<?php$servername = "localhost";$username = "whatever";$password = "whatever"

1. <?php
2.  
3. $servername = "localhost";
4. $username = "whatever";
5. $password = "whatever";
6. $dbname = "whatever";
7.  
8. try {
9.  
10. $db = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
11.  
12.  
13. $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
14. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
15.  
16.  
17. $salt = bin2hex(random_bytes(strlen($_POST["providedpass"])));
18. $hashpsw = hash('sha256', $_POST["providedpass"].$salt);
19.  
20. $name = $_POST["usrnm"];
21.  
22.  
23. $stmt = $db->prepare("INSERT INTO users (username, password, salt, level) VALUES (?,?,?,?)");
24.  
25. if ($stmt->execute(array($name,$hashpsw, $salt, 1))) {
26.  
27. echo "USER CREATED";
28. }
29.  
30.  
31. $db = null;
32.  
33. } catch (PDOException $e){
34.  
35. echo "Error: " . $e->getMessage();
36. }
37.  
38.  
39. ?>
40.  
41. <?php
42.  
43. $servername = "localhost";
44. $username = "whatever";
45. $password = "whatever";
46. $dbname = "whatever";
47.  
48. try {
49.  
50.  
51. $db = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
52.  
53.  
54.  
55. $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
56. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
57.  
58.  
59. $stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
60.  
61.  
62.  
63. $providedname= $_POST["usrnm"];
64.  
65. $stmt->execute(array($providedname));
66.  
67. while($row = $stmt->fetch(PDO::FETCH_OBJ)){
68.  
69. echo "FOUND USER";
70.  
71. $hashpsw = hash('sha256', $_POST["providedpass"].$row->salt);
72.  
73. if($hashpsw == $row->password) {
74.  
75. echo "CORRECT CREDENTIALS";
76.  
77. }
78.  
79.  
80.  
81.  
82.  
83. }
84.  
85. $db = null;
86.  
87. } catch (PDOException $e){
88.  
89. echo "Error: " . $e->getMessage();
90.  
91. }
92. ?>