Here are my pages. 🙂
Any critique is appreciated.
functions.inc.php
<?
function makeRandomPassword() {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
function bytexor($a,$b,$l)
{
$c="";
for($i=0;$i<$l;$i++) {
$c.=$a{$i}^$b{$i};
}
return($c);
}
function binmd5($val)
{
return(pack("H*",md5($val)));
}
function decrypt_md5($msg,$heslo)
{
$key=$heslo;$sifra="";
$key1=binmd5($key);
while($msg) {
$m=substr($msg,0,16);
$msg=substr($msg,16);
$sifra.=$m=bytexor($m,$key1,16);
$key1=binmd5($key.$key1.$m);
}
echo "\n";
return($sifra);
}
function crypt_md5($msg,$heslo)
{
$key=$heslo;$sifra="";
$key1=binmd5($key);
while($msg) {
$m=substr($msg,0,16);
$msg=substr($msg,16);
$sifra.=bytexor($m,$key1,16);
$key1=binmd5($key.$key1.$m);
}
echo "\n";
return($sifra);
}
$key = "this is the key which means i am god";
?>
acctserv.php
<?
session_start();
include('dbinfo.inc.php');
include('functions.inc.php');
include('css.php');
if (getenv("HTTP_X_FORWARDED_FOR")) {
$ip = getenv("HTTP_X_FORWARDED_FOR");
} else {
$ip = getenv("REMOTE_ADDR");
}
if(isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$password = crypt_md5($password, $key);
$isadmin = mysql_query("SELECT * FROM admin WHERE username='$username'") or die(mysql_error());
$isregular = mysql_query("SELECT * FROM customers WHERE username='$username'") or die(mysql_error());
$qa = mysql_num_rows($isadmin);
$qr = mysql_num_rows($isregular);
if($qa ==1){
$f = mysql_fetch_array($isadmin);
$admin = $f['username'];
$_SESSION['username@spechal.com'] = $username;
extract($f);
include('securemenu.php');
echo "<br><br>Hello $username :: What would you like to do today?";
} elseif($qr == 1){
$f = mysql_fetch_array($isregular);
$_SESSION['username@spechal.com'] = $username;
extract($f);
include('securemenu.php');
echo "<br><br>Successful Login, $fname $lname <br><br>What do you want to do today?<br><br>";
$logins++;
mysql_query("UPDATE customers SET logins='$logins' WHERE username='$username'") or die(mysql_error());
} elseif($qa == 0 && $qr == 0){
echo "Forbidden! Your IP: $ip and timestamp have been logged.";
$p = $_SERVER['REQUEST_URI'];
mysql_query("INSERT INTO error (ip, page) VALUES ('$ip', '$p')") or die(mysql_error());
}} else {
?>
<p><font face=arial size=2 color=black><br>
<strong><font face="Tahoma">Login</font></strong> </font></p>
<form method="post" action="<?= $PHP_SELF ?>">
<table width="57%" border="0">
<tr>
<td width="26%"><font size="2" face="Tahoma">Username:</font></td>
<td width="74%"><font size="2" face="Tahoma">
<input name="username" type="text" id="username" size="24" maxlength="24">
</font></td>
</tr>
<tr>
<td><font size="2" face="Tahoma">Password:</font></td>
<td><font size="2" face="Tahoma">
<input name="password" type="password" id="password" size="24" maxlength="24">
</font></td>
</tr>
<tr>
<td align="left"><font size="2" face="Tahoma">
<input type="image" src="images/submit.jpg" value="submit">
</font></td>
<td><font size="2" face="Tahoma"><a href="forgotpass.php" onmouseover="window.status='Forgot Password' ; return true">Forgot Password?</a> ::
<a href="signup.php" target="_self" onmouseover="window.status='Register with spechal.com' ; return true">Register</a></font></td>
</tr>
</table>
</form>
<p><font face=arial size=2 color=black><b><font face="Tahoma"></font></b> </font><font face=arial size=2 color=black><font face="Tahoma"><br>
<br>
</font></font></p>
<? } ?>
to be continued...
