API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 8th, 2017
109
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.80 KB | None | 0 0
raw download clone embed print report
  1. $salt = 'csdnfgksdgojnmfnb';
  2.  
  3. $password = md5($salt.$_POST['password']);
  4. $result = mysql_query("SELECT id FROM users
  5. WHERE username = '".mysql_real_escape_string($_POST['username'])."'
  6. AND password = '$password'");
  7.  
  8. if (mysql_num_rows($result) < 1) {
  9. /* Access denied */
  10. echo "The username or password you entered is incorrect.";
  11. }
  12. else {
  13. $_SESSION['id'] = mysql_result($result, 0, 'id');
  14. #header("Location: ./");
  15. echo "Hello $_SESSION[id]!";
  16. }
  17.  
  18. <?php
  19. // $hash is what you would store in your database
  20. $hash = password_hash($_POST['password'], PASSWORD_DEFAULT, ['cost' => 12]);
  21.  
  22. // $hash would be the $hash (above) stored in your database for this user
  23. $checked = password_verify($_POST['password'], $hash);
  24. if ($checked) {
  25. echo 'password correct';
  26. } else {
  27. echo 'wrong credentials';
  28. }
  29.  
  30. <?php
  31. use Netsilik/Lib/PepperedPasswords;
  32.  
  33. // Some long, random, binary string, encoded as hexadecimal; stored in your configuration (NOT in your Database, as that would defeat the entire purpose of the pepper).
  34. $config['pepper'] = hex2bin('012345679ABCDEF012345679ABCDEF012345679ABCDEF012345679ABCDEF');
  35.  
  36. $hasher = new PepperedPasswords($config['pepper']);
  37.  
  38. // $hash is what you would store in your database
  39. $hash = $hasher->hash($_POST['password']);
  40.  
  41. // $hash would be the $hash (above) stored in your database for this user
  42. $checked = $hasher->verify($_POST['password'], $hash);
  43. if ($checked) {
  44. echo 'password correct';
  45. } else {
  46. echo 'wrong credentials';
  47. }
  48.  
  49. <?php
  50. require('PasswordHash.php');
  51.  
  52. $pwdHasher = new PasswordHash(8, FALSE);
  53.  
  54. // $hash is what you would store in your database
  55. $hash = $pwdHasher->HashPassword( $password );
  56.  
  57. // $hash would be the $hash (above) stored in your database for this user
  58. $checked = $pwdHasher->CheckPassword($password, $hash);
  59. if ($checked) {
  60. echo 'password correct';
  61. } else {
  62. echo 'wrong credentials';
  63. }
  64.  
  65. <?php
  66. var_dump(password_hash("my-secret-password", PASSWORD_DEFAULT));
  67.  
  68. $options = array(
  69. 'cost' => 7, // this is the number of rounds for bcrypt
  70. // 'salt' => 'TphfsM82o1uEKlfP9vf1f', // you could specify a salt but it is not recommended
  71. );
  72. var_dump(password_hash("my-secret-password", PASSWORD_BCRYPT, $options));
  73. ?>
  74.  
  75. string(60) "$2y$10$w2LxXdIcqJpD6idFTNn.eeZbKesdu5y41ksL22iI8C4/6EweI7OK."
  76. string(60) "$2y$07$TphfsM82o1uEKlfP9vf1fOKohBqGVXOJEmnUtQu7Y1UMft1R4D3d."
  77.  
  78. var_dump(password_verify("my-secret-password", '$2y$10$BjHJbMCNWIJq7xiAeyFaHOGaO0jjNoE11e0YAer6Zu01OZHN/gk6K'));
  79. var_dump(password_verify("wrong-password", '$2y$10$BjHJbMCNWIJq7xiAeyFaHOGaO0jjNoE11e0YAer6Zu01OZHN/gk6K'));
  80.  
  81. var_dump(password_verify("my-secret-password", '$2y$07$TphfsM82o1uEKlfP9vf1fOKohBqGVXOJEmnUtQu7Y1UMft1R4D3d.'));
  82. var_dump(password_verify("wrong-password", '$2y$07$TphfsM82o1uEKlfP9vf1fOKohBqGVXOJEmnUtQu7Y1UMft1R4D3d.'));
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!