushMemberSession() {
unset($_SESSION["login"]);
unset($_SESSION["password"]);
unset($_SESSION["loggedIn"]);
session_destroy();
return true;
}
function field_validator($field_descr, $field_data,
$field_type, $min_length="", $max_length="",
$field_required=1) {
global $messages;
if(!$field_data && !$field_required){ return; }
$field_ok=false;
$email_regexp="^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|";
$email_regexp.="(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$";
$data_types=array(
"email"=>$email_regexp,
"digit"=>"^[0-9]$",
"number"=>"^[0-9]+$",
"alpha"=>"^[a-zA-Z]+$",
"alpha_space"=>"^[a-zA-Z ]+$",
"alphanumeric"=>"^[a-zA-Z0-9]+$",
"alphanumeric_space"=>"^[a-zA-Z0-9 ]+$",
"string"=>""
);
if ($field_required && empty($field_data)) {
$messages[] = "$field_descr jest polem wymaganym.";
return;
}
if ($field_type == "string") {
$field_ok = true;
} else {
$field_ok = ereg($data_types[$field_type], $field_data);
}
if (!$field_ok) {
$messages[] = "Wpisz poprawnie pole $field_descr.";
return;
}
if ($field_ok && ($min_length > 0)) {
if (strlen($field_data) < $min_length) {
$messages[] = "$field_descr jest nieprawidłowe, musi posiadać minimum $min_length litery.";
return;
}
}
if ($field_ok && ($max_length > 0)) {
if (strlen($field_data) > $max_length) {
$messages[] = "$field_descr jest nieprawidłowe, musi posiadać nie więcej niż $max_length liter.";
return;
}
}
}
?>
Ma ktoś pomysł?
