Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- require_once('../dbconfig.inc');
- require_once('../dbconnect.inc');
- define('SALT_LENGTH', 9);
- function generateHash($plainText, $salt = null)
- {
- if ($salt === null)
- {
- $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
- }
- else
- {
- $salt = substr($salt, 0, SALT_LENGTH);
- }
- return $salt . sha1($salt . $plainText);
- }
- //username and password from form (in plain text)
- $myusername = $_POST['myusername'];
- $mypassword = $_POST['mypassword'];
- //hash password with salt+sha-1 (first nine chars of the string = salt)
- $result = mysql_query("SELECT * FROM members WHERE username = '$myusername'");
- while ($row = mysql_fetch_array($result))
- {
- $password = $row['password'];
- $salt = substr($password, 0, SALT_LENGTH);
- $encrypted_password = generateHash($mypassword, $salt);
- }
- //protect from mysql injections
- $myusername = stripslashes($myusername);
- $myusername = mysql_real_escape_string($myusername);
- $mypassword = stripslashes($encrypted_password);
- $mypassword = mysql_real_escape_string($encrypted_password);
- //compare username and password with db-entry
- $sql = "SELECT * FROM $table WHERE username = '$myusername' AND password = '$mypassword'";
- $result = mysql_query($sql);
- $count = mysql_num_rows($result);
- if ($count == 1)
- //login ok
- else
- //login failed
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement