API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 14th, 2017
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.69 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // Don't forget to make this file private (.htaccess)
  4. $file_path = "./users.txt";
  5.  
  6. function auth_check($user, $pass) {
  7. $file = file($GLOBALS["file_path"]);
  8. // Find lines identifying the specified user
  9. $user_enc = base64_encode($user);
  10. $user_regex = "/^{$user_enc}::.*$/";
  11. $user_matches = preg_grep($user_regex, $file);
  12. foreach ($user_matches as $line) {
  13. // Extract password hash from line
  14. $parts = explode("::", $line);
  15. $hash = trim($parts[1]);
  16. // Return true if password matches
  17. if (password_verify($pass, $hash))
  18. return true;
  19. }
  20. // Password doesn't match, return false
  21. return false;
  22. }
  23.  
  24. function auth_add($user, $pass) {
  25. // Compose new line
  26. $parts = array(
  27. base64_encode($user),
  28. password_hash($pass, PASSWORD_DEFAULT)
  29. );
  30. $line = implode("::", $parts) . "\n";
  31. // Write new line to file
  32. file_put_contents($GLOBALS["file_path"], $line, FILE_APPEND);
  33. }
  34.  
  35. function auth_remove($user, $pass) {
  36. $file = file($GLOBALS["file_path"]);
  37. $new_lines = array();
  38. // Find lines identifying the specified user
  39. $user_enc = base64_encode($user);
  40. foreach ($file as $line) {
  41. // Extract user and password hash from line
  42. $parts = explode("::", $line);
  43. $line_user = $parts[0];
  44. $hash = trim($parts[1]);
  45. // Add line if user or password does not match
  46. if ($line_user !== $user_enc) {
  47. array_push($new_lines, $line);
  48. } else if (!password_verify($pass, $hash)) {
  49. array_push($new_lines, $line);
  50. }
  51. }
  52. file_put_contents($GLOBALS["file_path"], implode("\n", $new_lines));
  53. }
  54.  
  55.  
  56. // Lines below are for demo only
  57. // More secure code is needed in a production environment
  58.  
  59. $user = $_POST["user"];
  60. $pass = $_POST["pass"];
  61.  
  62. if ($_GET["action"] == "add") {
  63. // Method to add users
  64. // Make sure to protect this, so not everyone can add a user
  65. if (!auth_check($user, $pass)) { // Prevent creating duplicate entries
  66. auth_add($user, $pass);
  67. echo "Successfully added user: " . htmlspecialchars($user);
  68. } else {
  69. echo "User already exists";
  70. }
  71. } else if ($_GET["action"] == 'verify') {
  72. // Method to verify users
  73. if (empty($user) || empty($pass)) {
  74. // Missing POST parameters: user / pass
  75. echo "Missing parameters";
  76. } else if (auth_check($user, $pass)) {
  77. // Successful login
  78. echo "Valid credentials for: " . htmlspecialchars($user);
  79. // Remove used credentials
  80. auth_remove($user, $pass);
  81. } else {
  82. // Unsuccessful login
  83. echo "Invalid credentials for: " . htmlspecialchars($user);
  84. }
  85. } else {
  86. echo "No action specified";
  87. }
  88.  
  89. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!