Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // ---- CONFIGURATION -------------------------------
- define('DB_HOST', '********');
- define('DB_USERNAME', '*******');
- define('DB_PASSWORD', '********');
- define('DB_NAME', '********');
- define('DB_TABLE', 'authme');
- // ---- PASSWORD COMPARISON FUNCTION ----------------
- function passwordCompare($rawHash, $password)
- {
- $parts = explode('$', $rawHash);
- if (count($parts) === 4)
- {
- $hash = hash('sha256', $password);
- $hash = hash('sha256', $hash . $parts[2]);
- return $hash === $parts[3];
- }
- return FALSE;
- }
- // --------------------------------------------------
- header('Content-Type: text/plain');
- $username = isset($_POST['username']) ? $_POST['username'] : NULL;
- $password = isset($_POST['password']) ? $_POST['password'] : NULL;
- if (empty($username) || empty($password))
- {
- die('false:EMPTY_REQUEST');
- }
- try
- {
- $database = new PDO('mysql:dbname=' . DB_NAME . ';host=' . DB_HOST, DB_USERNAME, DB_PASSWORD);
- }
- catch (PDOException $e)
- {
- die('false:ERROR_DATABASE_CONNECT');
- }
- $statement = $database->prepare('SELECT password FROM ' . DB_TABLE . ' WHERE username = :username');
- $state = $statement->execute(array('username' => $username));
- if ($state === FALSE)
- {
- die('false:ERROR_DATABASE_QUERY');
- }
- $result = $statement->fetchAll(PDO::FETCH_ASSOC);
- if ($result === FALSE)
- {
- die('false:ERROR_DATABASE_FETCH');
- }
- if (count($result) === 0)
- {
- die('false');
- }
- if (passwordCompare($result[0]['password'], $password) === TRUE)
- {
- die('true');
- }
- die('false');
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
