You must enter a username to login!
"; $error += 1; } else { $username = trim($_POST["username"]); } // Check if Password is empty if (empty(trim($_POST["password"]))) { echo "Pls enter the super duper secrete word(s) to login!
"; $error += 1; } else { $password = trim($_POST["password"]); } } if ($error <= 0) { // Prepare so SQL doesnt get spooked $sql = "SELECT id, username, password FROM users WHERE username = ?"; if ($stmt = mysqli_prepare($conn, $sql)) { // Bind dis shit mysqli_stmt_bind_param($stmt, "s", $param_username); // Set parameters $param_username = $username; // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { // Store result mysqli_stmt_store_result($stmt); // Check if username exists, if yes then verify password if (mysqli_stmt_num_rows($stmt) == 1) { // Bind result variables mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password); if (mysqli_stmt_fetch($stmt)) { if (password_verify($password, $hashed_password)) { // Password is correct, so start a new session session_start(); // Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["username"] = $username; // let the user know ?> Sussy wussy, Username or Password WRONG, please try again :3"; mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Failed to enter correct Password')"); } } } else { echo "Sussy wussy, Username or Password WRONG, please try again :3
"; mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Failed to enter correct Username')"); } } else { echo "Sowwy, something went wrong on our end :c
"; } // Close statement mysqli_stmt_close($stmt); } } } /* |------------------------------------------------------------- | Signup |------------------------------------------------------------- | The dreaded signup. Please save me... |------------------------------------------------------------- */ if (isset($_POST['submit_signup'])) { $error = 0; $ban_query = mysqli_query($conn, "SELECT * FROM bans WHERE ipaddress = '$user_ip' ORDER BY id DESC LIMIT 1"); while ($ban_check = mysqli_fetch_assoc($ban_query)) { $ban_time = $ban_check['time']; $ban_perm = $ban_check['permanent']; } $ban_diff = time() - strtotime($ban_time); if ($ban_perm) { ?> = 5) { mysqli_query($conn,"INSERT INTO bans (ipaddress, reason, length, permanent) VALUES('$user_ip','Attempted password too many times', '60', '0')"); } } if ($error <= 0) { if (empty(trim($_POST["username"]))) { // Username not entered echo "Username is empty!!!!!
"; $error += 1; } elseif (!preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST["username"]))) { // Username entered contains illegal characters echo "Very sus. Username can only contain letters, numbers, and underscores
"; $error = $error + 1; } else { // Prepare sql for sus $sql = "SELECT id FROM users WHERE username = ?"; if ($stmt = mysqli_prepare($conn, $sql)) { mysqli_stmt_bind_param($stmt, "s", $username_request); $username_request = trim($_POST["username"]); if (mysqli_stmt_execute($stmt)) { // Ask sql nicely if other usernames exist and store info mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) == 1) { // Username taken echo "Sorry, but username was already taken by someone else
"; $error = $error + 1; } else { $username = trim($_POST["username"]); } } else { echo "We had a problem on our end, sowwy
"; $error = $error + 1; } // Outa here with this mysqli_stmt_close($stmt); } } // Validate sussness of Password if (empty(trim($_POST["password"]))) { // No password entered echo "You must enter a password, dont want just anyone seeing your stuff uwu
"; $error = $error + 1; } elseif(strlen(trim($_POST["password"])) < 6){ // Password not long enough 👀 echo "(Password) Not long enough for my taste 👀
"; $error = $error + 1; } else { $password = trim($_POST["password"]); } // Validate sussiness of the other Password if (empty(trim($_POST["confirm_password"]))) { // Did not confirm passowrd echo "Confirm the password pls, its very important you remember what it issss
"; $error = $error + 1; } else { $confirm_password = trim($_POST["confirm_password"]); if (empty($error) && $confirm_password != $password) { // Password and re-entered Password does not match echo "Passwords need to be the same, smelly smelly
"; $error = $error + 1; } } // Check for invite code if (isset($_POST['token'])) { // Check if invite code is empty if (empty($_POST['token'])) { echo "Enter Invite Code ;3
"; mysqli_query($conn,"INSERT INTO logs (ipaddress, action) VALUES('$user_ip','Failed to enter correct Invite Code')"); $error = $error + 1; } else { // Prepare sql for sus $sql = "SELECT id FROM tokens WHERE code = ? AND used = 0"; if ($stmt = mysqli_prepare($conn, $sql)) { mysqli_stmt_bind_param($stmt, "s", $param_code); $param_code = $_POST['token']; // Ask sql nicely if other usernames exist and store info if (mysqli_stmt_execute($stmt)) { mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) == 1) { $token = trim($_POST["token"]); } else { echo "Your invite code did not check out, woopsie!
"; $error = $error + 1; } } else { echo "The server or website died inside and could not process your request, sowwy!
"; $error = $error + 1; } // Outa here with this mysqli_stmt_close($stmt); } } } } // Checking for errors if ($error <= 0) { $sql = "INSERT INTO users (username, password) VALUES (?, ?)"; if ($stmt = mysqli_prepare($conn, $sql)) { // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password); // Set parameters $param_username = $username; $param_password = password_hash($password, PASSWORD_DEFAULT); // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { // If first user, set as admin if (mysqli_insert_id($conn) == 1) { mysqli_query($conn,"UPDATE users SET admin = 1 WHERE id = 1"); } // Prepare sql $sql = "UPDATE tokens SET used = True WHERE code = ?"; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_bind_param($stmt, "s", $param_token); $param_token = $_POST['token']; if (mysqli_stmt_execute($stmt)) { // Generate Token $token_array = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz'; $new_token = substr(str_shuffle($token_array), 0, 15); mysqli_query($conn, "INSERT INTO tokens (code, used) VALUES('$new_toke', 0)"); } // Yupeee! Account was made ?> Something went fuckywucky, please try later"; } } } } /* |------------------------------------------------------------- | Toggle Admin |------------------------------------------------------------- | Please save me |------------------------------------------------------------- */ if (isset($_POST['toggle_admin'])) { if ($user_info->is_admin($conn, $_SESSION['id'])) { $is_admin = mysqli_query($conn, "SELECT * FROM users WHERE id = " . $_POST['id'] . " ORDER BY id DESC LIMIT 1"); while ($user_info = mysqli_fetch_assoc($is_admin)) { $admin_status = $user_info['admin']; $username = $user_info['username']; } $sql = "UPDATE users SET admin = ? WHERE id = ?"; if ($stmt = mysqli_prepare($conn, $sql)) { // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ii", $param_admin_status, $param_user_id); // Set parameters if ($admin_status) { $param_admin_status = 0; $admin_update_message = "removed from the admins list"; } else { $param_admin_status = 1; $admin_update_message = "added to the admins list"; } $param_user_id = $_POST['id']; // Attempt to execute the prepared statement if (mysqli_stmt_execute($stmt)) { ?> is_admin($conn, $_SESSION["id"])) { $user_id = $_POST['id']; } elseif (empty($_POST['id'])) { $user_id = $_SESSION["id"]; } else { ?> thumbnail($image_path, $image_path, 300) != "success") { ?>