API tools faq
paste
Advertisement
Guest User

HTML Java script MYSQL programmers dev....(elmo)

a guest
Feb 23rd, 2020
289
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 3.42 KB | None | 0 0
raw download clone embed print report
  1. I am working with a specific encryption ( **PBKDF2** ) for some reasons.
  2. I am now building the website and I am having an issue with the Log In system.
  3. The Registration page works perfectly has desired.
  4.  
  5. I don't have any output of errors when I try to log in and still the password does not match.<br/>
  6. <br/><br/>
  7. Here is my ***registration.php*** :<br/><br/>
  8. ```
  9. <?php
  10. require '../global.php';
  11. $pdo = New Database();
  12. $account->IPisBanned($_SERVER['REMOTE_ADDR']);
  13. $account->isConnected();
  14.  
  15. if(!empty($_POST['username']) AND !empty($_POST['email']) AND !empty($_POST['password']) AND !empty($_POST['password_confirmation'])) {
  16.     $bdd = $pdo->query('SELECT id FROM users WHERE username = ?', [$core->F_HTML($_POST['username'])]);
  17.    if($bdd->rowCount() == 0) {
  18.         if(preg_match('`^([a-zA-Z0-9-=?!@]{3,15})$`', $core->F_HTML($_POST['username']))) {
  19.            $bdd2 = $pdo->query('SELECT id FROM users WHERE email = ?', [$core->F_HTML($_POST['email'])]);
  20.            if($bdd2->rowCount() == 0) {
  21.                 if(filter_var($core->F_HTML($_POST['email']), FILTER_VALIDATE_EMAIL)) {
  22.                     if($_POST['password'] == $_POST['password_confirmation']) {
  23.                        
  24.                         if(strlen($_POST['password']) >= 6 AND strlen($_POST['password_confirmation']) >= 6) {
  25.                            
  26.                             $iterations = 10000;
  27.                             $length = 40;
  28.                             $secret = "at_least_16_byte";
  29.                             $salt = $secret.$_POST['username'];
  30.                             $hash = hash_pbkdf2("sha1", $_POST['password'], $salt, $iterations, $length);
  31.                             $hash = strtoupper($hash);
  32.                            
  33.                             $bdd3 = $pdo->query('INSERT INTO users (username, password, mail, account_created, ip_reg) VALUES (?, ?, ?, ?, ?)', [$core->F_HTML($_POST['username']), $core->F_HTML($hash), $core->F_HTML($_POST['email']), time(), $_SERVER['REMOTE_ADDR']]);
  34.                             $_SESSION['id'] = $pdo->lastInsertId();
  35.                             echo 'success';
  36.                         } else {
  37.                             echo 'Passwords does not match.';
  38.                         }
  39.                     } else {
  40.                         echo 'Password too short.';
  41.                     }
  42.                 } else {
  43.                     echo 'Invalid email address.';
  44.                 }
  45.             } else {
  46.                 echo 'This Email is already used by another account.';
  47.             }
  48.         } else {
  49.             echo 'Invalid username.';
  50.         }
  51.     } else {
  52.         echo 'Username already in use.';
  53.     }
  54. } else {
  55.     echo 'Required fields are emtpy.';
  56. }
  57. ?>
  58. ```
  59.  
  60. <br/><br/>
  61. And here is my ***login.php*** : <br/><br/>
  62. ```
  63. <?php
  64. require '../global.php';
  65. $pdo = New Database();
  66. $account->IPisBanned($_SERVER['REMOTE_ADDR']);
  67. $account->isConnected();
  68.  
  69. if(!empty($_POST['username']) AND !empty($_POST['password'])) {
  70.    
  71.     $bdd = $pdo->query('SELECT * FROM users WHERE username = ?', [$core->F_HTML($_POST['username'])]);
  72.    
  73.    
  74.     $iterations = 10000;
  75.     $length = 40;
  76.     $secret = "at_least_16_byte";
  77.     $salt = $secret.$_POST['username'];
  78.     $hash = hash_pbkdf2("sha1", $_POST['password'], $salt, $iterations, $length);
  79.     $hash = strtoupper($hash);
  80.    
  81.    
  82.     if($bdd->rowcount() == 1) {
  83.        
  84.         $req = $bdd->fetch();
  85.        
  86.         if(password_verify($hash, $req['password'])) {
  87.            
  88.             $account->UserisBanned($core->F_HTML($_POST['username']));
  89.             $_SESSION['id'] = $req['id'];
  90.             $account->Update($_SESSION['id']);
  91.            
  92.             echo 'success';
  93.            
  94.     } else {
  95.             echo 'The password is incorrect.';
  96.         }
  97.     } else {
  98.         echo 'The username does not exist.';
  99.     }
  100. } else {
  101.     echo 'The required fields are empty.';
  102. }
  103. ?>
  104. ```
  105. <br/><br/><br/>
  106. *I am strongly confused, I spent hours trying to fix this but I really can't.<br/> Thank you for your time :)*<br/><br/><br/>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!