From 9494b1769f840d726f91a61950d469a5e0b97f12 Mon Sep 17 00:00:00 2001
From: Gurjot Singh <gsmanu007@gmail.com>
Date: Tue, 3 May 2016 00:13:20 +0530
Subject: [PATCH 1/2] Check for keys in $_POST array

Login and registering new users issues improved
---
 login.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/login.php b/login.php
index a197154..e78f7c9 100644
--- a/login.php
+++ b/login.php
@@ -10,10 +10,11 @@
 	if(loggedin())
 		header("Location: index.php");
 	else if(isset($_POST['action'])) {
-		$username = mysql_real_escape_string($_POST['username']);
+		$username = array_key_exists('username', $_POST) ? trim($_POST['username']) : null;
 		if($_POST['action']=='login') {
-			if(trim($username) == "" or trim($_POST['password']) == "")
+			if(trim($username) == "" or trim($_POST['password']) == ""){
 				header("Location: login.php?derror=1"); // empty entry
+      }
 			else {
 				// code to login the user and start a session
 				connectdb();
@@ -29,9 +30,12 @@
 			}
 		} else if($_POST['action']=='register') {
 			// register the user
-			$email = mysql_real_escape_string($_POST['email']);
-			if(trim($username) == "" or trim($_POST['password']) == "" or trim($email) == "")
-				header("Location: login.php?derror=1"); // empty entry
+			//$email = mysql_real_escape_string($_POST['email']);
+      $username = array_key_exists('username', $_POST) ? trim($_POST['username']) : null;
+      $email = array_key_exists('email', $_POST) ? trim($_POST['email']) : null;
+			if(trim($username) == "" and trim($_POST['password']) == "" and trim($email) == ""){
+				header("Location: login.php?derror=1"); // empty entry\
+      }
 			else {
 				// create the entry in the users table
 				connectdb();
@@ -42,7 +46,7 @@
 				else {
 					$salt = randomAlphaNum(5);
 					$hash = crypt($_POST['password'], $salt);
-					$sql="INSERT INTO `users` ( `username` , `salt` , `hash` , `email` ) VALUES ('".$username."', '$salt', '$hash', '".$email."')";
+					$sql="INSERT INTO `users` ( `username` , `salt` , `hash` , `email`, `status` ) VALUES ('".$username."', '$salt', '$hash', '".$email."', '1')";
 					mysql_query($sql);
 					header("Location: login.php?registered=1");
 				}

From 048e7ca87e05db34ee7b38ab058c2a8192554db3 Mon Sep 17 00:00:00 2001
From: Sankha Narayan Guria <sankha93@gmail.com>
Date: Tue, 3 May 2016 01:02:51 +0530
Subject: [PATCH 2/2] uniform formatting

---
 login.php | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/login.php b/login.php
index e78f7c9..d4f93a5 100644
--- a/login.php
+++ b/login.php
@@ -10,12 +10,11 @@
 	if(loggedin())
 		header("Location: index.php");
 	else if(isset($_POST['action'])) {
-		$username = array_key_exists('username', $_POST) ? trim($_POST['username']) : null;
+		$username = array_key_exists('username', $_POST) ? mysql_real_escape_string(trim($_POST['username'])) : "";
 		if($_POST['action']=='login') {
-			if(trim($username) == "" or trim($_POST['password']) == ""){
+			if(trim($username) == "" or trim($_POST['password']) == "") {
 				header("Location: login.php?derror=1"); // empty entry
-      }
-			else {
+			} else {
 				// code to login the user and start a session
 				connectdb();
 				$query = "SELECT salt,hash FROM users WHERE username='".$username."'";
@@ -30,20 +29,17 @@
 			}
 		} else if($_POST['action']=='register') {
 			// register the user
-			//$email = mysql_real_escape_string($_POST['email']);
-      $username = array_key_exists('username', $_POST) ? trim($_POST['username']) : null;
-      $email = array_key_exists('email', $_POST) ? trim($_POST['email']) : null;
-			if(trim($username) == "" and trim($_POST['password']) == "" and trim($email) == ""){
-				header("Location: login.php?derror=1"); // empty entry\
-      }
-			else {
+      $email = array_key_exists('email', $_POST) ? mysql_real_escape_string(trim($_POST['email'])) : "";
+			if(trim($username) == "" and trim($_POST['password']) == "" and trim($email) == "") {
+				header("Location: login.php?derror=1"); // empty entry
+			} else {
 				// create the entry in the users table
 				connectdb();
 				$query = "SELECT salt,hash FROM users WHERE username='".$username."'";
 				$result = mysql_query($query);
-				if(mysql_num_rows($result)!=0)
+				if(mysql_num_rows($result)!=0) {
 					header("Location: login.php?exists=1");
-				else {
+				} else {
 					$salt = randomAlphaNum(5);
 					$hash = crypt($_POST['password'], $salt);
 					$sql="INSERT INTO `users` ( `username` , `salt` , `hash` , `email`, `status` ) VALUES ('".$username."', '$salt', '$hash', '".$email."', '1')";