Skip to content

Instantly share code, notes, and snippets.

@0xnobody

0xnobody/auth.php

Created August 17, 2016 12:30
Show Gist options
  • Save 0xnobody/7d7e89c239bee01bcc9f25068554f86e to your computer and use it in GitHub Desktop.
Save 0xnobody/7d7e89c239bee01bcc9f25068554f86e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
auth.php
<?php
$licence = substr(base64_decode($_POST["licence"]), 0, -8);
$hwid = substr(base64_decode($_POST["hwid"]), 0, -8);
$db_user = "u155468569_admin";
$db_name = "u155468569_kappa";
$db_host = "mysql.hostinger.co.uk";
$db_pass = "11233240";
if (isset($licence) == false) {
echo("bad");
return;
}
if (isBadInput($licence) or isBadInput($hwid)) {
echo("bad");
return;
}
if (checkAuth()) {
echo("ok");
} else {
echo("bad");
}
return;
function checkAuth() {
if (checkLic()) {
if (needNewHWID()) {
setHwid();
return true;
}
if (checkHwid()) {
return true;
}
}
return false;
}
function checkLic() {
// Create connection
$conn = new mysqli($db_name, $db_user, $db_pass, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($verify = $conn->prepare("SELECT * FROM users WHERE licence=?")) {
$verify->bind_param('s', $licence);
$verify->execute();
$result = $verify->get_result();
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
if ($row["licence"] == $licence) {
return true;
}
}
}
}
$conn->close();
return false;
}
function checkHwid() {
// Create connection
$conn = new mysqli($db_name, $db_user, $db_pass, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($verify = $conn->prepare("SELECT hwid FROM users WHERE hwid=?")) {
$verify->bind_param('s', $hwid);
$verify->execute();
$result = $verify->get_result();
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
if ($row["hwid"] == $hwid) {
return true;
}
}
}
}
$conn->close();
return false;
}
function setHWID() {
// Create connection
$conn = new mysqli($db_name, $db_user, $db_pass, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($verify = $conn->prepare("UPDATE users SET hwid = ? WHERE licence=?")) {
if (isset($verify) == false) {
$conn->close();
return false;
}
$verify->bind_param('ss', $hwid, $licence);
$verify->execute();
}
$conn->close();
}
function needNewHWID() {
// Create connection
$conn = new mysqli($db_name, $db_user, $db_pass, $db_name);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($verify = $conn->prepare("SELECT hwid FROM users WHERE licence=?")) {
$verify->bind_param('s', $licence);
$verify->execute();
$result = $verify->get_result();
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
if ($row["hwid"] == "notset") {
return true;
}
}
}
}
$conn->close();
return false;
}
function isBadInput() {
if (strlen($input) > 30) {
return true;
}
if (strpos(strtolower($input), 'where') !== false or
strpos(strtolower($input), 'insert into') !== false or
strpos(strtolower($input), 'from') !== false or
strpos(strtolower($input), 'update') !== false or
strpos(strtolower($input), 'set') !== false) {
return true;
}
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment