Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $username = mysqli_real_escape_string($sql_conn, $_POST['username']);
- $password = mysqli_real_escape_string($sql_conn, $_POST['password']);
- $password_hashed = password_hash($password, PASSWORD_BCRYPT);
- /*if(mysqli_query($sql_conn, "INSERT INTO cs490_logins(username,password) VALUES('$username','$password_hashed')") == true) {
- print "<br>successfully inserted a row!";
- }
- else
- print "<br>Query failed...";*/
- $loginValid = false; //flag for login
- $query = "SELECT * FROM `cs490_logins` WHERE `username` = '$username' ";
- $rehash_query = mysqli_query($sql_conn, "UPDATE `cs490_logins` SET `password` = '$password_hashed' WHERE `username` = '$username'");
- $get_hash = mysqli_fetch_array($query, MYSQLI_ASSOC); //getter for hashed password in db
- //$ifPassValid = password_verify($password, $get_hash['password']);
- //echo $get_hash'password'];
- if($result=mysqli_query($sql_conn, $query)) { //check if query works
- if(mysqli_num_rows($result) > 0) { //check if username and password matches and exists
- echo "<br>Found you in the database!";
- if($ifPassValid) {
- $loginValid = true;
- echo "Logged in!";
- }
- if(password_needs_rehash($password_hashed, PASSWORD_BCRYPT)) { //rehash password since it's void after 'password_verify'
- $password_hashed = password_hash($password, PASSWORD_BCRYPT);
- mysqli_query($sql_conn, $rehash_query);
- echo "<br>password has been rehashed...";
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement