Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- // Connect to the database
- try {
- $dbname = $user = $pass = 'admin';
- $dbconn = new PDO('mysql:host=localhost;dbname='.$dbname, $user, $pass);
- }
- catch (Exception $e) {
- echo "Error: " . $e->getMessage();
- }
- //SQL Query I used
- /*
- INSERT INTO table_name VALUES (uid, 'herp', 'derp', sha1(salt + ':' + $pass))
- */
- // Check login
- if (isset($_POST['login']) && $_POST['login'] == 'Login') {
- echo "<pre>Trying to login as <b>$username</b></pre><br/>";
- $salt_stmt = $dbconn->prepare('SELECT salt FROM users WHERE username=:username');
- $salt_stmt->execute(array(':username' => $_POST['username']));
- $res = $salt_stmt->fetch();
- $salt = ($res) ? $res['salt'] : '';
- echo "<pre>Got salt '<b>$salt</b>' from table.</pre><br/>";
- echo "<pre>String to SHA: '<b>$salt{$_POST['pass']}</b>'.</pre><br/>";
- $salted = sha1($salt . $_POST['pass']);
- echo "<pre>SHA'ed string: '<b>$salted</b>'.</pre><br/>";
- $login_stmt = $dbconn->prepare('SELECT username, uid FROM users WHERE username=:username AND pass=:pass');
- $login_stmt->execute(array(':username' => $_POST['username'], ':pass' => $salted));
- if ($user = $login_stmt->fetch()) {
- $_SESSION['username'] = $user['username'];
- $_SESSION['uid'] = $user['uid'];
- }
- else {
- $err = 'Incorrect username or password.';
- }
- }
- // Logout
- if (isset($_SESSION['username']) && isset($_POST['logout']) && $_POST['logout'] == 'Logout') {
- // Unset the keys from the superglobal
- unset($_SESSION['username']);
- unset($_SESSION['uid']);
- // Destroy the session cookie for this session
- setcookie(session_name(), '', time() - 72000);
- // Destroy the session data store
- session_destroy();
- $err = 'You have been logged out.';
- }
- ?>
- <!doctype html>
- <html>
- <head>
- <title>Login</title>
- </head>
- <body>
- <?php if (isset($_SESSION['username'])): ?>
- <h1>Welcome, <?php echo htmlentities($_SESSION['username']) ?></h1>
- <form method="post" action="login.php">
- <input name="logout" type="submit" value="Logout" />
- </form>
- <?php else: ?>
- <h1>Login</h1>
- <?php if (isset($err)) echo "<p>$err</p>" ?>
- <form method="post" action="login.php">
- <label for="username">Username: </label><input type="text" name="username" />
- <label for="pass">Password: </label><input type="password" name="pass" />
- <input name="login" type="submit" value="Login" />
- </form>
- <?php endif; ?>
- </body>
- </html>
Add Comment
Please, Sign In to add comment