function hashcmp($pwd, $hash, $salt = '') { $update = false; /* conditional old or new hash method to migrate */ if (substr($hash, 0, 1) == '$') { return password_verify($pwd . $salt, $hash); } else { $cmp = pwd_hash_old($pwd); $update = true; } /* compare hashes and return boolean */ if (substr($cmp, 0, strlen($hash)) == $hash) { /* here migrate and update old hash with new */ if ($update == true || strlen($cmp) > strlen($hash)) { $abfrage = "UPDATE User SET Userpwmd5 = '" . pwd_hash_new($pwd, $salt) . "' WHERE Userpwmd5 = '" . $hash . "';"; $ergebnis = mysql_query($abfrage); } return true; } else { return false; } }
<label for="address">Adresse</label> <input type="text" size="14" maxlength="50" name="address" id="address"><br> <input type="submit" value="Abschicken"> </form> </fieldset> <!--<small style="margin-left: 3em;"><a href="login.html">Login</a></small>--> </div>'; if (!isset($caller) || $caller != 'index.php') { echo '<small style="margin-left: 3em;"><a href="login.php">Login</a></small>'; } else { echo '<small style="margin-left: 3em;"><a href="?show=login">Login</a></small>'; } } else { $password = pwd_hash_old($password); unset($password2); $verbindung = mysql_connect($dbhost, $dbuser, $dbpass) or die("Verbindung zur Datenbank konnte nicht hergestellt werden"); mysql_select_db($dbname) or die("Datenbank konnte nicht ausgewählt werden"); $result = mysql_query("SELECT UserID FROM User WHERE Username = '******';"); $menge = mysql_num_rows($result); if ($menge == 0) { $eintrag = "INSERT INTO User (Username, Userpwmd5, UserAnrede, UserAdresse) VALUES ('" . mysql_escape_string($username) . "', '" . $password . "', '" . mysql_escape_string($name) . "', '" . mysql_escape_string($address) . "');"; $eintragen = mysql_query($eintrag); if ($eintragen == true) { echo 'Benutzername <b>' . $username . '</b> wurde erstellt. <a href="' . (!isset($caller) || $caller != 'index.php' ? 'login.php' : '?show=login') . '">Login</a>'; } else { echo 'Fehler beim Speichern des Benutzernames. <a href="eintragen.html">Zurück</a>'; } } else { echo 'Benutzername schon vorhanden. <a href="eintragen.html">Zurück</a>';