Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Inialize session
- session_start();
- // Include database connection settings
- include('config.inc');
- require("PasswordHash.php");
- $hasher = new PasswordHash(8, false);
- $username = $_POST['username'];
- $password = $_POST['password'];
- // Passwords should never be longer than 72 characters to prevent DoS attacks
- if (strlen($password) > 72) { die("Password must be 72 characters or less"); }
- $query = "SELECT * FROM user WHERE username = '$username'";
- $query = mysql_query($query);
- $numrows = mysql_num_rows($query);
- if ($numrows = 1) {
- $res = mysql_query("SELECT password FROM user WHERE username = '$username'");
- $row = mysql_fetch_array($res);
- $hash = $row['password'];
- $password = $_POST['password'];
- if ($hasher->CheckPassword($password, $hash)) { //$hash is the hash retrieved from the DB
- $what = 'Authentication succeeded';
- } else {
- $what = 'Authentication failed';
- }
- } else {
- echo "No Such User";
- include 'login.php';
- exit();
- }
- echo "$whatn";
- echo "<br />";
- echo "$hash";
- ?>
- <?php
- // Inialize session
- session_start();
- // Include database connection settings
- include('config.inc');
- require("PasswordHash.php");
- $hasher = new PasswordHash(8, false);
- $username = $_POST['username'];
- $password = $_POST['password'];
- // Passwords should never be longer than 72 characters to prevent DoS attacks
- if (strlen($password) > 72) { die("Password must be 72 characters or less"); }
- $query = "SELECT * FROM user WHERE username = '$username'";
- $query = mysql_query($query);
- $numrows = mysql_num_rows($query);
- if ($numrows = 1) {
- $res = mysql_query("SELECT * FROM user WHERE username = '$username'");
- $row = mysql_fetch_array($res);
- $hash = $row['password'];
- $password = $_POST['password'];
- if ($hasher->CheckPassword($password, $hash)) { //$hash is the hash retrieved from the DB
- $what = 'Authentication succeeded';
- } else {
- $what = 'Authentication failed';
- }
- } else {
- echo "No Such User";
- include 'login.php';
- exit();
- }
- echo "$whatn";
- echo "<br />";
- echo "$hash";
- ?>
- $hash_iterations = 30;
- $portable_hashes = FALSE;
- $hasher = new PasswordHash($hash_iterations, $portable_hashes);
- $hash_value = $hasher->HashPassword($actual_password);
- // $stored_hash is the value you saved in the database for this user's password
- // $user_input is the POST data from the user with the actual password
- $valid_password = $hasher->CheckPassword($user_input, $stored_hash);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement