Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // begin HTML form
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
- <title>passwords</title>
- </head>
- <body>
- <div class="container">
- <h1 class="text-center">login</h1>
- <form action="login.php" method="post">
- <div class="form-group">
- <label for="exampleInputEmail1">username</label>
- <input type="text" class="form-control" name="username" aria-describedby="emailHelp">
- </div>
- <div class="form-group">
- <label for="exampleInputPassword1">Password</label>
- <input type="password" class="form-control" name="password">
- </div>
- <button type="submit" class="btn btn-primary">Submit</button>
- </form>
- </div>
- <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
- <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
- </body>
- </html>
- // end HTML form
- // begin PHP processing page
- <?php
- // check to make sure the form has been submitted (POST request)
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- // submitted form data
- $postName = $_POST['username'];
- $postPassword = $_POST['password'];
- echo "The username submitted is: " . $postName . "<br>";
- echo "The password submitted is: " . $postPassword . "<br>";
- // hash the password and assign to variable "$HashedPassword"
- $HashedPassword=password_hash($postPassword, PASSWORD_DEFAULT);
- echo "The HASHED password is: " . $HashedPassword . "<br>";
- // "MD5" password and assign to variable "$md5Password"
- $md5Password=md5($postPassword);
- echo "The MD5 password is: " . $md5Password . "<br><br>";
- } else{
- echo "only post requests are allowed";
- }
- // set up database connection
- $servername = "localhost";
- $username = "root";
- $password = "";
- try {
- $conn = new PDO("mysql:host=$servername;dbname=passwords", $username, $password);
- // set the PDO error mode to exception
- $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- } catch(PDOException $e) {
- echo "Connection failed: " . $e->getMessage();
- }
- // check to see if user exists
- $stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
- $stmt->execute([$postName]);
- $user = $stmt->fetch();
- // check for plain text password
- if ($user && ($postPassword === $user['password']))
- {
- echo "valid, plaintext" . "<br>";
- // now update the database with hashed password
- updatePassword($HashedPassword, $user['id']);
- } else{
- // now check if the password is in MD5 format
- if ($user && ($md5Password == $user['password']))
- {
- echo "valid, MD5" . "<br>";
- // now update the database with hashed password
- updatePassword($HashedPassword, $user['id']);
- } else {
- // finally, check if password is hashed
- if ($user && password_verify($postPassword, $user['password']))
- {
- echo "valid, hashed" . "<br>";
- } else {
- echo "invalid password";
- }
- }
- }
- function updatePassword($newPassword, $userId){
- global $conn;
- $sql = "UPDATE users SET password=? WHERE id=?";
- $stmt= $conn->prepare($sql);
- $stmt->execute([$newPassword, $userId]);
- echo "password has been updated";
- }
- ?>
- // begin MYSQL to create database used with this paste:
- -- phpMyAdmin SQL Dump
- -- version 5.0.2
- -- https://www.phpmyadmin.net/
- --
- -- Host: 127.0.0.1
- -- Generation Time: Oct 22, 2020 at 01:14 AM
- -- Server version: 10.4.11-MariaDB
- -- PHP Version: 7.4.5
- SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
- START TRANSACTION;
- SET time_zone = "+00:00";
- /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
- /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
- /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
- /*!40101 SET NAMES utf8mb4 */;
- --
- -- Database: `passwords`
- --
- -- --------------------------------------------------------
- --
- -- Table structure for table `users`
- --
- CREATE TABLE `users` (
- `id` int(11) NOT NULL,
- `username` varchar(255) NOT NULL,
- `password` varchar(255) NOT NULL
- ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
- --
- -- Dumping data for table `users`
- --
- INSERT INTO `users` (`id`, `username`, `password`) VALUES
- (1, 'user1', 'password'),
- (2, 'user2', '5f4dcc3b5aa765d61d8327deb882cf99'),
- (3, 'user3', '$2y$10$Wk9ge/TJAQqwb3wbhOTryeSWdFo6GaAc.dks05LG2esFBDTqWZsFu');
- --
- -- Indexes for dumped tables
- --
- --
- -- Indexes for table `users`
- --
- ALTER TABLE `users`
- ADD PRIMARY KEY (`id`);
- --
- -- AUTO_INCREMENT for dumped tables
- --
- --
- -- AUTO_INCREMENT for table `users`
- --
- ALTER TABLE `users`
- MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4;
- COMMIT;
- /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
- /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
- /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
Add Comment
Please, Sign In to add comment