<?phprequire("password.php");$con = mysqli_connect("198.91.81.5", "mycloudb_h

1. <?php
2. require("password.php");
3.  
4. $con = mysqli_connect("198.91.81.5", "mycloudb_hcs13", "173531", "mycloudb_bets");
5.  
6. $username = $_POST["username"];
7. $password = $_POST["password"];
8.  
9. $statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
10. mysqli_stmt_bind_param($statement, "s", $username);
11. mysqli_stmt_execute($statement);
12. mysqli_stmt_store_result($statement);
13. mysqli_stmt_bind_result($statement, $colUserID, $colName, $colUsername, $colAge, $colPassword);
14.  
15. $response = array();
16. $response["success"] = false;
17.  
18. while(mysqli_stmt_fetch($statement)){
19. if (password_verify($password, $colPassword)) {
20. $response["success"] = true;
21. $response["name"] = $colName;
22. $response["age"] = $colAge;
23. }
24. }
25.  
26. echo json_encode($response);
27. ?>
28.  
29. /**
30.  
31. * A Compatibility library with PHP 5.5's simplified password hashing API.
32.  
33. *
34.  
35. * @author Anthony Ferrara <ircmaxell@php.net>
36.  
37. * @license http://www.opensource.org/licenses/mit-license.html MIT License
38.  
39. * @copyright 2012 The Authors
40.  
41. */
42.  
43.  
44.  
45. namespace {
46.  
47.  
48.  
49. if (!defined('PASSWORD_BCRYPT')) {
50.  
51. /**
52.  
53. * PHPUnit Process isolation caches constants, but not function declarations.
54.  
55. * So we need to check if the constants are defined separately from
56.  
57. * the functions to enable supporting process isolation in userland
58.  
59. * code.
60.  
61. */
62.  
63. define('PASSWORD_BCRYPT', 1);
64.  
65. define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
66.  
67. define('PASSWORD_BCRYPT_DEFAULT_COST', 10);
68.  
69. }
70.  
71.  
72.  
73. if (!function_exists('password_hash')) {
74.  
75.  
76.  
77. /**
78.  
79. * Hash the password using the specified algorithm
80.  
81. *
82.  
83. * @param string $password The password to hash
84.  
85. * @param int $algo The algorithm to use (Defined by PASSWORD_* constants)
86.  
87. * @param array $options The options for the algorithm to use
88.  
89. *
90.  
91. * @return string|false The hashed password, or false on error.
92.  
93. */
94.  
95. function password_hash($password, $algo, array $options = array()) {
96.  
97. if (!function_exists('crypt')) {
98.  
99. trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
100.  
101. return null;
102.  
103. }
104.  
105. if (is_null($password) || is_int($password)) {
106.  
107. $password = (string) $password;
108.  
109. }
110.  
111. if (!is_string($password)) {
112.  
113. trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
114.  
115. return null;
116.  
117. }
118.  
119. if (!is_int($algo)) {
120.  
121. trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
122.  
123. return null;
124.  
125. }
126.  
127. $resultLength = 0;
128.  
129. switch ($algo) {
130.  
131. case PASSWORD_BCRYPT:
132.  
133. $cost = PASSWORD_BCRYPT_DEFAULT_COST;
134.  
135. if (isset($options['cost'])) {
136.  
137. $cost = (int) $options['cost'];
138.  
139. if ($cost < 4 || $cost > 31) {
140.  
141. trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
142.  
143. return null;
144.  
145. }
146.  
147. }
148.  
149. // The length of salt to generate
150.  
151. $raw_salt_len = 16;
152.  
153. // The length required in the final serialization
154.  
155. $required_salt_len = 22;
156.  
157. $hash_format = sprintf("$2y$%02d$", $cost);
158.  
159. // The expected length of the final crypt() output
160.  
161. $resultLength = 60;
162.  
163. break;
164.  
165. default:
166.  
167. trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
168.  
169. return null;
170.  
171. }
172.  
173. $salt_req_encoding = false;
174.  
175. if (isset($options['salt'])) {
176.  
177. switch (gettype($options['salt'])) {
178.  
179. case 'NULL':
180.  
181. case 'boolean':
182.  
183. case 'integer':
184.  
185. case 'double':
186.  
187. case 'string':
188.  
189. $salt = (string) $options['salt'];
190.  
191. break;
192.  
193. case 'object':
194.  
195. if (method_exists($options['salt'], '__tostring')) {
196.  
197. $salt = (string) $options['salt'];
198.  
199. break;
200.  
201. }
202.  
203. case 'array':
204.  
205. case 'resource':
206.  
207. default:
208.  
209. trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
210.  
211. return null;
212.  
213. }
214.  
215. if (PasswordCompatbinary_strlen($salt) < $required_salt_len) {
216.  
217. trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompatbinary_strlen($salt), $required_salt_len), E_USER_WARNING);
218.  
219. return null;
220.  
221. } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
222.  
223. $salt_req_encoding = true;
224.  
225. }
226.  
227. } else {
228.  
229. $buffer = '';
230.  
231. $buffer_valid = false;
232.  
233. if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
234.  
235. $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
236.  
237. if ($buffer) {
238.  
239. $buffer_valid = true;
240.  
241. }
242.  
243. }
244.  
245. if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
246.  
247. $strong = false;
248.  
249. $buffer = openssl_random_pseudo_bytes($raw_salt_len, $strong);
250.  
251. if ($buffer && $strong) {
252.  
253. $buffer_valid = true;
254.  
255. }
256.  
257. }
258.  
259. if (!$buffer_valid && @is_readable('/dev/urandom')) {
260.  
261. $file = fopen('/dev/urandom', 'r');
262.  
263. $read = 0;
264.  
265. $local_buffer = '';
266.  
267. while ($read < $raw_salt_len) {
268.  
269. $local_buffer .= fread($file, $raw_salt_len - $read);
270.  
271. $read = PasswordCompatbinary_strlen($local_buffer);
272.  
273. }
274.  
275. fclose($file);
276.  
277. if ($read >= $raw_salt_len) {
278.  
279. $buffer_valid = true;
280.  
281. }
282.  
283. $buffer = str_pad($buffer, $raw_salt_len, "") ^ str_pad($local_buffer, $raw_salt_len, "");
284.  
285. }
286.  
287. if (!$buffer_valid || PasswordCompatbinary_strlen($buffer) < $raw_salt_len) {
288.  
289. $buffer_length = PasswordCompatbinary_strlen($buffer);
290.  
291. for ($i = 0; $i < $raw_salt_len; $i++) {
292.  
293. if ($i < $buffer_length) {
294.  
295. $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
296.  
297. } else {
298.  
299. $buffer .= chr(mt_rand(0, 255));
300.  
301. }
302.  
303. }
304.  
305. }
306.  
307. $salt = $buffer;
308.  
309. $salt_req_encoding = true;
310.  
311. }
312.  
313. if ($salt_req_encoding) {
314.  
315. // encode string with the Base64 variant used by crypt
316.  
317. $base64_digits =
318.  
319. 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
320.  
321. $bcrypt64_digits =
322.  
323. './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
324.  
325.  
326.  
327. $base64_string = base64_encode($salt);
328.  
329. $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits);
330.  
331. }
332.  
333. $salt = PasswordCompatbinary_substr($salt, 0, $required_salt_len);
334.  
335.  
336.  
337. $hash = $hash_format . $salt;
338.  
339.  
340.  
341. $ret = crypt($password, $hash);
342.  
343.  
344.  
345. if (!is_string($ret) || PasswordCompatbinary_strlen($ret) != $resultLength) {
346.  
347. return false;
348.  
349. }
350.  
351.  
352.  
353. return $ret;
354.  
355. }
356.  
357.  
358.  
359. /**
360.  
361. * Get information about the password hash. Returns an array of the information
362.  
363. * that was used to generate the password hash.
364.  
365. *
366.  
367. * array(
368.  
369. * 'algo' => 1,
370.  
371. * 'algoName' => 'bcrypt',
372.  
373. * 'options' => array(
374.  
375. * 'cost' => PASSWORD_BCRYPT_DEFAULT_COST,
376.  
377. * ),
378.  
379. * )
380.  
381. *
382.  
383. * @param string $hash The password hash to extract info from
384.  
385. *
386.  
387. * @return array The array of information about the hash.
388.  
389. */
390.  
391. function password_get_info($hash) {
392.  
393. $return = array(
394.  
395. 'algo' => 0,
396.  
397. 'algoName' => 'unknown',
398.  
399. 'options' => array(),
400.  
401. );
402.  
403. if (PasswordCompatbinary_substr($hash, 0, 4) == '$2y$' && PasswordCompatbinary_strlen($hash) == 60) {
404.  
405. $return['algo'] = PASSWORD_BCRYPT;
406.  
407. $return['algoName'] = 'bcrypt';
408.  
409. list($cost) = sscanf($hash, "$2y$%d$");
410.  
411. $return['options']['cost'] = $cost;
412.  
413. }
414.  
415. return $return;
416.  
417. }
418.  
419.  
420.  
421. /**
422.  
423. * Determine if the password hash needs to be rehashed according to the options provided
424.  
425. *
426.  
427. * If the answer is true, after validating the password using password_verify, rehash it.
428.  
429. *
430.  
431. * @param string $hash The hash to test
432.  
433. * @param int $algo The algorithm used for new password hashes
434.  
435. * @param array $options The options array passed to password_hash
436.  
437. *
438.  
439. * @return boolean True if the password needs to be rehashed.
440.  
441. */
442.  
443. function password_needs_rehash($hash, $algo, array $options = array()) {
444.  
445. $info = password_get_info($hash);
446.  
447. if ($info['algo'] !== (int) $algo) {
448.  
449. return true;
450.  
451. }
452.  
453. switch ($algo) {
454.  
455. case PASSWORD_BCRYPT:
456.  
457. $cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST;
458.  
459. if ($cost !== $info['options']['cost']) {
460.  
461. return true;
462.  
463. }
464.  
465. break;
466.  
467. }
468.  
469. return false;
470.  
471. }
472.  
473.  
474.  
475. /**
476.  
477. * Verify a password against a hash using a timing attack resistant approach
478.  
479. *
480.  
481. * @param string $password The password to verify
482.  
483. * @param string $hash The hash to verify against
484.  
485. *
486.  
487. * @return boolean If the password matches the hash
488.  
489. */
490.  
491. function password_verify($password, $hash) {
492.  
493. if (!function_exists('crypt')) {
494.  
495. trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
496.  
497. return false;
498.  
499. }
500.  
501. $ret = crypt($password, $hash);
502.  
503. if (!is_string($ret) || PasswordCompatbinary_strlen($ret) != PasswordCompatbinary_strlen($hash) || PasswordCompatbinary_strlen($ret) <= 13) {
504.  
505. return false;
506.  
507. }
508.  
509.  
510.  
511. $status = 0;
512.  
513. for ($i = 0; $i < PasswordCompatbinary_strlen($ret); $i++) {
514.  
515. $status |= (ord($ret[$i]) ^ ord($hash[$i]));
516.  
517. }
518.  
519.  
520.  
521. return $status === 0;
522.  
523. }
524.  
525. }
526.  
527.  
528.  
529. }
530.  
531.  
532.  
533. namespace PasswordCompatbinary {
534.  
535.  
536.  
537. if (!function_exists('PasswordCompat\binary\_strlen')) {
538.  
539.  
540.  
541. /**
542.  
543. * Count the number of bytes in a string
544.  
545. *
546.  
547. * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension.
548.  
549. * In this case, strlen() will count the number of *characters* based on the internal encoding. A
550.  
551. * sequence of bytes might be regarded as a single multibyte character.
552.  
553. *
554.  
555. * @param string $binary_string The input string
556.  
557. *
558.  
559. * @internal
560.  
561. * @return int The number of bytes
562.  
563. */
564.  
565. function _strlen($binary_string) {
566.  
567. if (function_exists('mb_strlen')) {
568.  
569. return mb_strlen($binary_string, '8bit');
570.  
571. }
572.  
573. return strlen($binary_string);
574.  
575. }
576.  
577.  
578.  
579. /**
580.  
581. * Get a substring based on byte limits
582.  
583. *
584.  
585. * @see _strlen()
586.  
587. *
588.  
589. * @param string $binary_string The input string
590.  
591. * @param int $start
592.  
593. * @param int $length
594.  
595. *
596.  
597. * @internal
598.  
599. * @return string The substring
600.  
601. */
602.  
603. function _substr($binary_string, $start, $length) {
604.  
605. if (function_exists('mb_substr')) {
606.  
607. return mb_substr($binary_string, $start, $length, '8bit');
608.  
609. }
610.  
611. return substr($binary_string, $start, $length);
612.  
613. }
614.  
615.  
616.  
617. /**
618.  
619. * Check if current PHP version is compatible with the library
620.  
621. *
622.  
623. * @return boolean the check result
624.  
625. */
626.  
627. function check() {
628.  
629. static $pass = NULL;
630.  
631.  
632.  
633. if (is_null($pass)) {
634.  
635. if (function_exists('crypt')) {
636.  
637. $hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG';
638.  
639. $test = crypt("password", $hash);
640.  
641. $pass = $test == $hash;
642.  
643. } else {
644.  
645. $pass = false;
646.  
647. }
648.  
649. }
650.  
651. return $pass;
652.  
653. }
654.  
655.  
656.  
657. }
658.  
659. }
660.  
661. public class LoginRequest extends StringRequest {
662. private static final String LOGIN_REQUEST_URL = "http://mycloudbets.pcriot.com/Login2.php";
663. private Map<String, String> params;
664.  
665. public LoginRequest(String username, String password, Response.Listener<String> listener) {
666. super(Method.POST, LOGIN_REQUEST_URL, listener, null);
667. params = new HashMap<>();
668. params.put("username", username);
669. params.put("password", password);
670. }
671.  
672. @Override
673. public Map<String, String> getParams() {
674. return params;
675. }
676. }
677.  
678. public class LoginActivity extends AppCompatActivity {
679. @Override
680. protected void onCreate(Bundle savedInstanceState) {
681. super.onCreate(savedInstanceState);
682. setContentView(R.layout.activity_login);
683.  
684. final EditText etUsername = (EditText) findViewById(R.id.etUsername);
685. final EditText etPassword = (EditText) findViewById(R.id.etPassword);
686. final TextView tvRegisterLink = (TextView) findViewById(R.id.tvRegisterLink);
687. final Button bLogin = (Button) findViewById(R.id.bSignIn);
688.  
689. tvRegisterLink.setOnClickListener(new View.OnClickListener() {
690. @Override
691. public void onClick(View v) {
692. Intent registerIntent = new Intent(LoginActivity.this, RegisterActivity.class);
693. LoginActivity.this.startActivity(registerIntent);
694. }
695. });
696.  
697. bLogin.setOnClickListener(new View.OnClickListener() {
698. @Override
699. public void onClick(View v) {
700. final String username = etUsername.getText().toString();
701. final String password = etPassword.getText().toString();
702.  
703. // Response received from the server
704. Response.Listener<String> responseListener = new Response.Listener<String>() {
705. @Override
706. public void onResponse(String response) {
707. try {
708. JSONObject jsonResponse = new JSONObject(response);
709. boolean success = jsonResponse.getBoolean("success");
710.  
711. if (success) {
712. String name = jsonResponse.getString("name");
713. int age = jsonResponse.getInt("age");
714.  
715. Intent intent = new Intent(LoginActivity.this, UserAreaActivity.class);
716. intent.putExtra("name", name);
717. intent.putExtra("age", age);
718. intent.putExtra("username", username);
719. LoginActivity.this.startActivity(intent);
720. } else {
721. AlertDialog.Builder builder = new AlertDialog.Builder(LoginActivity.this);
722. builder.setMessage("Login Failed")
723. .setNegativeButton("Retry", null)
724. .create()
725. .show();
726. }
727.  
728. } catch (JSONException e) {
729. e.printStackTrace();
730. }
731. }
732. };
733.  
734. LoginRequest loginRequest = new LoginRequest(username, password, responseListener);
735. RequestQueue queue = Volley.newRequestQueue(LoginActivity.this);
736. queue.add(loginRequest);
737. }
738. });
739. }
740. }