Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $servername = "localhost";
- $username = "whatever";
- $password = "whatever";
- $dbname = "whatever";
- try {
- $db = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
- $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $salt = bin2hex(random_bytes(strlen($_POST["providedpass"])));
- $hashpsw = hash('sha256', $_POST["providedpass"].$salt);
- $name = $_POST["usrnm"];
- $stmt = $db->prepare("INSERT INTO users (username, password, salt, level) VALUES (?,?,?,?)");
- if ($stmt->execute(array($name,$hashpsw, $salt, 1))) {
- echo "USER CREATED";
- }
- $db = null;
- } catch (PDOException $e){
- echo "Error: " . $e->getMessage();
- }
- ?>
- <?php
- $servername = "localhost";
- $username = "whatever";
- $password = "whatever";
- $dbname = "whatever";
- try {
- $db = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
- $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
- $providedname= $_POST["usrnm"];
- $stmt->execute(array($providedname));
- while($row = $stmt->fetch(PDO::FETCH_OBJ)){
- echo "FOUND USER";
- $hashpsw = hash('sha256', $_POST["providedpass"].$row->salt);
- if($hashpsw == $row->password) {
- echo "CORRECT CREDENTIALS";
- }
- }
- $db = null;
- } catch (PDOException $e){
- echo "Error: " . $e->getMessage();
- }
- ?>
- <?php
- $servername = "localhost";
- $username = "whatever";
- $password = "whatever";
- $dbname = "whatever";
- $charset = 'utf8mb4';
- $options = [
- PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
- PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
- PDO::ATTR_EMULATE_PREPARES => false,
- ];
- $dsn = "mysql:host=$servername;dbname=$dbname;charset=$charset";
- try {
- $db = new PDO($dsn, $username, $password, $options);
- } catch (PDOException $e) {
- throw new PDOException($e->getMessage(), (int)$e->getCode());
- }
- require 'db.php';
- $hashpsw = password_hash($_POST["providedpass"],);
- $stmt = $db->prepare("INSERT INTO users (username, password, level) VALUES (?,?,?)");
- $stmt->execute(array($_POST["usrnm"], $hashpsw, 1));
- echo "USER CREATED";
- require 'db.php';
- $stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
- $stmt->execute([$_POST['usrnm']]);
- $user = $stmt->fetch();
- if ($user && password_verify($_POST['providedpass'], $user['password']))
- {
- echo "FOUND USER";
- }
Add Comment
Please, Sign In to add comment