API tools faq
paste
Advertisement
majondreau

db with password_hash, password_verify

majondreau
Oct 7th, 2017
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.20 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3.  
  4. // variable declaration
  5. $username = "";
  6. $email    = "";
  7. $errors = array();
  8. $_SESSION['success'] = "";
  9.  
  10. // connect to database
  11. $db = mysqli_connect('localhost', 'root', '', 'cosc');
  12.  
  13. // REGISTER USER
  14. if (isset($_POST['reg_user'])) {
  15.     // receive all input values from the form
  16.     $username = mysqli_real_escape_string($db, $_POST['username']);
  17.     $email = mysqli_real_escape_string($db, $_POST['email']);
  18.     $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
  19.     $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
  20.  
  21.     // form validation: ensure that the form is correctly filled
  22.     if (empty($username)) { array_push($errors, "Username is required"); }
  23.     if (empty($email)) { array_push($errors, "Email is required"); }
  24.     if (empty($password_1)) { array_push($errors, "Password is required"); }
  25.  
  26.     if ($password_1 != $password_2) {
  27.         array_push($errors, "The two passwords do not match");
  28.     }
  29.  
  30.     // register user if there are no errors in the form
  31.     if (count($errors) == 0) {
  32.         $hash = password_hash($password_1, PASSWORD_DEFAULT);// Hash a new password for storing in the database
  33.         $query = "INSERT INTO users (username, email, password)
  34.                   VALUES('$username', '$email', '$password')";
  35.         mysqli_query($db, $query);
  36.  
  37.         $_SESSION['username'] = $username;
  38.         $_SESSION['success'] = "You are now logged in";
  39.         header('location: index.php');
  40.     }
  41.  
  42. }
  43.  
  44. // LOGIN USER
  45. if (isset($_POST['login_user'])) {
  46.     $username = mysqli_real_escape_string($db, $_POST['username']);
  47.     $password = mysqli_real_escape_string($db, $_POST['password']);
  48.  
  49.     if (empty($username)) {
  50.         array_push($errors, "Username is required");
  51.     }
  52.     if (empty($password)) {
  53.         array_push($errors, "Password is required");
  54.     }
  55.  
  56.     if (count($errors) == 0) {
  57.         $isPasswordCorrect = password_verify($password_1, $hash);
  58.         $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
  59.         $results = mysqli_query($db, $query);
  60.  
  61.         if (mysqli_num_rows($results) == 1) {
  62.             $_SESSION['username'] = $username;
  63.             $_SESSION['success'] = "You are now logged in";
  64.             header('location: index.php');
  65.         }else {
  66.             array_push($errors, "Wrong username/password combination");
  67.         }
  68.     }
  69. }
  70.  
  71. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!