API tools faq
paste
Advertisement
Guest User

this

a guest
May 1st, 2017
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.16 KB | None | 0 0
raw download clone embed print report
  1. ----------------------------------config.php------------------------------------
  2. <?php
  3. ob_start();
  4. session_start();
  5.  
  6. //database credentials
  7. define('DBHOST','localhost');
  8. define('DBUSER','root');
  9. define('DBPASS','');
  10. define('DBNAME','');
  11.  
  12. $db = new PDO("mysql:host=".DBHOST.";dbname=".DBNAME, DBUSER, DBPASS, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
  13. $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  14.  
  15.  
  16. //set timezone
  17. date_default_timezone_set('Mexico/Hermosillo');
  18.  
  19. //load classes as needed
  20. function __autoload($class) {
  21.  
  22. $class = strtolower($class);
  23.  
  24. //if call from within assets adjust the path
  25. $classpath = 'classes/class.'.$class . '.php';
  26. if ( file_exists($classpath)) {
  27. require_once $classpath;
  28. }
  29.  
  30. //if call from within admin adjust the path
  31. $classpath = '../classes/class.'.$class . '.php';
  32. if ( file_exists($classpath)) {
  33. require_once $classpath;
  34. }
  35.  
  36. //if call from within admin adjust the path
  37. $classpath = '../../classes/class.'.$class . '.php';
  38. if ( file_exists($classpath)) {
  39. require_once $classpath;
  40. }
  41.  
  42. }
  43.  
  44. $user = new User($db);
  45.  
  46. include('functions.php');
  47. ?>
  48. ----------------------------------login.php-------------------------------------
  49. <?php
  50. require_once('../includes/config.php');
  51. if( $user->is_logged_in() ){ header('Location: index.php'); }
  52. ?>
  53. <html lang="en">
  54. <head>
  55. <title>
  56. Admin
  57. </title>
  58. </head>
  59. <body>
  60.  
  61. <div class="container">
  62.  
  63. <?php
  64. if(isset($_POST['submit'])){
  65.  
  66. $username = trim($_POST['username']);
  67. $password = trim($_POST['password']);
  68.  
  69. if($user->login($username,$password)){
  70. header('Location: index.php');
  71. exit;
  72.  
  73.  
  74. } else {
  75. $message = '<p class="error">Usuario o contraseña incorrectos</p>';
  76. }
  77.  
  78. }
  79.  
  80. if(isset($message)){ echo $message; }
  81. ?>
  82.  
  83. <form class="form-signin" action="" method="post">
  84. <h2 class="form-signin-heading text-center">Bienvenido(a)</h2>
  85. <input type="text" class="form-control" name="username" placeholder="Usuario" value="" />
  86. <input type="password" class="form-control" name="password" placeholder="Contraseña" value="" />
  87. <input type="submit" class="btn btn-lg btn-primary btn-block" name="submit" value="Iniciar Sesion" />
  88. </form>
  89.  
  90. </div>
  91. </body>
  92. </html>
  93. --------------------------------------class.user.php--------------------------------------------------------
  94. <?php
  95.  
  96. include('class.password.php');
  97.  
  98. class User extends Password{
  99.  
  100. private $db;
  101.  
  102. function __construct($db){
  103. parent::__construct();
  104.  
  105. $this->_db = $db;
  106. }
  107.  
  108. public function is_logged_in(){
  109. if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
  110. return true;
  111. }
  112. }
  113.  
  114. private function get_user_hash($username){
  115.  
  116. try {
  117.  
  118. $stmt = $this->_db->prepare('SELECT password FROM blog_members WHERE username = :username');
  119. $stmt->execute(array('username' => $username));
  120.  
  121. $row = $stmt->fetch();
  122. return $row['password'];
  123.  
  124. } catch(PDOException $e) {
  125. echo '<p class="error">'.$e->getMessage().'</p>';
  126. }
  127. }
  128.  
  129.  
  130. public function login($username,$password){
  131.  
  132. $hashed = $this->get_user_hash($username);
  133.  
  134. if($this->password_verify($password,$hashed) == 1){
  135.  
  136. $_SESSION['loggedin'] = true;
  137. return true;
  138. }
  139. }
  140.  
  141.  
  142. public function logout(){
  143. session_destroy();
  144. }
  145.  
  146. }
  147.  
  148.  
  149. ?>
  150. -------------------------class.password.php---------------------------------
  151. <?php
  152. if (!defined('PASSWORD_DEFAULT')) {
  153. define('PASSWORD_BCRYPT', 1);
  154. define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
  155. }
  156.  
  157. Class Password {
  158.  
  159. public function __construct() {}
  160.  
  161. function password_hash($password, $algo, array $options = array()) {
  162. if (!function_exists('crypt')) {
  163. trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
  164. return null;
  165. }
  166. if (!is_string($password)) {
  167. trigger_error("password_hash(): La contraseña debe de ser tipo texto", E_USER_WARNING);
  168. return null;
  169. }
  170. if (!is_int($algo)) {
  171. trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
  172. return null;
  173. }
  174. switch ($algo) {
  175. case PASSWORD_BCRYPT :
  176.  
  177. $cost = 10;
  178. if (isset($options['cost'])) {
  179. $cost = $options['cost'];
  180. if ($cost < 4 || $cost > 31) {
  181. trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
  182. return null;
  183. }
  184. }
  185. $raw_salt_len = 16;
  186. $required_salt_len = 22;
  187. $hash_format = sprintf("$2y$%02d$", $cost);
  188. break;
  189. default :
  190. trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
  191. return null;
  192. }
  193. if (isset($options['salt'])) {
  194. switch (gettype($options['salt'])) {
  195. case 'NULL' :
  196. case 'boolean' :
  197. case 'integer' :
  198. case 'double' :
  199. case 'string' :
  200. $salt = (string)$options['salt'];
  201. break;
  202. case 'object' :
  203. if (method_exists($options['salt'], '__tostring')) {
  204. $salt = (string)$options['salt'];
  205. break;
  206. }
  207. case 'array' :
  208. case 'resource' :
  209. default :
  210. trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
  211. return null;
  212. }
  213. if (strlen($salt) < $required_salt_len) {
  214. trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", strlen($salt), $required_salt_len), E_USER_WARNING);
  215. return null;
  216. } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
  217. $salt = str_replace('+', '.', base64_encode($salt));
  218. }
  219. } else {
  220. $buffer = '';
  221. $buffer_valid = false;
  222. if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
  223. $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
  224. if ($buffer) {
  225. $buffer_valid = true;
  226. }
  227. }
  228. if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
  229. $buffer = openssl_random_pseudo_bytes($raw_salt_len);
  230. if ($buffer) {
  231. $buffer_valid = true;
  232. }
  233. }
  234. if (!$buffer_valid && is_readable('/dev/urandom')) {
  235. $f = fopen('/dev/urandom', 'r');
  236. $read = strlen($buffer);
  237. while ($read < $raw_salt_len) {
  238. $buffer .= fread($f, $raw_salt_len - $read);
  239. $read = strlen($buffer);
  240. }
  241. fclose($f);
  242. if ($read >= $raw_salt_len) {
  243. $buffer_valid = true;
  244. }
  245. }
  246. if (!$buffer_valid || strlen($buffer) < $raw_salt_len) {
  247. $bl = strlen($buffer);
  248. for ($i = 0; $i < $raw_salt_len; $i++) {
  249. if ($i < $bl) {
  250. $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
  251. } else {
  252. $buffer .= chr(mt_rand(0, 255));
  253. }
  254. }
  255. }
  256. $salt = str_replace('+', '.', base64_encode($buffer));
  257. }
  258. $salt = substr($salt, 0, $required_salt_len);
  259.  
  260. $hash = $hash_format . $salt;
  261.  
  262. $ret = crypt($password, $hash);
  263.  
  264. if (!is_string($ret) || strlen($ret) <= 13) {
  265. return false;
  266. }
  267.  
  268. return $ret;
  269. }
  270.  
  271. function password_get_info($hash) {
  272. $return = array('algo' => 0, 'algoName' => 'unknown', 'options' => array(), );
  273. if (substr($hash, 0, 4) == '$2y$' && strlen($hash) == 60) {
  274. $return['algo'] = PASSWORD_BCRYPT;
  275. $return['algoName'] = 'bcrypt';
  276. list($cost) = sscanf($hash, "$2y$%d$");
  277. $return['options']['cost'] = $cost;
  278. }
  279. return $return;
  280. }
  281.  
  282.  
  283. function password_needs_rehash($hash, $algo, array $options = array()) {
  284. $info = password_get_info($hash);
  285. if ($info['algo'] != $algo) {
  286. return true;
  287. }
  288. switch ($algo) {
  289. case PASSWORD_BCRYPT :
  290. $cost = isset($options['cost']) ? $options['cost'] : 10;
  291. if ($cost != $info['options']['cost']) {
  292. return true;
  293. }
  294. break;
  295. }
  296. return false;
  297. }
  298.  
  299. public function password_verify($password, $hash) {
  300. if (!function_exists('crypt')) {
  301. trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
  302. return false;
  303. }
  304. $ret = crypt($password, $hash);
  305. if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) {
  306. return false;
  307. }
  308.  
  309. $status = 0;
  310. for ($i = 0; $i < strlen($ret); $i++) {
  311. $status |= (ord($ret[$i]) ^ ord($hash[$i]));
  312. }
  313.  
  314. return $status === 0;
  315. }
  316.  
  317. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!