Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $salt = 'csdnfgksdgojnmfnb';
- $password = md5($salt.$_POST['password']);
- $result = mysql_query("SELECT id FROM users
- WHERE username = '".mysql_real_escape_string($_POST['username'])."'
- AND password = '$password'");
- if (mysql_num_rows($result) < 1) {
- /* Access denied */
- echo "The username or password you entered is incorrect.";
- }
- else {
- $_SESSION['id'] = mysql_result($result, 0, 'id');
- #header("Location: ./");
- echo "Hello $_SESSION[id]!";
- }
- <?php
- // $hash is what you would store in your database
- $hash = password_hash($_POST['password'], PASSWORD_DEFAULT, ['cost' => 12]);
- // $hash would be the $hash (above) stored in your database for this user
- $checked = password_verify($_POST['password'], $hash);
- if ($checked) {
- echo 'password correct';
- } else {
- echo 'wrong credentials';
- }
- <?php
- use Netsilik/Lib/PepperedPasswords;
- // Some long, random, binary string, encoded as hexadecimal; stored in your configuration (NOT in your Database, as that would defeat the entire purpose of the pepper).
- $config['pepper'] = hex2bin('012345679ABCDEF012345679ABCDEF012345679ABCDEF012345679ABCDEF');
- $hasher = new PepperedPasswords($config['pepper']);
- // $hash is what you would store in your database
- $hash = $hasher->hash($_POST['password']);
- // $hash would be the $hash (above) stored in your database for this user
- $checked = $hasher->verify($_POST['password'], $hash);
- if ($checked) {
- echo 'password correct';
- } else {
- echo 'wrong credentials';
- }
- <?php
- require('PasswordHash.php');
- $pwdHasher = new PasswordHash(8, FALSE);
- // $hash is what you would store in your database
- $hash = $pwdHasher->HashPassword( $password );
- // $hash would be the $hash (above) stored in your database for this user
- $checked = $pwdHasher->CheckPassword($password, $hash);
- if ($checked) {
- echo 'password correct';
- } else {
- echo 'wrong credentials';
- }
- <?php
- var_dump(password_hash("my-secret-password", PASSWORD_DEFAULT));
- $options = array(
- 'cost' => 7, // this is the number of rounds for bcrypt
- // 'salt' => 'TphfsM82o1uEKlfP9vf1f', // you could specify a salt but it is not recommended
- );
- var_dump(password_hash("my-secret-password", PASSWORD_BCRYPT, $options));
- ?>
- string(60) "$2y$10$w2LxXdIcqJpD6idFTNn.eeZbKesdu5y41ksL22iI8C4/6EweI7OK."
- string(60) "$2y$07$TphfsM82o1uEKlfP9vf1fOKohBqGVXOJEmnUtQu7Y1UMft1R4D3d."
- var_dump(password_verify("my-secret-password", '$2y$10$BjHJbMCNWIJq7xiAeyFaHOGaO0jjNoE11e0YAer6Zu01OZHN/gk6K'));
- var_dump(password_verify("wrong-password", '$2y$10$BjHJbMCNWIJq7xiAeyFaHOGaO0jjNoE11e0YAer6Zu01OZHN/gk6K'));
- var_dump(password_verify("my-secret-password", '$2y$07$TphfsM82o1uEKlfP9vf1fOKohBqGVXOJEmnUtQu7Y1UMft1R4D3d.'));
- var_dump(password_verify("wrong-password", '$2y$07$TphfsM82o1uEKlfP9vf1fOKohBqGVXOJEmnUtQu7Y1UMft1R4D3d.'));
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement