A ver si me podeis echar una mano o darme alguna pista.
Os dejo los codigos.
index.php
Código PHP:
<?php
require ("funciones.php");
seguridadIndex();
$error = 0;
$registrar=0;
if(isset($_POST['registrar']))
{
$registrar = 1;
$error = registrarlogcok(limpiar($_POST['user']), $_POST['password']);
}
else if(isset($_POST['username']))
{
$recordarme=0;
if(isset($_POST['recordarme']))$recordarme=1;
$error = username(limpiar($_POST['user']), $_POST['password'],$recordarme);
if($error>0)
{
header("Location: correcto.php");
exit();
}
}
?>
<br /><br />
<br /><br /><br /><br /><br />
<h1 class="entry-title">Formulario de Registro y username</h1>
<br />
<form name="username" method="post" action="">
<div align="center">
<table>
<tr><td><label for="logcok">logcok: </label></td> <td><input type="text" id="user" name="user" <?php if($registrar && $error>0) echo 'value="'.limpiar($_POST['user']).'"'; ?>/></td></tr>
<tr><td> <label for="logcok"> Clave: </label></td> <td><input type="passwordword" id="password" name="password" /></td></tr>
<tr><td><label for="recordarme">Recordarme: </label></td><td><input type="checkbox" id="recordarme" name="recordarme" /></td></tr>
<tr><td> </td>
<td align="right"><input type="submit" name="registrar" id="registrar" value="Registrar" /><input type="submit" name="username" id="username" value="username" /></td></tr>
</table>
<?php
switch ($error) {
case -1://username
echo '<br/><strong>logcok o clave incorrecta</strong>';
break;
case -2://registro
echo '<br/><strong>Error al registrarse. logcok ya existente.</strong>';
break;
case -3://registro
echo '<br/><strong>El logcok y la contraseña deben tener como mínimo 4 carácteres.</strong>';
break;
default:
if($registrar) echo '<br/><strong>Se ha registrado correctamente.</strong>';
break;
}
?>
funciones.php
Código PHP:
<?php
session_start();
$salt = "|#€7`¬23ads4ook12";
$saltCookie = "|@#57e+ç´|@#d";
function seguridadIndex()
{
if (isset($_SESSION['logcok']))
{
header("Location: correcto.php");
exit();
}
else if( isset($_COOKIE['identificado']))
{
$cookie = limpiar($_COOKIE['identificado']);
$cf_id = comprobarCookie($cookie);
if(!$cf_id)
{
header("Location: correcto.php");
exit();
}
}
}
function seguridad(){
if (isset($_SESSION['logcok']))
{
return;
}
else if( isset($_COOKIE['identificado']))
{
$cookie = limpiar($_COOKIE['identificado']);
$cf_id = comprobarCookie($cookie);
if(!$cf_id)
{
echo "<script language='javascript'> document.location.href='index.php' </script>";
exit();
}
}
else
{
echo "<script language='javascript'> document.location.href='index.php' </script>";
exit();
}
}
function comprobarCookie($cookie)
{
$conexion=mysql_connect("1234","web","pass",false);
$bd = mysql_select_db("dbdbdb",$conexion);
mysql_query("SET NAMES 'utf8'");
$sql = "select cf_id from logcok where cookie='".mysql_escape_string($cookie)."' and validez<'".date("Y-m-d h:i:s")."'";
$result = mysql_query($sql,$conexion);
if(!$result || mysql_affected_rows()<1) return false;
else
{
$row = mysql_fetch_array($result);
$_SESSION['logcok']=$row['cf_id'];
return $row['cf_id'];
}
}
function registrarlogcok($user,$password)
{
$user = mysql_escape_string($user);
$password = mysql_escape_string($password);
if(strlen($user)<4 || strlen($password)<4) return -3;
global $salt;
$password = sha1($salt.md5($password));
$conexion=mysql_connect("1234","web","pass",false);
$bd = mysql_select_db("dbdbdb",$conexion);
mysql_query("SET NAMES 'utf8'");
$sql1 = "select cf_id from logcok where UPPER(username)='".strtoupper($user)."'";
$result1 = mysql_query($sql1,$conexion);
if(mysql_affected_rows()>0) return -2; //user repetido
$sql = "insert into logcok (username,password) values ('".$user."','".$password."')";
$result = mysql_query($sql,$conexion);
if($result) return 1; //registro correcto
else return -2; //error
}
function username ($user,$password,$recordarme)
{
$user = mysql_escape_string($user);
$password = mysql_escape_string($password);
if(strlen($user)<4 || strlen($password)<4) return -3;
global $salt;
$password = sha1($salt.md5($password));
$conexion=mysql_connect("1234","web","pass",false);
$bd = mysql_select_db("dbdbdb",$conexion);
mysql_query("SET NAMES 'utf8'");
$sql = "select cf_id from logcok where UPPER(username)='".strtoupper($user)."' and password='".$password."'";
$result = mysql_query($sql,$conexion);
if(mysql_affected_rows()<=0 || !$result) return -1; //user repetido
$row = mysql_fetch_array($result);
$cf_id = $row['cf_id'];
$_SESSION['logcok']=$cf_id;
if($recordarme){
global $saltCookie;
$cookie = sha1($saltCookie.md5($cf_id.date("Y-d-m h:i:s")));
$sql2 = "update logcok set cookie='".$cookie."',validez=DATE_ADD(now(),INTERVAL 6 MINUTE) where `cf_id`='".$cf_id."'";
$result2 = mysql_query($sql2,$conexion);
setCookie("identificado",$cookie,time()+360,'/'); //cookie 6min
}
$_SESSION['logcok']=$cf_id;
return true;
}
function destruirCookie($cookie)
{
if(!isset($_SESSION['logcok'])) return;
else $cf_id = $_SESSION['logcok'];
$conexion=mysql_connect("1234","web","pass",false);
$bd = mysql_select_db("dbdbdb",$conexion);
mysql_query("SET NAMES 'utf8'");
$sql = "update logcok set validez=DATE_SUB(now(),INTERVAL 6 MINUTE) where `cf_id`='".$cf_id."'";
$result = mysql_query($sql2,$conexion);
if(mysql_affected_rows()>0) return true;
else return false;
}
function limpiar($valor){
$valor = strip_tags($valor);
$valor = stripslashes($valor);
$valor = htmlentities($valor);
return $valor;
}
?>