Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Get API POST Action
- $action = '';
- if(isset($_POST['action']))
- {
- $action = $_POST['action'];
- }
- //Execute Action
- switch ($action)
- {
- case 'auth':
- auth();
- break;
- }
- /*
- We need to include the config file
- to make use of the database.
- */
- include_once("../wp-config.php");
- /*
- We need to include the PasswordHass class
- to make use of the methods and to check
- if the passwords are matching.
- */
- include_once("../wp-includes/class-phpass.php");
- function auth()
- {
- //Check Required Vars
- if(!isset($_POST['username']) || !isset($_POST['password']))
- {
- return 0;
- }
- $username = mysql_escape_string($_POST['username']);
- $password = mysql_escape_string($_POST['password']);
- $query = mysql_query("SELECT * FROM ".$table_prefix."users
- WHERE user_login = '$username'");
- $row = mysql_fetch_array($query);
- $wp_hasher = new PasswordHash(8, TRUE);
- $password_hashed = $row['user_pass'];
- /*
- Check if the password matches
- - Check if md5 matches
- - or Check if PasswordHash class matches
- */
- if($wp_hasher->CheckPassword($password, $password_hashed)
- || $password_hashed == md5($password)) {
- $_SESSION["logged_in"] = true;
- echo 'you logged in succesfull';
- }
- else {
- }
- }
- ?>
Add Comment
Please, Sign In to add comment