Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- // This script will take the username and password in via url using get protocol.
- // We then fetch them below, after fetching, We check the database for these details.
- // If existing we echo true, otherwise we echo false.
- // Password is hashed and compared to hashed entry in database using if(verify) method.
- if ($_GET["authcode"] == "s3cret") //Validating the session using auth code.
- {
- //Getting the details from the URL
- $username = $_GET["username"];
- $password = $_GET["password"];
- $DBpassword = "s3cret";
- $found = false;
- //Searching for the username in the DB
- $conn = new PDO("mysql:host=localhost; dbname=s3cret", s3cret, $DBpassword);
- $stmt = $conn->prepare("SELECT * FROM accounts WHERE `email` = '" . $username . "'");
- $stmt->execute();
- foreach ($stmt->fetchAll(PDO::FETCH_ASSOC) as $row)
- {
- $found = true;
- $hashOnRecord = $row["password"];
- //Verify password
- if (password_verify($password, $hashOnRecord))
- {
- //The hash is verified.
- echo json_encode(found_valid);
- exit;
- }
- else
- {
- //The hash could not be verified.
- //Echo out an error.
- echo json_encode(found_invalid);
- exit;
- }
- }
- if ($found == false)
- {
- //Nothing even found under that username
- echo json_encode(found_invalid);
- exit;
- }
- }
- else
- {
- //This will run if the user has the incorrect auth code.
- include 'access_denied.html';
- exit;
- }
- exit;
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
