function test_input($data) { $data = trim($data); $data = stripslashes($

1. function test_input($data) {
2. $data = trim($data);
3. $data = stripslashes($data);
4. $data = htmlspecialchars($data);
5. return $data;
6. }
7. include('config.php');
8. $conn = mysqli_connect(DB_DSN,DB_USERNAME,DB_PASSWORD,'kqusers');
9. $name = test_input($_POST['name']);
10. $pName = test_input($_POST['pName']);
11. $month = $_POST['month'];
12. $day = $_POST['day'];
13. $year = $_POST['year'];
14. $date = $month." ".$day." ".$year;
15. $class = $_POST['level'];
16. $username = test_input($_POST['username']);
17. $password = test_input($_POST['pass']);
18. $enc_password = password_hash($password, PASSWORD_DEFAULT);
19. $insert = mysqli_query($conn,"INSERT INTO student_user (name, parent_name, dob, class, username, password) VALUES ('$name', '$pName', '$date', '$class', '$username', '$enc_password')");
20. if ($insert) {
21. echo "inserted";
22. }
23. else{
24. echo "error";
25. }
26. mysqli_close($conn);
27.  
28. function test_input($data) {
29. $data = trim($data);
30. $data = stripslashes($data);
31. $data = htmlspecialchars($data);
32. return $data;
33. }
34. include('config.php');
35. $conn = mysqli_connect(DB_DSN,DB_USERNAME,DB_PASSWORD,'kqusers');
36. $username = test_input($_POST['username']);
37. $password = test_input($_POST['password']);
38. $user_qry = mysqli_query($conn,"SELECT username FROM student_user WHERE username= '".$username."'");
39. $user=mysqli_fetch_assoc($user_qry);
40. $num_users = mysqli_num_rows($user_qry);
41. if ($num_users == 0) {
42. echo "user_error";
43. }
44. else{
45. $pass_qry = mysqli_query($conn,"SELECT password FROM student_user WHERE username= '".$username."'");
46. $pass = mysqli_fetch_assoc($pass_qry);
47. $enc_password = $pass["password"];
48. $verify = password_verify($password, $enc_password);
49. if ($verify) {
50. echo "login";
51. }
52. else{
53. echo "error";
54. }
55. }
56. mysqli_close($conn);
57.  
58. $pass = "jim";
59. $enc_pass = password_hash($pass,PASSWORD_DEFAULT);
60. $ver = password_verify($pass,$enc_pass);
61. if($ver){
62. echo "yes";
63. }
64. else{
65. echo "no";
66. }
67.  
68. $pass = "jim";
69. $enc_pass = password_hash($pass,PASSWORD_DEFAULT);
70. $ver = password_verify($pass,'$2y$10$puPHBPrgSM2gPoECXH43vev6c9PCSDoOpdGwEryL/WsZTqR8ofZ8a');
71. if($ver){
72. echo "yes";
73. }
74. else{
75. echo "no";
76. }