Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php require('functions.php'); session_start(); //did we log out..
Decoded Output download
<?php
require('functions.php');
session_start();
//did we log out?
pageLogout();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['Login'])) {
$valueUser = $_POST['valueUser'];
$valuePass = $_POST['valuePass'];
if ($valueUser == '' || $valuePass == '') {
showText('Please, provide all requested information', true);
exit;
}
$conn = create_db_connection();
$checkQuery = "SELECT * FROM `user` WHERE `name` = ?";
$stmt = $conn->prepare($checkQuery);
$stmt->bind_param("s", $valueUser);
$stmt->execute();
$checkResult = $stmt->get_result();
//username validation
if ($checkResult->num_rows == 0) {
$conn->close();
showText('Username does not exist!', true);
exit;
}
$loginQuery = "SELECT * FROM `user` WHERE `name` = ? AND `password` = ?";
$stmt = $conn->prepare($loginQuery);
$stmt->bind_param("ss", $valueUser, $valuePass);
$stmt->execute();
$checkResult = $stmt->get_result();
//wrong password
if ($checkResult->num_rows == 0) {
$conn->close();
showText('Password does not match!', true);
exit;
}
$userData = $checkResult->fetch_assoc();
$isBanned = $userData['ban'];
$hasIp = $userData['ip'];
//check if the user is banned
if ($isBanned == 'true') {
$conn->close();
showText('Your account is banned!', true);
exit;
}
//IP validation
$ipAddress = $_SERVER['REMOTE_ADDR'];
$currentDate = date('d-m-Y');
if ($hasIp == 'unknown') {
$updateIpQuery = "UPDATE `user` SET `ip` = ? WHERE `name` = ?";
$stmt = $conn->prepare($updateIpQuery);
$stmt->bind_param("ss", $ipAddress, $valueUser);
$stmt->execute();
$stmt->close();
}else{
if ($hasIp != $ipAddress) {
$insertIpQuery = "INSERT INTO `ip` (`by`, `date`, `old`, `new`) VALUES (?, ?, ?, ?)";
$stmt = $conn->prepare($insertIpQuery);
$stmt->bind_param("ssss", $valueUser, $currentDate, $hasIp, $ipAddress);
$stmt->execute();
$stmt->close();
}
}
//succesfully logged in!
$_SESSION['Username'] = $valueUser;
header('Location: home.php?username=' . $valueUser);
$conn->close();
}
if (isset($_POST['Register'])) {
$valuePassword = $_POST['valuePassword'];
$valueRepeatPassword = $_POST['valueRepeatPassword'];
$valueUsername = $_POST['valueUsername'];
$valueMail = $_POST['valueMail'];
$valueLicense = $_POST['valueLicense'];
if ($valuePassword == '' || $valueRepeatPassword == '' || $valueUsername == '' || $valueMail == '' || $valueLicense == '') {
showText('Please, provide all requested information', true);
exit;
}
$conn = create_db_connection();
$checkQuery = "SELECT * FROM `user` WHERE `name` = ? OR `email` = ?";
$stmt = $conn->prepare($checkQuery);
$stmt->bind_param("ss", $valueUsername, $valueMail);
$stmt->execute();
$checkResult = $stmt->get_result();
//email or username already in use.
if ($checkResult->num_rows > 0) {
$conn->close();
showText('E-mail or Username already in use', true);
exit;
}
//not the same password
if ($valueRepeatPassword != $valuePassword) {
$conn->close();
showText('Incorrectly repeated password', true);
exit;
}
$licenseQuery = "SELECT * FROM `license` WHERE `key` = '$valueLicense'";
$licenseResult = $conn->query($licenseQuery);
//invalid license key
if ($licenseResult->num_rows === 0) {
showText('License Key is not valid!', true);
$conn->close();
exit;
}
//get who generated the license
$licenseRow = $licenseResult->fetch_assoc();
$licenseBy = $licenseRow['by'];
//get current date
$currentDate = date('d-m-Y');
//insert new user to the database
$sql = "INSERT INTO `user` (`name`, `password`, `email`, `license`, `by`, `date`, `amount`)
VALUES ('$valueUsername', '$valuePassword', '$valueMail', '$valueLicense', '$licenseBy', '$currentDate', '0')";
$conn->query($sql);
//delete license key from database
$deleteQuery = "DELETE FROM `license` WHERE `key` = '$valueLicense'";
$conn->query($deleteQuery);
//appear text
showText('Succesfully registered!', false);
$conn->close();
}
if (isset($_POST['Update_pass'])) {
$oldValue = $_POST['valueOld'];
$newValue = $_POST['valueNew'];
$valueUser = $_SESSION['finalUsername'];
if ($oldValue == '' || $newValue == '') {
showText('Please, provide all requested information', true);
exit;
}
$conn = create_db_connection();
$checkQuery = "SELECT * FROM `user` WHERE `name` = '$valueUser' AND `password` = '$oldValue'";
$checkResult = $conn->query($checkQuery);
if ($checkResult->num_rows == 1) {
// Update the password
$updateQuery = "UPDATE `user` SET `password` = '$newValue' WHERE `name` = '$valueUser'";
$updateResult = $conn->query($updateQuery);
if ($updateResult) {
showText('Successfully updated password!', false);
} else {
showText('Failed to update password.', true);
}
} else {
showText('Old password does not match!', true);
}
$conn->close();
}
if (isset($_POST['Update_email'])){
$oldValue = $_POST['valueOld'];
$newValue = $_POST['valueNew'];
$valueUser = $_SESSION['finalUsername'];
$conn = create_db_connection();
$checkQuery = "SELECT * FROM `user` WHERE `name` = '$valueUser' AND `email` = '$oldValue'";
$checkResult = $conn->query($checkQuery);
if ($checkResult->num_rows == 1) {
$updateQuery = "UPDATE `user` SET `email` = '$newValue' WHERE `name` = '$valueUser'";
$updateResult = $conn->query($updateQuery);
if ($updateResult) {
showText('Successfully updated email!', false);
} else {
showText('Failed to update email.', true);
}
} else {
showText('Old email does not match!', true);
}
$conn->close();
}
}
?>Did this file decode correctly?
Original Code
<?php
require('functions.php');
session_start();
//did we log out?
pageLogout();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['Login'])) {
$valueUser = $_POST['valueUser'];
$valuePass = $_POST['valuePass'];
if ($valueUser == '' || $valuePass == '') {
showText('Please, provide all requested information', true);
exit;
}
$conn = create_db_connection();
$checkQuery = "SELECT * FROM `user` WHERE `name` = ?";
$stmt = $conn->prepare($checkQuery);
$stmt->bind_param("s", $valueUser);
$stmt->execute();
$checkResult = $stmt->get_result();
//username validation
if ($checkResult->num_rows == 0) {
$conn->close();
showText('Username does not exist!', true);
exit;
}
$loginQuery = "SELECT * FROM `user` WHERE `name` = ? AND `password` = ?";
$stmt = $conn->prepare($loginQuery);
$stmt->bind_param("ss", $valueUser, $valuePass);
$stmt->execute();
$checkResult = $stmt->get_result();
//wrong password
if ($checkResult->num_rows == 0) {
$conn->close();
showText('Password does not match!', true);
exit;
}
$userData = $checkResult->fetch_assoc();
$isBanned = $userData['ban'];
$hasIp = $userData['ip'];
//check if the user is banned
if ($isBanned == 'true') {
$conn->close();
showText('Your account is banned!', true);
exit;
}
//IP validation
$ipAddress = $_SERVER['REMOTE_ADDR'];
$currentDate = date('d-m-Y');
if ($hasIp == 'unknown') {
$updateIpQuery = "UPDATE `user` SET `ip` = ? WHERE `name` = ?";
$stmt = $conn->prepare($updateIpQuery);
$stmt->bind_param("ss", $ipAddress, $valueUser);
$stmt->execute();
$stmt->close();
}else{
if ($hasIp != $ipAddress) {
$insertIpQuery = "INSERT INTO `ip` (`by`, `date`, `old`, `new`) VALUES (?, ?, ?, ?)";
$stmt = $conn->prepare($insertIpQuery);
$stmt->bind_param("ssss", $valueUser, $currentDate, $hasIp, $ipAddress);
$stmt->execute();
$stmt->close();
}
}
//succesfully logged in!
$_SESSION['Username'] = $valueUser;
header('Location: home.php?username=' . $valueUser);
$conn->close();
}
if (isset($_POST['Register'])) {
$valuePassword = $_POST['valuePassword'];
$valueRepeatPassword = $_POST['valueRepeatPassword'];
$valueUsername = $_POST['valueUsername'];
$valueMail = $_POST['valueMail'];
$valueLicense = $_POST['valueLicense'];
if ($valuePassword == '' || $valueRepeatPassword == '' || $valueUsername == '' || $valueMail == '' || $valueLicense == '') {
showText('Please, provide all requested information', true);
exit;
}
$conn = create_db_connection();
$checkQuery = "SELECT * FROM `user` WHERE `name` = ? OR `email` = ?";
$stmt = $conn->prepare($checkQuery);
$stmt->bind_param("ss", $valueUsername, $valueMail);
$stmt->execute();
$checkResult = $stmt->get_result();
//email or username already in use.
if ($checkResult->num_rows > 0) {
$conn->close();
showText('E-mail or Username already in use', true);
exit;
}
//not the same password
if ($valueRepeatPassword != $valuePassword) {
$conn->close();
showText('Incorrectly repeated password', true);
exit;
}
$licenseQuery = "SELECT * FROM `license` WHERE `key` = '$valueLicense'";
$licenseResult = $conn->query($licenseQuery);
//invalid license key
if ($licenseResult->num_rows === 0) {
showText('License Key is not valid!', true);
$conn->close();
exit;
}
//get who generated the license
$licenseRow = $licenseResult->fetch_assoc();
$licenseBy = $licenseRow['by'];
//get current date
$currentDate = date('d-m-Y');
//insert new user to the database
$sql = "INSERT INTO `user` (`name`, `password`, `email`, `license`, `by`, `date`, `amount`)
VALUES ('$valueUsername', '$valuePassword', '$valueMail', '$valueLicense', '$licenseBy', '$currentDate', '0')";
$conn->query($sql);
//delete license key from database
$deleteQuery = "DELETE FROM `license` WHERE `key` = '$valueLicense'";
$conn->query($deleteQuery);
//appear text
showText('Succesfully registered!', false);
$conn->close();
}
if (isset($_POST['Update_pass'])) {
$oldValue = $_POST['valueOld'];
$newValue = $_POST['valueNew'];
$valueUser = $_SESSION['finalUsername'];
if ($oldValue == '' || $newValue == '') {
showText('Please, provide all requested information', true);
exit;
}
$conn = create_db_connection();
$checkQuery = "SELECT * FROM `user` WHERE `name` = '$valueUser' AND `password` = '$oldValue'";
$checkResult = $conn->query($checkQuery);
if ($checkResult->num_rows == 1) {
// Update the password
$updateQuery = "UPDATE `user` SET `password` = '$newValue' WHERE `name` = '$valueUser'";
$updateResult = $conn->query($updateQuery);
if ($updateResult) {
showText('Successfully updated password!', false);
} else {
showText('Failed to update password.', true);
}
} else {
showText('Old password does not match!', true);
}
$conn->close();
}
if (isset($_POST['Update_email'])){
$oldValue = $_POST['valueOld'];
$newValue = $_POST['valueNew'];
$valueUser = $_SESSION['finalUsername'];
$conn = create_db_connection();
$checkQuery = "SELECT * FROM `user` WHERE `name` = '$valueUser' AND `email` = '$oldValue'";
$checkResult = $conn->query($checkQuery);
if ($checkResult->num_rows == 1) {
$updateQuery = "UPDATE `user` SET `email` = '$newValue' WHERE `name` = '$valueUser'";
$updateResult = $conn->query($updateQuery);
if ($updateResult) {
showText('Successfully updated email!', false);
} else {
showText('Failed to update email.', true);
}
} else {
showText('Old email does not match!', true);
}
$conn->close();
}
}
?>Function Calls
| None |
Stats
| MD5 | 3c7337701fb94cf54f9fd913a9f15a28 |
| Eval Count | 0 |
| Decode Time | 72 ms |