/** * @depends testBcrypt */ public function testBcryptVerify() { $encoded = bcrypt('test'); $this->assertTrue(bcrypt_verify('test', $encoded)); $this->assertFalse(bcrypt_verify('nope', $encoded)); }
<?php require_once 'inc/lib.php'; session_start(); if (!empty($_SESSION['user'])) { if (!($user = user_info($_SESSION['user']))) { // User does not exist, redirect to login page header('Location: .'); exit('Not Authorized'); } } elseif (!empty($_POST['user']) && !empty($_POST['pass'])) { // Get user data $user = user_info($_POST['user']); $_SESSION['is_admin'] = $user['role'] == 'admin'; // Check user exists and password is good if (!$user || !bcrypt_verify($_POST['pass'], $user['pass'])) { // Login failure, redirect to login page header('Location: ./?error=badlogin'); exit('Not Authorized'); } // Current user is valid $_SESSION['user'] = $user['user']; } else { // Not logged in, redirect to login page header('Location: .'); exit('Not Authorized'); } ?> <!doctype html> <html> <head>