function login($data) { $email = mysql_real_escape_string($data->email); $password = mysql_real_escape_string($data->password); if (!empty($email) && !empty($password)) { $result = mysql_query("SELECT * FROM users WHERE email = '{$email}'") or die(mysql_error()); // check for result $no_of_rows = mysql_num_rows($result); if ($no_of_rows > 0) { $result = mysql_fetch_array($result); $salt = $result['salt']; $uuid = $result['unique_id']; $encrypted_password = $result['encrypted_password']; $hash = checkhashSSHA($salt, $password); // check for password equality if ($encrypted_password == $hash) { // user authentication details are correct return array("unique_id" => $uuid, "msg" => "details are correct", "status" => "success"); } else { // user not found return array("msg" => "details are not correct", "status" => "failure"); } } else { // user not found return array("msg" => "user not found", "status" => "failure"); } } else { return array("msg" => "Fill the Details", "status" => "failure"); } }
$hash = base64_encode(sha1($password . $salt, true) . $salt); return $hash; } session_start(); include "connect.php"; if (!empty($_REQUEST)) { $data = json_decode($_POST["data"]); $username = trim($data->username); $password = trim($data->password); $sql = "SELECT * FROM users WHERE username='******'"; $result = mysqli_query($link, $sql); if ($result) { $row = mysqli_fetch_assoc($result); $salt = $row['salt']; $encrypted_password = $row['password']; $hash = checkhashSSHA($salt, $password); //echo $encrypted_password." == ". $hash; //die(); if ($encrypted_password == $hash) { $SKey = uniqid(mt_rand(), true); $timestamp = date("Y-m-d H:m:i"); $_SESSION["userid"] = $row["id"]; $_SESSION["username"] = $row['username']; $_SESSION['userAgent'] = sha1($_SERVER['HTTP_USER_AGENT']); $_SESSION['SKey'] = $SKey; $_SESSION['IPaddress'] = $_SERVER["REMOTE_ADDR"]; $_SESSION['LastActivity'] = $_SERVER['REQUEST_TIME']; echo json_encode(array('result' => true, 'msg' => "Login successfully.")); } else { echo json_encode(array('result' => false, 'msg' => "Error.")); }
} catch (PDOException $e) { echo $e->getMessage(); } if (isset($_POST['username'], $_POST['password'], $_POST['captcha']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['captcha'])) { if (isset($_SESSION['captcha']) && $_POST['captcha'] == $_SESSION['captcha']) { $username = escape($_POST['username']); $password = $_POST['password']; $sql = "select * from user where username=:user and permission!='admin'"; $stmt = $pdo->prepare($sql); $stmt->bindValue(':user', $username, PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount() == 1) { $user = $stmt->fetch(PDO::FETCH_OBJ); $salt = $user->salt; $encPassword = $user->password; if (checkhashSSHA($salt, $password) == $encPassword) { session_regenerate_id(true); $_SESSION['login'] = true; $_SESSION['name'] = $user->lname . ' ' . $user->fname; $_SESSION['fname'] = $user->fname; $_SESSION['lname'] = $user->lname; $_SESSION['username'] = $user->username; $_SESSION['userId'] = $user->id; $_SESSION['f_id'] = $user->f_id; $_SESSION['permission'] = $user->permission; $_SESSION['token'] = token(20, TOKEN_KEY); /*************************************/ $url = url('/welcome.php'); $header = 'HTTP/1.1 200 OK'; header($header); header("Location: {$url}");
function LoginUtility($email, $pwd, $table, $emailCol, $pwdCol) { $resp = "-1"; try { $query = "select * from " . $table . " where " . $emailCol . "='{$email}'"; $rs = mysql_query($query); if (!$rs) { $resp = "-1"; } else { $no = mysql_num_rows($rs); if ($no > 0) { $res = mysql_fetch_array($rs); $salt = $res["Salt"]; $hash = checkhashSSHA($salt, $pwd); // check for password equality if ($res[$table . "Pwd"] == $hash) { $resp = "1"; // set the global cookie here in PHP. // setcookie("globalEmail", $res[$table . "Email"], time() + (86400 * 30), "/"); // setcookie("globalID", $res[$table . "ID"], time() + (86400 * 30), "/"); $_SESSION["globalEmail"] = $res[$table . "Email"]; $_SESSION["globalId"] = $res[$table . "ID"]; } else { $resp = "0"; } } } return $resp; } catch (Exception $e) { $resp = "-1"; return $resp; } }
function chpassword($pdo) { if (!empty($_POST['npass']) && !empty($_POST['cpass'])) { $sql = "select salt,password from user where id=:userId"; $stmt = $pdo->prepare($sql); $stmt->bindvalue(':userId', $_SESSION['userId'], PDO::PARAM_INT); $stmt->execute(); if ($stmt->rowCount()) { $user = $stmt->fetch(PDO::FETCH_ASSOC); $salt = $user['salt']; $encPassword = $user['password']; if (checkhashSSHA($salt, $_POST['cpass']) == $encPassword) { $nps = preg_replace('/\\s*/', '', $_POST['npass']); $nps = preg_replace('/\\/*/', '', $nps); if (mb_strlen($nps, 'UTF-8') >= 8) { $password = hashSSHA($_POST['npass']); $sql = "update user set salt=:s,password=:p"; $stmt = $pdo->prepare($sql); $stmt->bindvalue(':s', $password['salt'], PDO::PARAM_STR); $stmt->bindvalue(':p', $password['encrypted'], PDO::PARAM_STR); $stmt->execute(); } } } } redirect(BASE_PATH . '/me', 1); }
$uuid = ""; function checkhashSSHA($salt, $password) { $hash = base64_encode(sha1($password . $salt, true) . $salt); return $hash; } if ($exists > 0) { while ($row = mysqli_fetch_array($query)) { $table_users = $row['email']; // the first username row is passed on to $table_users, and so on until the query is finished $encrypted_password = $row['password']; // the first password row is passed on to $table_password, and so on until the query is finished $username = $row['fname']; $salt = $row['salt']; $uuid = $row['uuid']; $table_password = checkhashSSHA($salt, $password); } if ($email == $table_users) { if ($encrypted_password == $table_password) { $_SESSION['user'] = $username; //set the username in a session. This serves as a global variable $_SESSION['writer'] = $uuid; header("location: index.php"); // redirects the user to the authenticated home page } else { print '<script>alert("Incorrect Password!");</script>'; // Prompts the user print '<script>window.location.assign("login.php");</script>'; // redirects to login.php } } else {
function ChangePassword($email, $oldPassword, $newPassword, $newPasswordConfirm, $table) { $resp = "-1"; try { $query = "select * from " . $table . " where " . $table . "Email='{$email}'"; $rs = mysql_query($query); if (!$rs) { $resp = "-1"; } else { $no = mysql_num_rows($rs); if ($no > 0) { $res = mysql_fetch_array($rs); $salt = $res["Salt"]; $encrypted_password = $res[$table . "Pwd"]; $hash = checkhashSSHA($salt, $oldPassword); if ($encrypted_password == $hash) { // old Password matches. Now, update the password here. $resp = ChangePasswordUtility($email, $newPassword, $table); } else { $resp = "0"; } } } echo $resp; } catch (Exception $e) { $resp = "-1"; echo $resp; } }
/** * Decrypting password * @param salt, password * returns hash string */ function isAllowAccessPwd($password) { $ci =& get_instance(); $where = array('ID' => getUserId()); $sql = $ci->common_model->getRecords($ci->common_model->_loginTable, $where, "s"); $salt = $sql['salt']; $encrypted_password = $sql['password']; $hash = checkhashSSHA($salt, $password); return $encrypted_password == $hash ? 1 : 0; }
/** * Get user by email and password */ function getUserByEmailAndPassword($email, $password, $db) { $result = $db->query("SELECT * FROM users WHERE email = '{$email}'"); // check for result if ($result->num_rows > 0) { $resultArray = $result->fetch_array(MYSQLI_ASSOC); $salt = $resultArray['salt']; $encrypted_password = $resultArray['encrypted_password']; $hash = checkhashSSHA($salt, $password); // check for password equality if ($encrypted_password == $hash) { // user authentication details are correct return $resultArray; } } else { // user not found return false; } }