wertghyjk

1. <?php
2. mysql_connect("localhost", "root", "") or die(mysql_error());
3. mysql_select_db("test") or die(mysql_error());
4.  
5. $Username = stripslashes($_POST['username']);
6. $Password = stripslashes($_POST['password']);
7. $Username = mysql_real_escape_string($_POST['username']);
8. $Password = mysql_real_escape_string($_POST['password']);
9.  
10. // Check to see if the user exits.
11. $existsResult = mysql_query("SELECT username, password, email FROM members WHERE password='$Password' OR username = '$Username'");
12. $num_rows = mysql_num_rows($existsResult);
13.  
14. // probally should add this function to another script an hook in.
15. function cryptPass($input, $rounds = 12)
16. {
17. $salt = "";
18. $saltCharacters = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9));
19.  
20. for($i = 0; $i < 22; $i++)
21. {
22. $salt .= $saltCharacters[array_rand($saltCharacters)];
23. }
24. return crypt($input, sprintf('$2y$%02d$', $rounds) . $salt);
25. }
26.  
27. if ($num_rows > 0)
28. {
29. if ($row = mysql_fetch_array( $existsResult ))
30. {
31. $registeredUser = $row['username'];
32. $registeredEmail = $row['email'];
33. $registeredPassword = $row['password'];
34.  
35. $HashedPassword = cryptPass($Password);
36.  
37. if(crypt($HashedPassword, $registeredPassword) == $registeredPassword)
38. {
39. echo "Passwords match.";
40. }
41. else
42. {
43. echo "Password Doesn't Match - $HashedPassword : $registeredPassword ";
44.  
45. }
46. }
47. }
48. else
49. {
50. die("No account under that username.");
51. }
52. ?>