-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaccounts.php
More file actions
84 lines (79 loc) · 3.32 KB
/
accounts.php
File metadata and controls
84 lines (79 loc) · 3.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?
/////////////////////////
//if you are having promblems please make sure that the table and column names in your database match the ones being used in the sql below
/////////////////////////
// Connection INFO ----------------------------------------------------------
//FILL THIS OUT
$host = "localhost"; //host location (use localhost if your mysql database is hosted on the same machine/account as your site)
$user = ""; //username
$password = ""; //password here
$dbname = ""; //your database
$connection = mysqli_connect($host,$user,$password,$dbname) or die("Error " . mysqli_error($connection));
//--------------------------------------------------------------------------------------------------------------
// Here we protect ourselves from SQL Injection and convert the string to MD5 if we want
function anti_injection_login($sql, $formUse, $encrypt){
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!$formUse || !get_magic_quotes_gpc())
$sql = addslashes($sql);
if($encrypt){
$sql = md5(trim($sql));
}
return $sql;
}
//--------------------------------------------------------------------------------------------------------------
$unityHashPass = anti_injection_login($_POST["hash"],true,false);
$phpHashPass = "theHashCode"; // must be the same code you set in unity
$email = anti_injection_login($_POST["email"],true,false);
$pass = anti_injection_login($_POST["pass"],true,true);
$pass2 = anti_injection_login($_POST["pass2"],true,true);
$secQ = anti_injection_login($_POST["securityQuestion"],true,false);
$secA = anti_injection_login($_POST["securityAnswer"],true,false);
$creatingAccount = $_POST["creatingAccount"];
//check if our hashpass's are the same and if an email and password where sent.
if ($unityHashPass != $phpHashPass || !$email || !$pass){
echo "Username or password can not be empty.";
} else {//if they are the same
if($creatingAccount == "true"){//if we are creating an account. Variable is sent from the WWWSubmit function in Login.cs in Unity
$SQL = "SELECT email FROM Accounts WHERE email = '" . $email . "'";
$result_id = mysqli_query($connection, $SQL) or die("Error in Selecting " . mysqli_error($connection));
$results = mysqli_num_rows($result_id);
if($results > 0) {
echo "That account already exists.";
}else{
if(!$secQ || !$secA || !$pass2){
echo "Please fill out all fields.";
}else{
if($pass == $pass2){
$SQL = "INSERT INTO Accounts (`email`, `password`, `secretQuestion`, `answer`)
VALUES ('". $email ."', '". $pass ."', '". $secQ ."','". $secA ."')";
$result = mysqli_query($connection, $SQL) or die("DATABASE ERROR!");
echo "Account created.";
}else{
echo "Passwords must match";
}
}
}
}else{
$SQL = "SELECT * FROM Accounts WHERE email = '" . $email . "'";
$result = mysqli_query($connection, $SQL) or die("Error in Selecting " . mysqli_error($connection));
$results = mysqli_num_rows($result);
$temparray[] = array();
while($row = mysqli_fetch_assoc($result)){
$temparray[] = $row;
$comPass = $row['password'];
}
if($results) {
if(!strcmp($pass,$comPass)) {
echo json_encode($temparray);
} else {
echo "Login or password incorrect.";
}
} else {
echo "Email doesnt exist.";
}
}
}
mysql_close();
?>