Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //---------------------------------------------------------
- /* DBlogin.php SECURE kansiossa */
- class myDbConnection{
- private $servername = "";
- private $username = "";
- private $password = "";
- private $dbname = "";
- private $connection;
- function __construct(){
- // construct object
- $this->connection = $this->connect();
- }
- private function connect(){
- try {
- $connection = new PDO("mysql:host=$this->servername;dbname=$this->dbname", $this->username, $this->password);
- $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- return $connection; // return the successful connection
- }
- catch(PDOException $e)
- {
- //echo $sql . "<br>" . $e->getMessage();
- $connection = null;
- return false; // return failure
- }
- }
- public function getConnection(){
- if($this->connection !== false){
- return $this->connection;
- }
- else return false;
- }
- }
- function checkLogin($account,$passwordProvided){
- // these things will execute
- $connection = new myDbConnection();
- if($connection->getConnection() === false){
- return "jotai meni pielee.";
- }
- try {
- $statement = $connection->getConnection()->prepare("SELECT password FROM Account WHERE name = :v1");
- $statement->bindParam(":v1", $account);
- $statement->execute();
- $password = $statement->fetch(PDO::FETCH_ASSOC)["password"];
- } catch (PDOException $e) {
- return false;
- }
- if(password_verify($passwordProvided,$password)) {
- try {
- $statement = $connection->getConnection()->prepare("UPDATE Account SET last_login = now() WHERE name=:boundValue");
- $statement->bindParam(":boundValue",$account);
- $statement->execute();
- } catch (PDOException $e) {} finally {
- return true;
- }
- } else {
- return "wrong pw :D";
- }
- }
- function accountExists($account){
- // these things will execute
- $connection = new myDbConnection();
- if($connection->getConnection() === false){
- return "jotai meni pielee.";
- }
- try {
- $statement = $connection->getConnection()->prepare("SELECT name FROM Account WHERE name = :v1");
- $statement->bindParam(":v1", $account);
- $statement->execute();
- $result = $statement->fetchAll();
- if(!empty($result)) return true;
- else return false;
- } catch (PDOException $e) {
- return false;
- }
- }
- function createAccount($account,$password){
- // these things will execute
- $connection = new myDbConnection();
- if($connection->getConnection() === false){
- return "jotai meni pielee.";
- }
- // use prepared statements to compare login values
- try{
- $statement = $connection->getConnection()->prepare("INSERT INTO Account (name,password,status) VALUES (:v1,:v2,'user')");
- $statement->bindParam(":v1",$account); //name
- $statement->bindParam(":v2",password_hash($password,PASSWORD_DEFAULT)); //pw
- $statement->execute();
- return true;
- }
- catch(PDOException $e){
- echo $sql . "<br>" . $e->getMessage();
- return false;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement