function passwordCheck($password) { $pwcheck = mysql_query("SELECT `id` FROM `classes` WHERE `password` = '{$password}'"); if (mysql_num_rows($pwcheck) != 0) { $password = generateRandomString(); passwordCheck(); return; } }
<?php include 'php_modules/modules.php'; if (!isset($_COOKIE['sessionuid'])) { $password = $_POST['pass']; if (passwordCheck($password) == "f") { //echo '<script>window.location.assign("http://bluestore.co")</script>'; setcookie("ccookie", "", time() - 86400 * 30, "/"); header('Location: index.php'); } header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1. header('Pragma: no-cache'); // HTTP 1.0. header('Expires: 0'); // Proxies. } else { if (encrypt_decrypt('decrypt', $_COOKIE['ccookie']) != $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']) { header('Location: https://bluestore.co/logOutRedirect.php'); } } ?> <!DOCTYPE html> <html> <head> <title> Blue Store </title> <!-- Javascript --> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
require_once dirname(__FILE__) . DS . '../../src/connection.php'; require_once dirname(__FILE__) . DS . '../../src/protectCSRF.php'; if ($_POST) { extract($_POST); $token = isset($token) ? $token : null; $email = isset($email) ? $email : null; $senha = isset($senha) ? $senha : null; checkTokenIsValid($token); $email = antiInjection($email); $senha = antiInjection($senha); //Recupera senha criptografada (HASH) $hash = getUserHash($email); //Verifica se senha digitada é válida no banco //Tem que ser um array $dataPasswordVerify = ['email' => $email, 'senha' => $senha, 'hash' => $hash]; if (passwordCheck($dataPasswordVerify) === false) { header('Location: ' . SITE_URL . 'index.php'); } else { header('Location: ' . SITE_URL . 'dashboard.php'); } } else { header('Location: ' . SITE_URL . 'index.php'); } /** * Função para verificar se a senha digitada é a correta * e verifica se houve alteração no algoritmo de HASH do PHP * Caso positívo altera o algoritmo de HASH * (esse procedimento não impede o acesso do usuário) */ //function passwordCheck($email, $senha, $hash) function passwordCheck($params)
include 'dbconn.php'; ?> <!DOCTYPE html> <html> <head> <title>Check DB</title> <link rel="stylesheet" href="../css/register/style.css" /> </head> <body> <?php $join_password = $_POST['password']; $join_passwordcheck = $_POST['passwordCheck']; // First check if password retype is valid. passwordCheck($join_password, $join_passwordcheck); ?> </body> </html> <?php //Functions function passwordCheck($original, $check) { if ($original != $check) { errorform('password'); } else { emailcheck(); }
<?php session_start(); $con = mysqli_connect("localhost", "root", "root", "rent_a_car"); if (mysqli_connect_errno($con)) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } if (isset($_POST["userid"]) && isset($_POST["password"])) { $accounts = mysqli_query($con, 'SELECT * FROM account'); while ($row = mysqli_fetch_array($accounts)) { if ($row['USERNAME'] == $_POST["userid"]) { passwordCheck($row); } } header('Location: http://localhost:8888/CarRental/welcome.php'); } function passwordCheck($toCheck) { $con = mysqli_connect("localhost", "root", "root", "rent_a_car"); if ($toCheck['PASSWORD'] == $_POST["password"]) { $_SESSION['type'] = $toCheck['TYPE']; //change this to whatever type account is $_SESSION['name'] = $toCheck['USERNAME']; if ($_SESSION['type'] == 'C') { $account = mysqli_query($con, 'SELECT * FROM customer INNER JOIN account ON customer.CID=account.ACCOUNTID WHERE account.USERNAME = "******"'); $info = mysqli_fetch_array($account); $_SESSION['id'] = $info['CID']; } elseif ($_SESSION['type'] == 'E' || $_SESSION['type'] == 'A') { $account = mysqli_query($con, 'SELECT * FROM employee INNER JOIN account ON employee.EID=account.ACCOUNTID WHERE account.USERNAME = "******"'); $info = mysqli_fetch_array($account); $_SESSION['id'] = $info['EID'];
} } # https://github.com/easy-wi/developer/issues/2 if (!isset($active)) { $query = $sql->prepare("SELECT * FROM `userdata_substitutes` WHERE `loginName`=? LIMIT 1"); $query->execute(array($ui->username('username', 255, 'post'))); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $mail = ''; $externalID = 0; $sID = $row['sID']; $id = $row['userID']; $username = $row['loginName']; $active = $row['active']; $resellerid = $row['resellerID']; $accounttype = 'v'; $passwordCorrect = passwordCheck($password, $row['passwordHashed'], $row['loginName'], $row['salt']); if ($passwordCorrect !== true and $passwordCorrect !== false) { if (is_array($newHash)) { $query = $sql->prepare("UPDATE `userdata_substitutes` SET `passwordHashed`=?,`salt`=? WHERE `sID`=? LIMIT 1"); $query->execute(array($passwordCorrect['hash'], $passwordCorrect['salt'], $sID)); } else { $query = $sql->prepare("UPDATE `userdata_substitutes` SET `passwordHashed`=? WHERE `sID`=? LIMIT 1"); $query->execute(array($passwordCorrect, $sID)); } } } } if (!isset($sID) and isset($active) and $active == 'Y' and isset($passwordCorrect) and $passwordCorrect === false) { $authLookupID = $resellerid == $id ? 0 : $resellerid; $query = $sql->prepare("SELECT `active`,`ssl`,`user`,`domain`,AES_DECRYPT(`pwd`,?) AS `decryptedPWD`,`file` FROM `api_external_auth` WHERE `resellerID`=? LIMIT 1"); $query->execute(array($aeskey, $authLookupID));
<?php if (!session_id()) { session_start(); } include "functions.php"; include "connect.php"; $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT username, hashed_password, first_name, last_name FROM users WHERE username = :username LIMIT 1"; $statement = $db->prepare($sql); $statement->bindParam(':username', $username); $statement->execute(); if ($user = $statement->fetch()) { if (passwordCheck($password, $user['hashed_password'])) { // successful login, redirect to dashboard $_SESSION['username'] = $username; $_SESSION['login_error'] = False; $_SESSION['first_name'] = $user['first_name']; $_SESSION['last_name'] = $user['last_name']; header("Location: ../public/dashboard.php"); } else { // password is incorrect $_SESSION['login_error'] = True; header("Location: ../public/index.php"); } } else { // username is incorrect $_SESSION['login_error'] = True; header("Location: ../public/index.php"); }