Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- error_reporting(E_ALL);
- $conn = mysqli_connect("127.0.0.1", "root", "ascent", "auth");
- function calculateSRP6Verifier($username, $password, $salt) {
- $g = gmp_init(7);
- $N = gmp_init('894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7', 16);
- $h1 = sha1(strtoupper($username . ':' . $password), TRUE);
- $h2 = sha1($salt.$h1, TRUE);
- $h2 = gmp_import($h2, 1, GMP_LSW_FIRST);
- $verifier = gmp_powm($g, $h2, $N);
- $verifier = gmp_export($verifier, 1, GMP_LSW_FIRST);
- $verifier = str_pad($verifier, 32, chr(0), STR_PAD_RIGHT);
- return $verifier;
- }
- function getsalt($username, $password) {
- $conn = mysqli_connect("127.0.0.1", "root", "ascent", "auth");
- $stmt = $conn->prepare("SELECT * FROM account WHERE username = ?");
- $stmt->bind_param("s", $username);
- $stmt->execute();
- $result = $stmt->get_result();
- if($result->num_rows > 0) {
- while($row = $result->fetch_assoc()) {
- return calculateSRP6Verifier($row['username'], $password, $row['salt']);
- }
- }
- }
- $verifier = getsalt($_POST['username'], $_POST['password']);
- $stmt = $conn->prepare("SELECT * FROM account WHERE username = ? AND verifier = ?");
- $stmt->bind_param("ss", $_POST['username'], $verifier);
- $stmt->execute();
- $result = $stmt->get_result();
- if($result->num_rows > 0) {
- while($row = $result->fetch_assoc()) {
- $_SESSION['username'] = $row['username'];
- $_SESSION['uid'] = $row['id'];
- header("location: ../?p=home");
- }
- }else{
- echo "Wrong username or password";
- header("refresh:3; ../?p=home");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement