Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $servername = "";
- $username = "";
- $password = "";
- $database = "";
- // Create connection
- $conn = new mysqli($servername, $username, $password, $database);
- // Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- function getUserGroup($id, $conn){
- $stmt = $conn->prepare("select user_group_id from xf_user_group_relation where user_id = ? and is_primary = 1");
- $stmt->bind_param('i', $id);
- $stmt->execute();
- $stmt->bind_result($groups);
- $stmt->store_result();
- $stmt->fetch();
- $stmt->close();
- return $groups;
- }
- function getUserPasswordHash($id, $conn)
- {
- $stmt = $conn->prepare("select data from xf_user_authenticate where user_id = ?");
- $stmt->bind_param('i', $id);
- $stmt->execute();
- $stmt->bind_result($messhash);
- $stmt->store_result();
- $stmt->fetch();
- $password = substr($messhash, 22, -3);
- $stmt->close();
- return $password;
- }
- function getUserID($username, $conn){
- $stmt = $conn->prepare("select user_id from xf_user where username = ?");
- $stmt->bind_param('s', $username);
- $stmt->execute();
- $stmt->bind_result($userid);
- $stmt->store_result();
- $stmt->fetch();
- $stmt->close();
- return $userid;
- }
- function checkUserPasswordHash($hash, $password){
- if(strlen($hash) < 5){
- die("This user has not setup a password");
- }
- return password_verify($password, $hash);
- }
- $username = $_REQUEST['username'];
- $password = $_REQUEST['password'];
- if(!$username || !$password){
- die("All required parameters were not supplied");
- }
- $userid = getUserID($username, $conn);
- $passwordHash = getUserPasswordHash($userid, $conn);
- $correctPass = checkUserPasswordHash($passwordHash,$password);
- if(!$correctPass){
- die("Credentials enterd do not match our records.");
- }
- echo getUserGroup($userid, $conn);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
