function resetPassword($ticket, $emailAddress, $newPassword)
{
//Create query
$databaseQuery = "SELECT * FROM login WHERE emailAddress='{$emailAddress}'";
//Execute Database query
$result = executeDatabase($databaseQuery);
//Fetch array
while ($row = mysqli_fetch_array($result)) {
//Create ticket based off database
$hash = $row['hash'];
$password = $row['password'];
$checkTicket = $hash . $password;
if ($checkTicket == $ticket) {
//Clean query input
$con = createInstance();
$emailAddress = $con->real_escape_string($emailAddress);
$newPassword = saltPassword($newPassword);
$databaseQuery = "UPDATE login SET password='******' WHERE emailAddress='{$emailAddress}'";
executeDatabase($databaseQuery);
print 'reset';
} else {
print 'brequest';
}
}
}
function loginUser($username, $password)
{
$row = mysql_query("SELECT 'salt' FROM users WHERE username = '******'");
$array = mysql_fetch_array($row);
$salt = $row['salt'];
$password = saltPassword($password, $salt);
return mysql_query("SELECT * FROM users WHERE username = '******' AND password = '******'");
}
function changePassword($ticket, $username, $newPassword)
{
//Create query
$databaseQuery = "SELECT * FROM login WHERE username='******'";
//Execute Database query
$result = executeDatabase($databaseQuery);
//Fetch array
while ($row = mysqli_fetch_array($result)) {
//Create ticket based off database
$hash = $row['hash'];
$password = $row['password'];
$checkTicket = $hash;
if ($checkTicket == $ticket) {
$newPassword = saltPassword($newPassword);
$databaseQuery = "UPDATE login SET password='******' WHERE emailAddress='{$username}'";
executeDatabase($databaseQuery);
print 'reset';
} else {
print 'error';
}
}
}
<?php //Include classes require_once 'classes/class_login.php'; require_once 'classes/class_config.php'; //Check if logged in isLoggedIn(); //For various uses $username = $_SESSION['username']; $password = $_SESSION['password']; //Create session has (same as hash created for reset password, REQUIRED FOR PASSWORD RESET) $hashed_username = saltPassword($username); $sessionHash = $hashed_username; ?> <html> <head> <link href="css/style_home.css" rel="stylesheet" type="text/css" /> <script language="javascript" type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> <script language="javascript" type="text/javascript" src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.10.0/jquery.validate.min.js"></script> <script language="javascript" type="text/javascript" src="scripts/data_handling.js"></script> </head> <body> <div id="nav"> <p class="title"><a href="home.php">Home - <span class="subtitle">Example.com</span></a></p>
header('Access-Control-Allow-Methods: POST,GET,OPTIONS');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
include './db_connection.php';
//load config
function saltPassword($password, $salt)
{
return hash('sha256', $password . $salt);
}
$postdata = file_get_contents("php://input");
$userData = json_decode($postdata);
$username = (string) $userData->username;
$password = (string) $userData->password;
$email = (string) $userData->email;
$age = (string) $userData->age;
$sex = (string) $userData->sex;
$password = saltPassword($password, $username);
$userData = array('correct' => '', 'id_user' => '', 'username' => '', 'email' => '', 'age' => '', 'sex' => '');
if (!empty($username) && !empty($password) && !empty($email) && !empty($age) && !empty($sex)) {
// Check if User exists
$resultsusername = mysql_query("SELECT id_user FROM user WHERE username='******' LIMIT 1") or die("Login error! Code: 003");
$matchusername = mysql_num_rows($resultsusername);
// Check if Email-address exists
$resultsemail = mysql_query("SELECT id_user FROM user WHERE email='" . $email . "' LIMIT 1") or die("Login error! Code: 003");
$matchemail = mysql_num_rows($resultsemail);
if ($matchusername > 0) {
echo '{"userData":' . json_encode($userData) . ', "error": {"code": "001","message": "User existiert bereits"}}';
} else {
if ($matchemail > 0) {
echo '{"userData":' . json_encode($userData) . ', "error": {"code": "003","message": "Email existiert bereits"}}';
} else {
$query = 'INSERT INTO user (username, password, email, age, sex) VALUES ("' . $username . '", "' . $password . '", "' . $email . '", "' . $age . '", "' . $sex . '");';
public function newPassword($pw)
{
return Hash::make(saltPassword($pw));
}
<title>Trying to login</title>
<link type="text/css" rel="Stylesheet" href="stylesheet.css" />
</head>
<body>
<div id="contentDiv">
<?php
if (!isset($_POST['username']) || !isset($_POST['password'])) {
header("location: index.html");
}
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
if (empty($username) || empty($password)) {
echo "<h1>Invalid username or password</h1>Please go back and make sure to fill out all the fields.";
} else {
require_once 'saltpassword.php';
$password_token = saltPassword($_POST['password']);
require_once 'maintain_users.php';
$login_result = viewUserByName($_POST['username']);
if ($login_result) {
$rows = mysql_num_rows($login_result);
if ($rows == 0) {
echo "<h1>Invalid username or password</h1>The username you entered does not exist.";
} else {
$row = mysql_fetch_row($login_result);
$user_password = $row[2];
if ($user_password == $password_token) {
echo "Login was successful...";
session_start();
//Store session data
$_SESSION['username'] = $_POST['username'];
$_SESSION['status'] = $row[5];
$user_name = $_POST['username'];
$user_password = $_POST['password'];
$password = $user_password;
// Erzeugung von Passwort-Hash
// Funktion die Passwort mit Hash kombiniert und den so erzeugten hash zurückgibt
function saltPassword($password, $salt)
{
return hash('sha512', $password . $salt);
}
$random_num = mt_rand();
// // Erzeugung von Passwort-Hash mit Salt
$password_salt = $password;
$userID_salt = $random_num;
// Die UserID dient hier als einfache Möglichkeit für den Salt (hier als Beispiel 5121)
$salt_salt = $userID_salt;
$saltedHash = saltPassword($password_salt, $salt_salt);
// echo $username . ' - ' . $user_password . ' : ' . $saltedHash . ' <br>(Salt: ' . $salt_salt . ')';
// $saltedHash_verify = $_POST['password']; // Fiktive Funktion um salted Hash aus der Datenbank zu laden
// $salt_verify = $random_num; // Fiktive Funktion um UserID abzurufen
// if ($saltedHash == saltPassword($_POST['password'], $random_num)) // Prüfung mit Salt
// {
// echo "Passwort stimmt überein";
// }
// else {
// echo "Nope";
// }
$servername = "localhost";
$username = "******";
$password = "******";
$dbname = "Schule";
// Create connection
die("Connection failed: " . $conn->connect_error);
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!empty($_POST["username"]) && !empty($_POST["password"])) {
$user_hobby = $_POST['hobby'];
// Erzeugung von Passwort-Hash
// Funktion die Passwort mit Hash kombiniert und den so erzeugten hash zurückgibt
function saltPassword($password, $salt)
{
return hash('sha512', $password . $salt);
}
$random_num = mt_rand();
// Erzeugung von Passwort-Hash mit Salt
$user_password = $correct_password;
$user_salt = $random_num;
$password_saltedHash = saltPassword($user_password, $user_salt);
$sql = "INSERT INTO User_DB(Username, Password, Password_Salt, Timestamp, Hobby)\n VALUES ('{$correct_username}', '{$password_saltedHash}', '{$user_salt}', NOW(), '{$user_hobby}')";
if (!$conn->query($sql)) {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
}
$conn->close();
?>
<h3 class="text-center">Datenbank</h3>
<div class="row">
<div class="col-md-6">
<form method="post" action="<?php
echo htmlspecialchars($_SERVER["PHP_SELF"]);
?>
<?php
require_once 'saltpassword.php';
$password = "******";
echo "Password: {$password}<br /><br />";
$saltedPass = saltPassword($password);
echo "Salted Password: {$saltedPass}";
<?php
session_start();
if (isset($_SESSION['status'])) {
$status = $_SESSION['status'];
if ($status == 0) {
echo "<h1>Adding/Updating a user</h1>";
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$firstname = strip_tags($_POST['firstname']);
$lastname = strip_tags($_POST['lastname']);
$statusForm = strip_tags($_POST['status']);
if (!empty($username) && !empty($password) && !empty($firstname) && !empty($lastname) && $statusForm != "") {
if ($statusForm == '0' || $statusForm == '1' || $statusForm == '2') {
require_once 'maintain_users.php';
require_once 'saltpassword.php';
$saltpass = saltPassword($password);
$result = viewUserByName($username);
$rows = mysql_num_rows($result);
if ($rows > 0) {
// This username exists, therefore you need to update.
$row = mysql_fetch_assoc($result);
$id = $row['_id'];
updateUser($id, $username, $saltpass, $firstname, $lastname, $statusForm);
} else {
// This is a new user.
addUser($username, $saltpass, $firstname, $lastname, $statusForm);
}
} else {
echo 'The status you submitted is invalid.';
}
} else {
public function doLogin()
{
if (Auth::check()) {
return Redirect::route('userprofile', array('id' => Auth::user()->id));
}
if (Input::has('_token')) {
$username = Input::get('username');
$salted = saltPassword(Input::get('password'));
if (Auth::attempt(array('username' => $username, 'password' => $salted), true)) {
// authenticated, but let's check for account status
$status = Auth::user()->status;
if ($status == 'verified') {
msg('Login successful. Welcome!');
return Redirect::intended('user/' . Auth::user()->id);
} elseif ($status == 'unverified') {
msg('Login failed. You need to click the link in the confirmation email we sent you.');
Auth::logout();
} elseif ($status == 'blocked') {
msg('Login failed. Your account has been blocked. Check with the site administrators to get your account reactivated.');
Auth::logout();
} else {
msg('Login failed.');
Auth::logout();
}
} else {
err('Login Failed. Did you forget your password?');
return Redirect::route('login')->withInput(Input::except('password'));
}
}
return View::make('user.login');
}
}
$input_username = $_POST['username'];
$input_password = $_POST['password'];
$input_hobby = $_POST['hobby'];
// Erzeugung von Passwort-Hash
// Funktion die Passwort mit Hash kombiniert und den so erzeugten hash zurückgibt
function saltPassword($password, $salt)
{
return hash('sha512', $password . $salt);
}
$random_num = mt_rand();
// Erzeugung von Passwort-Hash mit Salt
$password_salt = $input_password;
$userID_salt = $random_num;
$salted = $userID_salt;
$saltedHashPw = saltPassword($password_salt, $salted);
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$sql = "INSERT INTO `Freunde`(`Username`, `Password`, `Random_Salt`, `TimeStamp`, `Hobby`)\n VALUES ('{$input_username}', '{$saltedHashPw}', '{$salted}', NOW(), '{$input_hobby}')";
if (!$conn->query($sql)) {
echo "Error: " . $sql . "<br>" . $conn->error;
} else {
echo "Benutzer angelegt";
}
}
// $prepared = $conn->prepare($sql);
// $prepared->bind_param("sss", $input_username, $saltedHashPw, $userID_salt);
// $prepared->execute();
// $conn->close();
// Select data
// $sql = "SELECT * FROM `Freunde` WHERE 1";
// $result = $conn->query($sql);
