API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 26th, 2019
115
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.41 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // Inialize session
  4. session_start();
  5.  
  6. // Include database connection settings
  7. include('config.inc');
  8.  
  9. require("PasswordHash.php");
  10. $hasher = new PasswordHash(8, false);
  11.  
  12. $username = $_POST['username'];
  13. $password = $_POST['password'];
  14.  
  15. // Passwords should never be longer than 72 characters to prevent DoS attacks
  16. if (strlen($password) > 72) { die("Password must be 72 characters or less"); }
  17.  
  18. $query = "SELECT * FROM user WHERE username = '$username'";
  19.  
  20. $query = mysql_query($query);
  21. $numrows = mysql_num_rows($query);
  22.  
  23. if ($numrows = 1) {
  24.  
  25.  
  26. $res = mysql_query("SELECT password FROM user WHERE username = '$username'");
  27. $row = mysql_fetch_array($res);
  28. $hash = $row['password'];
  29. $password = $_POST['password'];
  30.  
  31. if ($hasher->CheckPassword($password, $hash)) { //$hash is the hash retrieved from the DB
  32. $what = 'Authentication succeeded';
  33. } else {
  34. $what = 'Authentication failed';
  35. }
  36.  
  37. } else {
  38.  
  39. echo "No Such User";
  40. include 'login.php';
  41. exit();
  42. }
  43.  
  44. echo "$whatn";
  45. echo "<br />";
  46. echo "$hash";
  47.  
  48. ?>
  49.  
  50. <?php
  51.  
  52. // Inialize session
  53. session_start();
  54.  
  55. // Include database connection settings
  56. include('config.inc');
  57.  
  58. require("PasswordHash.php");
  59. $hasher = new PasswordHash(8, false);
  60.  
  61. $username = $_POST['username'];
  62. $password = $_POST['password'];
  63.  
  64. // Passwords should never be longer than 72 characters to prevent DoS attacks
  65. if (strlen($password) > 72) { die("Password must be 72 characters or less"); }
  66.  
  67. $query = "SELECT * FROM user WHERE username = '$username'";
  68.  
  69. $query = mysql_query($query);
  70. $numrows = mysql_num_rows($query);
  71.  
  72. if ($numrows = 1) {
  73.  
  74.  
  75. $res = mysql_query("SELECT * FROM user WHERE username = '$username'");
  76. $row = mysql_fetch_array($res);
  77. $hash = $row['password'];
  78. $password = $_POST['password'];
  79.  
  80. if ($hasher->CheckPassword($password, $hash)) { //$hash is the hash retrieved from the DB
  81. $what = 'Authentication succeeded';
  82. } else {
  83. $what = 'Authentication failed';
  84. }
  85.  
  86. } else {
  87.  
  88. echo "No Such User";
  89. include 'login.php';
  90. exit();
  91. }
  92.  
  93. echo "$whatn";
  94. echo "<br />";
  95. echo "$hash";
  96.  
  97. ?>
  98.  
  99. $hash_iterations = 30;
  100. $portable_hashes = FALSE;
  101. $hasher = new PasswordHash($hash_iterations, $portable_hashes);
  102. $hash_value = $hasher->HashPassword($actual_password);
  103.  
  104. // $stored_hash is the value you saved in the database for this user's password
  105. // $user_input is the POST data from the user with the actual password
  106. $valid_password = $hasher->CheckPassword($user_input, $stored_hash);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!