". mysqli_connect_error()."";
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$account = mysqli_real_escape_string($conn, $_POST['username']);
$password = base64_encode(sha1($_POST['password'], true));
$email = $_POST['email'];
if($_POST['password']!=$_POST['passwordVerify']){
$error .= "Password does not match.
";
}
if(mb_strlen($account)<4 || mb_strlen($account)>14){
$error .= "Account length must be 4 to 14 characters long.";
}
if(mb_strlen($_POST['password'])<4 || mb_strlen($_POST['password'])>16){
$error .= "Password length must be 4 to 16 characters long.";
}
if(mb_strlen($email)<7 || mb_strlen($email)>100){
$error .= "Email length must be 7 to 100 characters long.";
}
$sql = "SELECT `login` FROM `accounts` WHERE `login`='".$account."'";
$result = $conn->query($sql);
if ($result->num_rows!=0) {
$error .= "Account already exists.
";
}
if(empty($error)){
echo ($account.$password.$email);
$sqlregister = "INSERT INTO `accounts` (`login`, `password`, `email`, `lastIP`) VALUES ('".$account."','".$password."','".$email."','".$_SERVER['REMOTE_ADDR']."')";
if ($conn->query($sqlregister) === TRUE) {
$error = "Account created!";
header( "refresh:5;url=index.php" );
} else {
$error = "Something went wrong.";
}
}
$conn->close();
}
if(isset($_POST['login']))
{
$conn = new mysqli($server_host, $db_user_name, $db_user_password, $db_database);
// Check connection
if (mysqli_connect_errno())
{
$error = "Can't Connect to MySQL ". mysqli_connect_error()."
";
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$account = mysqli_real_escape_string($conn, $_POST['username']);
$password = base64_encode(sha1($_POST['password'], true));
if($account == '')
$error = 'Enter account';
if($password == '')
$error = 'Enter password';
$sql = "SELECT * FROM `accounts` WHERE `login`='".$account."'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc())
{
if ($password == $row['password'])
{
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$error = "You are connected. Redirecting . . .";
header( "refresh:1;url=dashboard.php" );
}
else
{
$error = 'Password does not match.';
}
}
}
else
{
$error = 'Account does not exist. Create one.';
}
$conn->close();
}
if(isset($_POST['forgot']))
{
$conn = new mysqli($server_host, $db_user_name, $db_user_password, $db_database);
// Check connection
if (mysqli_connect_errno())
{
$error = "Can't Connect to MySQL ". mysqli_connect_error()."
";
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$account = mysqli_real_escape_string($conn, $_POST['username']);
$email = $_POST['email'];
$admin = $CONFIG['emailaddress'];
//get a random password
$password_rnd = rand(9999, 999999);
//encode password
$password = base64_encode(sha1($password_rnd, true));
if($account == '')
$error = 'Enter account';
if($email == '')
$error = 'Enter email';
$sql = "SELECT * FROM `accounts` WHERE `login`='".$account."' AND `email`='".$email."'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc())
{
if ($email == $row['email'])
{
if ($account == $row['login'])
{
$to = $email;
$subject = 'Your recovered Password';
$message = 'Use this password to login '. $password_rnd;
$headers = 'From:'. $admin;
if (mail($to, $subject, $message, $headers)){
$update = "UPDATE `accounts` SET `password`='".$password."' WHERE `login`='".$account."'";
$resultupdate = $conn->query($update);
if ($resultupdate)
{
$error = 'Your password has been sent to your email';
}
else
{
$error = 'Fail to recover your password';
}
}
else
{
$error = 'Failed - Contact Administrator '.$admin;
}
}
else {
$error = 'Account does not match.';
}
}
else
{
$error = 'Email does not match.';
}
}
}
else
{
$error = 'Email or Account does not match.';
}
$conn->close();
}
?>
Mobius Underground - Main
