Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class salt
- {
- /**
- * @var string $salt; the salt used for the password.
- */
- protected $salt;
- /**
- * @var string $password; the plain text password;
- */
- protected $password;
- public function __construct()
- {
- // declaring the variables.
- $this -> salt = $salt;
- $this -> password = $password = null;
- }
- public function generate_salt()
- {
- // the variable which determines the random salt.
- $this -> salt = substr(str_pad(dechex(mt_rand()), 8, '0', STR_PAD_LEFT ), -8 );
- // !return, easy. I think.
- if ($this -> salt != null)
- {
- return $this -> salt;
- }
- }
- /**
- * @desc; this function is a sub-function of make_salt. make_salt() relies on this function to provide output.
- */
- public function get_salt($username, $password)
- {
- // Old style MySQL query, your host should support it though.
- $this -> result = mysql_query("SELECT * FROM `login` WHERE username='".$username."' AND password='".$password."'");
- $this -> row = mysql_fetch_array($this -> result);
- if ($this -> row)
- {
- return $this -> row['salt'];
- }
- else
- {
- echo mysql_error();
- }
- }
- // the magic function!
- public function make_salt($username, $password)
- {
- // if there is no salt in the current user's table
- if (!self::get_salt($username,$password))
- {
- // generate a salt and insert it into the database
- $this -> salt = self::generate_salt();
- if ($this -> salt != null)
- {
- $this -> result = mysql_query("SELECT * FROM `login` WHERE username='".$username."' AND password='".$password."'");
- $this -> row = mysql_fetch_array($this -> result);
- // check if the user exists in the db, and then insert the salt.
- if ( $this -> row )
- {
- $this -> update_salt = mysql_query("UPDATE `login` SET salt='".$this -> salt."' WHERE username='".$username."' AND password='".$password."'");
- if (!$this -> update_salt)
- echo mysql_error();
- }
- else
- {
- echo mysql_error();
- die('Unable to find the specified user.. maybe he/she does not exist?!');
- }
- }
- else
- // if the salt is null, then die with this message. you should never see this though. last resort exit.
- die('Salt is null?!');
- }
- else
- {
- // if the user has a salt, then grab it and hash the provided password to obtain the final salted password.
- if (self::get_salt($username,$password))
- {
- $this -> user_salt = self::get_salt($username,$password);
- $this -> salted_password = sha1($this->user_salt.$password);
- return $this -> salted_password;
- }
- else
- {
- die('Unable to retrieve the salt for this user.');
- }
- }
- }
- }
Add Comment
Please, Sign In to add comment