API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 13th, 2019
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.58 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // Include file that contains the connection to MySQL ($conAdmin)
  3. require_once("mysql.php");
  4. // If there's no input (empty login field), return to the login page
  5. if (!isset($_POST["login"])) { header("Location:login.php"); exit; }
  6. // Set $login and $password vars to field content (less to type later :P)
  7. $login = $_POST["login"];
  8. $password = $_POST["password"];
  9. // If connection to the database cannot be established, return the error and quit...
  10. if ($conAdmin->connect_errno) { echo $conAdmin->connect_errno; exit; }
  11. // ...otherwise continue
  12. try {
  13.   // This is where I check does the user exist
  14.   if ($stmt = $conAdmin->prepare("SELECT * FROM users WHERE login = ?")) {
  15.     // I add user input to the query above (prepared statement ofc, you can't trust it)
  16.     $stmt->bind_param("s", $login);
  17.     // execute the query...
  18.     $stmt->execute();
  19.     // ...and get its result...
  20.     $result = $stmt->get_result();
  21.     // ...more specifically, the number of records returned (either 0 or 1)
  22.     $rows = mysqli_num_rows($result);
  23.     // if it's 0 -- user does not exist
  24.     if ($rows == 0) {
  25.       // if user doesn't exist, throw an error (it'll be caught at line 54)
  26.       throw new Exception('User does not exist.');
  27.     } // in theory, there should be elseif ($rows == 1), but it *must* be either 0 or 1 so \_(^^)_/
  28.     // move the mysql result (so user's id, login, password and salt) to an numeric array
  29.     $mysqlData = $result->fetch_array(MYSQLI_NUM);
  30.     // and sort them into readable vars
  31.     // yup, i know i could have used assoc array, but tbh i can't event remember when i wrote this code xd
  32.     $userId = $mysqlData[0];
  33.     $mysqlPassword = $mysqlData[2];
  34.     $salt = $mysqlData[3];
  35.     // no idea if you know what salting a password is, but doesn't matter here
  36.     // im basically making sure the password is correct at this point
  37.     $newHashed = hash("sha256", $password.$salt);
  38.     if ($newHashed != $mysqlPassword) {
  39.       // if not, throw an error that's -- again -- caught at line 54
  40.       throw new Exception('The password is incorrect!');
  41.     }
  42.     // if the password is correct, the user should get logged in
  43.    
  44.     // code below is only needed for websites, so that's the end of an example :P
  45.     session_start();
  46.     $_SESSION['id'] = $userId;
  47.     $_SESSION['login'] = $login;
  48.     header("Location:index.php");
  49.     $stmt->close();
  50.   } else {
  51.     echo "Prepare failed: (" . $conAdmin->errno . ") " . $conAdmin->error;
  52.   }
  53.  
  54. } catch (Exception $e) {
  55.   echo '<b>An error occured: </b>' . $e->getMessage();
  56. }
  57. $conAdmin->close();
  58.  
  59. include('login.php');
  60. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!