Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $servername = "localhost";
- $username = "whatever";
- $password = "whatever";
- $dbname = "whatever";
- try {
- $db = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
- $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $salt = bin2hex(random_bytes(strlen($_POST["providedpass"])));
- $hashpsw = hash('sha256', $_POST["providedpass"].$salt);
- $name = $_POST["usrnm"];
- $stmt = $db->prepare("INSERT INTO users (username, password, salt, level) VALUES (?,?,?,?)");
- if ($stmt->execute(array($name,$hashpsw, $salt, 1))) {
- echo "USER CREATED";
- }
- $db = null;
- } catch (PDOException $e){
- echo "Error: " . $e->getMessage();
- }
- ?>
- <?php
- $servername = "localhost";
- $username = "whatever";
- $password = "whatever";
- $dbname = "whatever";
- try {
- $db = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
- $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $stmt = $db->prepare("SELECT * FROM users WHERE username = ?");
- $providedname= $_POST["usrnm"];
- $stmt->execute(array($providedname));
- while($row = $stmt->fetch(PDO::FETCH_OBJ)){
- echo "FOUND USER";
- $hashpsw = hash('sha256', $_POST["providedpass"].$row->salt);
- if($hashpsw == $row->password) {
- echo "CORRECT CREDENTIALS";
- }
- }
- $db = null;
- } catch (PDOException $e){
- echo "Error: " . $e->getMessage();
- }
- ?>
Add Comment
Please, Sign In to add comment