Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ----------------------------------config.php------------------------------------
- <?php
- ob_start();
- session_start();
- //database credentials
- define('DBHOST','localhost');
- define('DBUSER','root');
- define('DBPASS','');
- define('DBNAME','');
- $db = new PDO("mysql:host=".DBHOST.";dbname=".DBNAME, DBUSER, DBPASS, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
- $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- //set timezone
- date_default_timezone_set('Mexico/Hermosillo');
- //load classes as needed
- function __autoload($class) {
- $class = strtolower($class);
- //if call from within assets adjust the path
- $classpath = 'classes/class.'.$class . '.php';
- if ( file_exists($classpath)) {
- require_once $classpath;
- }
- //if call from within admin adjust the path
- $classpath = '../classes/class.'.$class . '.php';
- if ( file_exists($classpath)) {
- require_once $classpath;
- }
- //if call from within admin adjust the path
- $classpath = '../../classes/class.'.$class . '.php';
- if ( file_exists($classpath)) {
- require_once $classpath;
- }
- }
- $user = new User($db);
- include('functions.php');
- ?>
- ----------------------------------login.php-------------------------------------
- <?php
- require_once('../includes/config.php');
- if( $user->is_logged_in() ){ header('Location: index.php'); }
- ?>
- <html lang="en">
- <head>
- <title>
- Admin
- </title>
- </head>
- <body>
- <div class="container">
- <?php
- if(isset($_POST['submit'])){
- $username = trim($_POST['username']);
- $password = trim($_POST['password']);
- if($user->login($username,$password)){
- header('Location: index.php');
- exit;
- } else {
- $message = '<p class="error">Usuario o contraseña incorrectos</p>';
- }
- }
- if(isset($message)){ echo $message; }
- ?>
- <form class="form-signin" action="" method="post">
- <h2 class="form-signin-heading text-center">Bienvenido(a)</h2>
- <input type="text" class="form-control" name="username" placeholder="Usuario" value="" />
- <input type="password" class="form-control" name="password" placeholder="Contraseña" value="" />
- <input type="submit" class="btn btn-lg btn-primary btn-block" name="submit" value="Iniciar Sesion" />
- </form>
- </div>
- </body>
- </html>
- --------------------------------------class.user.php--------------------------------------------------------
- <?php
- include('class.password.php');
- class User extends Password{
- private $db;
- function __construct($db){
- parent::__construct();
- $this->_db = $db;
- }
- public function is_logged_in(){
- if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
- return true;
- }
- }
- private function get_user_hash($username){
- try {
- $stmt = $this->_db->prepare('SELECT password FROM blog_members WHERE username = :username');
- $stmt->execute(array('username' => $username));
- $row = $stmt->fetch();
- return $row['password'];
- } catch(PDOException $e) {
- echo '<p class="error">'.$e->getMessage().'</p>';
- }
- }
- public function login($username,$password){
- $hashed = $this->get_user_hash($username);
- if($this->password_verify($password,$hashed) == 1){
- $_SESSION['loggedin'] = true;
- return true;
- }
- }
- public function logout(){
- session_destroy();
- }
- }
- ?>
- -------------------------class.password.php---------------------------------
- <?php
- if (!defined('PASSWORD_DEFAULT')) {
- define('PASSWORD_BCRYPT', 1);
- define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
- }
- Class Password {
- public function __construct() {}
- function password_hash($password, $algo, array $options = array()) {
- if (!function_exists('crypt')) {
- trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
- return null;
- }
- if (!is_string($password)) {
- trigger_error("password_hash(): La contraseña debe de ser tipo texto", E_USER_WARNING);
- return null;
- }
- if (!is_int($algo)) {
- trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
- return null;
- }
- switch ($algo) {
- case PASSWORD_BCRYPT :
- $cost = 10;
- if (isset($options['cost'])) {
- $cost = $options['cost'];
- if ($cost < 4 || $cost > 31) {
- trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
- return null;
- }
- }
- $raw_salt_len = 16;
- $required_salt_len = 22;
- $hash_format = sprintf("$2y$%02d$", $cost);
- break;
- default :
- trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
- return null;
- }
- if (isset($options['salt'])) {
- switch (gettype($options['salt'])) {
- case 'NULL' :
- case 'boolean' :
- case 'integer' :
- case 'double' :
- case 'string' :
- $salt = (string)$options['salt'];
- break;
- case 'object' :
- if (method_exists($options['salt'], '__tostring')) {
- $salt = (string)$options['salt'];
- break;
- }
- case 'array' :
- case 'resource' :
- default :
- trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
- return null;
- }
- if (strlen($salt) < $required_salt_len) {
- trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", strlen($salt), $required_salt_len), E_USER_WARNING);
- return null;
- } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
- $salt = str_replace('+', '.', base64_encode($salt));
- }
- } else {
- $buffer = '';
- $buffer_valid = false;
- if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
- $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
- if ($buffer) {
- $buffer_valid = true;
- }
- }
- if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
- $buffer = openssl_random_pseudo_bytes($raw_salt_len);
- if ($buffer) {
- $buffer_valid = true;
- }
- }
- if (!$buffer_valid && is_readable('/dev/urandom')) {
- $f = fopen('/dev/urandom', 'r');
- $read = strlen($buffer);
- while ($read < $raw_salt_len) {
- $buffer .= fread($f, $raw_salt_len - $read);
- $read = strlen($buffer);
- }
- fclose($f);
- if ($read >= $raw_salt_len) {
- $buffer_valid = true;
- }
- }
- if (!$buffer_valid || strlen($buffer) < $raw_salt_len) {
- $bl = strlen($buffer);
- for ($i = 0; $i < $raw_salt_len; $i++) {
- if ($i < $bl) {
- $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
- } else {
- $buffer .= chr(mt_rand(0, 255));
- }
- }
- }
- $salt = str_replace('+', '.', base64_encode($buffer));
- }
- $salt = substr($salt, 0, $required_salt_len);
- $hash = $hash_format . $salt;
- $ret = crypt($password, $hash);
- if (!is_string($ret) || strlen($ret) <= 13) {
- return false;
- }
- return $ret;
- }
- function password_get_info($hash) {
- $return = array('algo' => 0, 'algoName' => 'unknown', 'options' => array(), );
- if (substr($hash, 0, 4) == '$2y$' && strlen($hash) == 60) {
- $return['algo'] = PASSWORD_BCRYPT;
- $return['algoName'] = 'bcrypt';
- list($cost) = sscanf($hash, "$2y$%d$");
- $return['options']['cost'] = $cost;
- }
- return $return;
- }
- function password_needs_rehash($hash, $algo, array $options = array()) {
- $info = password_get_info($hash);
- if ($info['algo'] != $algo) {
- return true;
- }
- switch ($algo) {
- case PASSWORD_BCRYPT :
- $cost = isset($options['cost']) ? $options['cost'] : 10;
- if ($cost != $info['options']['cost']) {
- return true;
- }
- break;
- }
- return false;
- }
- public function password_verify($password, $hash) {
- if (!function_exists('crypt')) {
- trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
- return false;
- }
- $ret = crypt($password, $hash);
- if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) {
- return false;
- }
- $status = 0;
- for ($i = 0; $i < strlen($ret); $i++) {
- $status |= (ord($ret[$i]) ^ ord($hash[$i]));
- }
- return $status === 0;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement