API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 16th, 2016
91
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.92 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //---------------------------------------------------------
  3. /* DBlogin.php SECURE kansiossa */
  4.  
  5. class myDbConnection{
  6. private $servername = "";
  7. private $username = "";
  8. private $password = "";
  9. private $dbname = "";
  10.  
  11. private $connection;
  12.  
  13. function __construct(){
  14. // construct object
  15. $this->connection = $this->connect();
  16. }
  17.  
  18. private function connect(){
  19. try {
  20. $connection = new PDO("mysql:host=$this->servername;dbname=$this->dbname", $this->username, $this->password);
  21. $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  22. return $connection; // return the successful connection
  23. }
  24. catch(PDOException $e)
  25. {
  26. //echo $sql . "<br>" . $e->getMessage();
  27. $connection = null;
  28. return false; // return failure
  29. }
  30. }
  31.  
  32. public function getConnection(){
  33. if($this->connection !== false){
  34. return $this->connection;
  35. }
  36. else return false;
  37. }
  38. }
  39.  
  40. function checkLogin($account,$passwordProvided){
  41. // these things will execute
  42. $connection = new myDbConnection();
  43. if($connection->getConnection() === false){
  44. return "jotai meni pielee.";
  45. }
  46.  
  47. try {
  48. $statement = $connection->getConnection()->prepare("SELECT password FROM Account WHERE name = :v1");
  49. $statement->bindParam(":v1", $account);
  50. $statement->execute();
  51. $password = $statement->fetch(PDO::FETCH_ASSOC)["password"];
  52. } catch (PDOException $e) {
  53. return false;
  54. }
  55.  
  56. if(password_verify($passwordProvided,$password)) {
  57. try {
  58. $statement = $connection->getConnection()->prepare("UPDATE Account SET last_login = now() WHERE name=:boundValue");
  59. $statement->bindParam(":boundValue",$account);
  60. $statement->execute();
  61. } catch (PDOException $e) {} finally {
  62. return true;
  63. }
  64. } else {
  65. return "wrong pw :D";
  66. }
  67. }
  68. function accountExists($account){
  69. // these things will execute
  70. $connection = new myDbConnection();
  71. if($connection->getConnection() === false){
  72. return "jotai meni pielee.";
  73. }
  74.  
  75. try {
  76. $statement = $connection->getConnection()->prepare("SELECT name FROM Account WHERE name = :v1");
  77. $statement->bindParam(":v1", $account);
  78. $statement->execute();
  79. $result = $statement->fetchAll();
  80.  
  81. if(!empty($result)) return true;
  82. else return false;
  83. } catch (PDOException $e) {
  84. return false;
  85. }
  86. }
  87. function createAccount($account,$password){
  88. // these things will execute
  89. $connection = new myDbConnection();
  90. if($connection->getConnection() === false){
  91. return "jotai meni pielee.";
  92. }
  93.  
  94. // use prepared statements to compare login values
  95. try{
  96. $statement = $connection->getConnection()->prepare("INSERT INTO Account (name,password,status) VALUES (:v1,:v2,'user')");
  97. $statement->bindParam(":v1",$account); //name
  98. $statement->bindParam(":v2",password_hash($password,PASSWORD_DEFAULT)); //pw
  99. $statement->execute();
  100. return true;
  101. }
  102. catch(PDOException $e){
  103. echo $sql . "<br>" . $e->getMessage();
  104. return false;
  105. }
  106.  
  107.  
  108. }
  109. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!