PHP GetPasswordHash Examples

Example #1

File: privacy.php Project: diamondo25/mapler.me

            // Not the same D:
            $error = 'You entered two different passwords. Try again.';
        }
    }
    if ($error == '') {
        $query = $__database->query("SELECT password, salt FROM accounts WHERE id = " . $_loginaccount->GetId());
        if ($query->num_rows == 1) {
            $row = $query->fetch_assoc();
            $encrypted = GetPasswordHash($_POST['passwordOld'], $row['salt']);
            if ($encrypted === $row['password']) {
                // New hash!
                $salt = '';
                for ($i = 0; $i < 8; $i++) {
                    $salt .= chr(0x30 + rand(0, 20));
                }
                $encrypted = GetPasswordHash($_POST['passwordNew2'], $salt);
                $__database->query("UPDATE accounts SET password = '******', salt = '" . $salt . "' WHERE id = " . $_loginaccount->GetId());
                ?>
<p class="lead alert-info alert">Your password has been successfully changed!</p>
<?php 
            }
        } else {
            $error = 'Something went wrong!';
        }
    }
    if ($error != '') {
        ?>
<p class="lead alert-warn alert"><?php 
        echo $error;
        ?>
</p>

Example #2

File: deleteaccount.php Project: diamondo25/mapler.me

<?php

require_once __DIR__ . '/../inc/functions.php';
$success = null;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['confirm'])) {
    $query = $__database->query("SELECT password, salt FROM accounts WHERE id = " . $_loginaccount->GetId());
    if ($query->num_rows == 1) {
        $row = $query->fetch_assoc();
        $encrypted = GetPasswordHash($_POST['confirm'], $row['salt']);
        if ($encrypted === $row['password']) {
            $success = 2;
        } else {
            $success = 1;
        }
    }
    if ($success == 2) {
        $wastheirid = $_loginaccount->GetId();
        $username = $_loginaccount->GetUsername();
        $ip = $_loginaccount->GetLastIP();
        $statement = $__database->prepare('INSERT INTO account_deletion_log (id, username, ip, at) VALUES
			(?,?,?,NOW())');
        $statement->bind_param('sss', $wastheirid, $username, $ip);
        $statement->execute();
        $finish = $__database->query("DELETE FROM accounts WHERE id = " . $_loginaccount->GetId());
        $finish->free();
        unset($_SESSION['username']);
        session_destroy();
        SetMaplerCookie('login_session', '', -100);
        require_once __DIR__ . '/../inc/header.php';
        if ($statement->affected_rows == 1) {
            ?>

Example #3

File: login.php Project: diamondo25/mapler.me

    require_once __DIR__ . '/inc/footer.php';
    die;
    // Prevent error after login
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (!isset($_POST['username'], $_POST['password'])) {
        // $error = "Opps! Your username or password was not included.";
        $error = "Opps! Your e-mail or password was not included.";
    } else {
        $username = $__database->real_escape_string($_POST['username']);
        $password = $_POST['password'];
        // $query = $__database->query("SELECT * FROM accounts WHERE username = '******'");
        $query = $__database->query("SELECT * FROM accounts WHERE email = '" . $username . "'");
        if ($query->num_rows == 1) {
            $row = $query->fetch_assoc();
            $encrypted = GetPasswordHash($password, $row['salt']);
            if ($encrypted === $row['password']) {
                $_SESSION['username'] = $row['username'];
                $_loginaccount = new Account($row);
                $_loggedin = true;
                $__database->query("UPDATE accounts SET last_login = NOW(), last_ip = '" . $_SERVER['REMOTE_ADDR'] . "' WHERE id = " . $_loginaccount->GetID());
                /*
                $code = md5(time().' -- -- -- -- - '.$_loginaccount->GetID().' - '.$_loginaccount->GetUsername());
                $__database->query("
                INSERT INTO 
                	account_tokens 
                VALUES 
                	(".$_loginaccount->GetID().", 'login_token', '".$code."', DATE_ADD(NOW(), INTERVAL 10 YEAR))
                ON DUPLICATE KEY UPDATE
                	`code` = VALUES(`code`),
                	`till` = VALUES(`till`)

Example #4

File: login.php Project: diamondo25/mapler.me

 RetrieveInputPOST('email', 'password');
 $addr = $__database->real_escape_string($_SERVER['REMOTE_ADDR']);
 $q = $__database->query("SELECT COUNT(*) FROM login_requests WHERE ip = '" . $addr . "' AND DATE_ADD(NOW(), INTERVAL 1 DAY) > NOW()");
 $row = $q->fetch_row();
 $amount = $row[0];
 $q->free();
 if ($amount > 10) {
     die('ERROR:Too many failed requests. Try again in a day');
 }
 $q = $__database->query("SELECT id, password, salt FROM accounts WHERE email = '" . $__database->real_escape_string($P['email']) . "'");
 if ($q->num_rows == 0) {
     $__database->query("INSERT INTO login_requests VALUES (NULL, '" . $addr . "', NOW(), 'login')");
     die('ERROR:Invalid username or password');
 }
 $row = $q->fetch_row();
 $encrypted = GetPasswordHash($P['password'], $row[2]);
 if ($encrypted != $row[1]) {
     $__database->query("INSERT INTO login_requests VALUES (NULL, '" . $addr . "', NOW(), 'login')");
     die('ERROR:Invalid username or password');
 }
 // Success! Now, lets get the cookie
 $query = $__database->query("\nSELECT \n\tat.`code`\nFROM \n\taccount_tokens at\nWHERE\n\tat.account_id = " . $row[0] . "\n\tAND\n\tat.type = 'client_token'\n\tAND \n\tat.till > NOW()\n");
 $code = '';
 if ($query->num_rows == 0) {
     // Create new
     $code = md5(time() . ' --- ' . $row[0] . ' - ' . $P['email']);
     $__database->query("\nINSERT INTO \n\taccount_tokens \nVALUES \n\t(" . $row[0] . ", 'client_token', '" . $code . "', DATE_ADD(NOW(), INTERVAL 1 YEAR))\nON DUPLICATE KEY UPDATE\n\t`code` = VALUES(`code`),\n\t`till` = VALUES(`till`)\n");
 } else {
     // Use old one
     $row = $query->fetch_row();
     $code = $row[0];

Example #5

File: register.php Project: diamondo25/mapler.me

        //	if ($result->num_rows == 1) {
        //		$__database->query('UPDATE beta_invite_keys SET assigned_to = ''.$username.'' WHERE invite_key = ''.$key.''');
        //	}
        //	else {
        //		$error = 'Incorrect beta code, or it was already used!'; // Default response!
        //		$errorList['key'] = true;
        //	}
        //	$result->free();
        // }
        if (count($errorList) == 0) {
            // Add account
            $salt = '';
            for ($i = 0; $i < 8; $i++) {
                $salt .= chr(0x30 + rand(0, 20));
            }
            $encryptedpassword = GetPasswordHash($_POST['password'], $salt);
            $ip_address = $_SERVER['REMOTE_ADDR'];
            $fullname = $__database->real_escape_string($_POST['fullname']);
            $nickname = $__database->real_escape_string($_POST['nickname']);
            $statement = $__database->prepare('INSERT INTO accounts 
				(id, username, password, salt, full_name, email, nickname, last_login, last_ip, registered_on) VALUES
				(NULL,?,?,?,?,?,?,NOW(),?,NOW())');
            $statement->bind_param('sssssss', $username, $encryptedpassword, $__database->real_escape_string($salt), $fullname, $email, $nickname, $ip_address);
            $statement->execute();
            if ($statement->affected_rows == 1) {
                $to = $email;
                // subject
                $subject = 'Mapler.me - Welcome!';
                // message
                $message = file_get_contents('inc/templates/emails/signup.php');
                // To send HTML mail, the Content-type header must be set