<?php $con = mysqli_connect("localhost", "mpampis", "abcd1234", "quiz");

1. <?php
2.    
3.     $con =  mysqli_connect("localhost", "mpampis", "abcd1234", "quiz");
4.     mysqli_set_charset($con, 'utf8');
5.    
6.     $username = $_POST["username"];
7.     $password = $_POST["password"];
8.  
9.     function get_salt(){
10.         global $username,$con;
11.         $query = mysqli_prepare($con, "select salt FROM users WHERE username = ?");
12.         mysqli_stmt_bind_param($query, "s", $username);
13.         mysqli_stmt_execute($query);
14.         mysqli_stmt_store_result($query);
15.         mysqli_stmt_bind_result($query, $salt);
16.         mysqli_stmt_fetch($query);
17.         return $salt;
18.     }
19.     /*
20.     function get_salt(){
21.         global $username,$con;
22.         $result = mysqli_query($con,'select salt from quiz.users WHERE username="'.$username.'";');
23.         $row = mysqli_fetch_assoc($result);
24.         $salt = $row["salt"];
25.         return $salt;
26.     }
27.     */
28.    
29.     //mpampis code 01
30.     $salt=get_salt();
31.     $combine=$salt . $password;
32.     $password_hash=md5($combine);
33.     $statement=mysqli_prepare($con, "select firstname,lastname,username,age FROM users WHERE username = ? AND password = ?");
34.     mysqli_stmt_bind_param($statement, "ss", $username, $password_hash);
35.     mysqli_stmt_execute($statement);
36.     mysqli_stmt_store_result($statement);
37.     mysqli_stmt_bind_result($statement, $firstname, $lastname, $username, $age);
38.    
39.     /*
40.     //stef code 01
41.     $salt = get_salt(); //λαμβάνουμε το salt
42.     $possible_password = $salt.$password; // δημιουργουμε τον πιθανο κρυπτογραφημενο κωδικο
43.     $possible_password = md5($possible_password); // κρυπτογραφουμε με md5
44.     $result = mysqli_query($con,"select (firstname,lastname,username,age) from quiz.users where username='".$username."' AND password='".$possible_password.'";');
45.     */
46.    
47.     //mpampis code 02
48.     $response = array();
49.     $response["success"]=false;  
50.     while(mysqli_stmt_fetch($statement)){
51.         $response["success"]=true;  
52.         $response["firstname"]=$firstname;
53.         $response["lastname"]=$lastname;
54.         $response["username"]=$username;
55.         $response["age"]=$age;
56.  
57.     }
58.     /*
59.     //stef code 02
60.     $responce["success"]=false;
61.     if($row = mysqli_fetch_assoc($result)){
62.         $responce["success"] = true;
63.         $responce["firstname"]=$row["firstname"];
64.         $responce["lastname"]=$row["lastname"];
65.         $responce["username"]=$row["username"];
66.         $responce["age"]=$row["age"];
67.     }
68.     */
69.     echo json_encode($responce);
70.    
71.    
72. ?>