-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.php
116 lines (97 loc) · 3.88 KB
/
action.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
session_start();
include 'db.php';
include 'encryption.php';
//share clipboard
if (!empty($_POST['share'])) {
//if textarea still empty
if (!isset($_POST['field']) || trim($_POST['field']) == "")
echo "text masih kosong";
else {
$token = bin2hex(random_bytes(10));
$field = encrypt(htmlspecialchars($_POST['field']), $token);
$sql = "INSERT INTO storage (token, field) VALUES ('$token', '$field')";
$result = mysqli_query($conn, $sql);
echo $token;
}
//delete temporary clipboard
} elseif (!empty($_POST['delete-temp'])) {
$token = $_POST['delete-temp'];
$sql = "DELETE FROM storage WHERE token='$token'";
mysqli_query($conn, $sql);
echo "deleted";
//save temporary clipboard
} elseif (!empty($_POST['save-temp'])) {
$token = $_POST['save-temp'];
$field = htmlspecialchars($_POST['field']);
$field = encrypt($field, $token);
$sql = "UPDATE storage SET field='$field' WHERE token='$token'";
mysqli_query($conn, $sql);
echo "berhasil disimpan";
//user do login
} elseif (!empty($_POST['login'])) {
if ($_POST['captcha'] != $_SESSION['captcha'])
echo "wrcap";
else {
$username = sha1($_POST['username'], true);
$sql = "SELECT password FROM user WHERE username='$username'";
$result = mysqli_query($conn, $sql);
$password = mysqli_fetch_assoc($result)['password'];
if (password_verify($_POST['password'], $password)) {
$_SESSION['username'] = $_POST['username'];
setcookie('username', $_SESSION['username'], time() + (86400 * 7), "/");
unset($_SESSION['captcha']);
echo "login";
} else
echo "wrpass";
}
//user do register
} elseif (!empty($_POST['daftar'])) {
if ($_POST['captcha'] != $_SESSION['captcha'])
echo "wrcap";
else {
$username = sha1($_POST['username'], true);
$password = password_hash($_POST['password'], 1);
if ($_POST['password'] == $_POST['cpassword']) {
$sql = "SELECT id FROM user WHERE username='$username'";
$result = mysqli_query($conn, $sql);
if (!$result->num_rows > 0) {
$sql = "INSERT INTO user (username, password) VALUES ('$username', '$password')";
$result = mysqli_query($conn, $sql);
$_SESSION['username'] = $_POST['username'];
setcookie('username', $_SESSION['username'], time() + (86400 * 7), "/");
unset($_SESSION['captcha']);
echo "register";
} else
echo "registered";
} else
echo "wrpass";
}
}
//if the user is already logged in
if (isset($_SESSION['username'])) {
$username = sha1($_SESSION['username'], true);
//delete cookie and destroy session to logout
if (!empty($_POST['logout'])) {
setcookie("username", "", time() - 1);
session_destroy();
echo "logout";
//user do saving
} elseif (!empty($_POST['save-acc'])) {
$field = htmlspecialchars($_POST['field']);
$field = encrypt($field, $username);
$sql = "UPDATE user SET field='$field' WHERE username='$username'";
mysqli_query($conn, $sql);
echo "berhasil disimpan";
//user deleting account
} elseif (!empty($_POST['delete-acc'])) {
$sql = "DELETE FROM user WHERE username='$username'";
mysqli_query($conn, $sql);
setcookie("username", "", time() - 1);
session_destroy();
echo "deleted";
}
}
if (!$_POST)
header("Location: /")
?>