function resetPassword($ticket, $emailAddress, $newPassword) { //Create query $databaseQuery = "SELECT * FROM login WHERE emailAddress='{$emailAddress}'"; //Execute Database query $result = executeDatabase($databaseQuery); //Fetch array while ($row = mysqli_fetch_array($result)) { //Create ticket based off database $hash = $row['hash']; $password = $row['password']; $checkTicket = $hash . $password; if ($checkTicket == $ticket) { //Clean query input $con = createInstance(); $emailAddress = $con->real_escape_string($emailAddress); $newPassword = saltPassword($newPassword); $databaseQuery = "UPDATE login SET password='******' WHERE emailAddress='{$emailAddress}'"; executeDatabase($databaseQuery); print 'reset'; } else { print 'brequest'; } } }
function loginUser($username, $password) { $row = mysql_query("SELECT 'salt' FROM users WHERE username = '******'"); $array = mysql_fetch_array($row); $salt = $row['salt']; $password = saltPassword($password, $salt); return mysql_query("SELECT * FROM users WHERE username = '******' AND password = '******'"); }
function changePassword($ticket, $username, $newPassword) { //Create query $databaseQuery = "SELECT * FROM login WHERE username='******'"; //Execute Database query $result = executeDatabase($databaseQuery); //Fetch array while ($row = mysqli_fetch_array($result)) { //Create ticket based off database $hash = $row['hash']; $password = $row['password']; $checkTicket = $hash; if ($checkTicket == $ticket) { $newPassword = saltPassword($newPassword); $databaseQuery = "UPDATE login SET password='******' WHERE emailAddress='{$username}'"; executeDatabase($databaseQuery); print 'reset'; } else { print 'error'; } } }
<?php //Include classes require_once 'classes/class_login.php'; require_once 'classes/class_config.php'; //Check if logged in isLoggedIn(); //For various uses $username = $_SESSION['username']; $password = $_SESSION['password']; //Create session has (same as hash created for reset password, REQUIRED FOR PASSWORD RESET) $hashed_username = saltPassword($username); $sessionHash = $hashed_username; ?> <html> <head> <link href="css/style_home.css" rel="stylesheet" type="text/css" /> <script language="javascript" type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> <script language="javascript" type="text/javascript" src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.10.0/jquery.validate.min.js"></script> <script language="javascript" type="text/javascript" src="scripts/data_handling.js"></script> </head> <body> <div id="nav"> <p class="title"><a href="home.php">Home - <span class="subtitle">Example.com</span></a></p>
header('Access-Control-Allow-Methods: POST,GET,OPTIONS'); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept'); include './db_connection.php'; //load config function saltPassword($password, $salt) { return hash('sha256', $password . $salt); } $postdata = file_get_contents("php://input"); $userData = json_decode($postdata); $username = (string) $userData->username; $password = (string) $userData->password; $email = (string) $userData->email; $age = (string) $userData->age; $sex = (string) $userData->sex; $password = saltPassword($password, $username); $userData = array('correct' => '', 'id_user' => '', 'username' => '', 'email' => '', 'age' => '', 'sex' => ''); if (!empty($username) && !empty($password) && !empty($email) && !empty($age) && !empty($sex)) { // Check if User exists $resultsusername = mysql_query("SELECT id_user FROM user WHERE username='******' LIMIT 1") or die("Login error! Code: 003"); $matchusername = mysql_num_rows($resultsusername); // Check if Email-address exists $resultsemail = mysql_query("SELECT id_user FROM user WHERE email='" . $email . "' LIMIT 1") or die("Login error! Code: 003"); $matchemail = mysql_num_rows($resultsemail); if ($matchusername > 0) { echo '{"userData":' . json_encode($userData) . ', "error": {"code": "001","message": "User existiert bereits"}}'; } else { if ($matchemail > 0) { echo '{"userData":' . json_encode($userData) . ', "error": {"code": "003","message": "Email existiert bereits"}}'; } else { $query = 'INSERT INTO user (username, password, email, age, sex) VALUES ("' . $username . '", "' . $password . '", "' . $email . '", "' . $age . '", "' . $sex . '");';
public function newPassword($pw) { return Hash::make(saltPassword($pw)); }
<title>Trying to login</title> <link type="text/css" rel="Stylesheet" href="stylesheet.css" /> </head> <body> <div id="contentDiv"> <?php if (!isset($_POST['username']) || !isset($_POST['password'])) { header("location: index.html"); } $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); if (empty($username) || empty($password)) { echo "<h1>Invalid username or password</h1>Please go back and make sure to fill out all the fields."; } else { require_once 'saltpassword.php'; $password_token = saltPassword($_POST['password']); require_once 'maintain_users.php'; $login_result = viewUserByName($_POST['username']); if ($login_result) { $rows = mysql_num_rows($login_result); if ($rows == 0) { echo "<h1>Invalid username or password</h1>The username you entered does not exist."; } else { $row = mysql_fetch_row($login_result); $user_password = $row[2]; if ($user_password == $password_token) { echo "Login was successful..."; session_start(); //Store session data $_SESSION['username'] = $_POST['username']; $_SESSION['status'] = $row[5];
$user_name = $_POST['username']; $user_password = $_POST['password']; $password = $user_password; // Erzeugung von Passwort-Hash // Funktion die Passwort mit Hash kombiniert und den so erzeugten hash zurückgibt function saltPassword($password, $salt) { return hash('sha512', $password . $salt); } $random_num = mt_rand(); // // Erzeugung von Passwort-Hash mit Salt $password_salt = $password; $userID_salt = $random_num; // Die UserID dient hier als einfache Möglichkeit für den Salt (hier als Beispiel 5121) $salt_salt = $userID_salt; $saltedHash = saltPassword($password_salt, $salt_salt); // echo $username . ' - ' . $user_password . ' : ' . $saltedHash . ' <br>(Salt: ' . $salt_salt . ')'; // $saltedHash_verify = $_POST['password']; // Fiktive Funktion um salted Hash aus der Datenbank zu laden // $salt_verify = $random_num; // Fiktive Funktion um UserID abzurufen // if ($saltedHash == saltPassword($_POST['password'], $random_num)) // Prüfung mit Salt // { // echo "Passwort stimmt überein"; // } // else { // echo "Nope"; // } $servername = "localhost"; $username = "******"; $password = "******"; $dbname = "Schule"; // Create connection
die("Connection failed: " . $conn->connect_error); } if ($_SERVER["REQUEST_METHOD"] == "POST") { if (!empty($_POST["username"]) && !empty($_POST["password"])) { $user_hobby = $_POST['hobby']; // Erzeugung von Passwort-Hash // Funktion die Passwort mit Hash kombiniert und den so erzeugten hash zurückgibt function saltPassword($password, $salt) { return hash('sha512', $password . $salt); } $random_num = mt_rand(); // Erzeugung von Passwort-Hash mit Salt $user_password = $correct_password; $user_salt = $random_num; $password_saltedHash = saltPassword($user_password, $user_salt); $sql = "INSERT INTO User_DB(Username, Password, Password_Salt, Timestamp, Hobby)\n VALUES ('{$correct_username}', '{$password_saltedHash}', '{$user_salt}', NOW(), '{$user_hobby}')"; if (!$conn->query($sql)) { echo "Error: " . $sql . "<br>" . $conn->error; } } } $conn->close(); ?> <h3 class="text-center">Datenbank</h3> <div class="row"> <div class="col-md-6"> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>
<?php require_once 'saltpassword.php'; $password = "******"; echo "Password: {$password}<br /><br />"; $saltedPass = saltPassword($password); echo "Salted Password: {$saltedPass}";
<?php session_start(); if (isset($_SESSION['status'])) { $status = $_SESSION['status']; if ($status == 0) { echo "<h1>Adding/Updating a user</h1>"; $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); $firstname = strip_tags($_POST['firstname']); $lastname = strip_tags($_POST['lastname']); $statusForm = strip_tags($_POST['status']); if (!empty($username) && !empty($password) && !empty($firstname) && !empty($lastname) && $statusForm != "") { if ($statusForm == '0' || $statusForm == '1' || $statusForm == '2') { require_once 'maintain_users.php'; require_once 'saltpassword.php'; $saltpass = saltPassword($password); $result = viewUserByName($username); $rows = mysql_num_rows($result); if ($rows > 0) { // This username exists, therefore you need to update. $row = mysql_fetch_assoc($result); $id = $row['_id']; updateUser($id, $username, $saltpass, $firstname, $lastname, $statusForm); } else { // This is a new user. addUser($username, $saltpass, $firstname, $lastname, $statusForm); } } else { echo 'The status you submitted is invalid.'; } } else {
public function doLogin() { if (Auth::check()) { return Redirect::route('userprofile', array('id' => Auth::user()->id)); } if (Input::has('_token')) { $username = Input::get('username'); $salted = saltPassword(Input::get('password')); if (Auth::attempt(array('username' => $username, 'password' => $salted), true)) { // authenticated, but let's check for account status $status = Auth::user()->status; if ($status == 'verified') { msg('Login successful. Welcome!'); return Redirect::intended('user/' . Auth::user()->id); } elseif ($status == 'unverified') { msg('Login failed. You need to click the link in the confirmation email we sent you.'); Auth::logout(); } elseif ($status == 'blocked') { msg('Login failed. Your account has been blocked. Check with the site administrators to get your account reactivated.'); Auth::logout(); } else { msg('Login failed.'); Auth::logout(); } } else { err('Login Failed. Did you forget your password?'); return Redirect::route('login')->withInput(Input::except('password')); } } return View::make('user.login'); }
} $input_username = $_POST['username']; $input_password = $_POST['password']; $input_hobby = $_POST['hobby']; // Erzeugung von Passwort-Hash // Funktion die Passwort mit Hash kombiniert und den so erzeugten hash zurückgibt function saltPassword($password, $salt) { return hash('sha512', $password . $salt); } $random_num = mt_rand(); // Erzeugung von Passwort-Hash mit Salt $password_salt = $input_password; $userID_salt = $random_num; $salted = $userID_salt; $saltedHashPw = saltPassword($password_salt, $salted); if ($_SERVER["REQUEST_METHOD"] == "POST") { $sql = "INSERT INTO `Freunde`(`Username`, `Password`, `Random_Salt`, `TimeStamp`, `Hobby`)\n VALUES ('{$input_username}', '{$saltedHashPw}', '{$salted}', NOW(), '{$input_hobby}')"; if (!$conn->query($sql)) { echo "Error: " . $sql . "<br>" . $conn->error; } else { echo "Benutzer angelegt"; } } // $prepared = $conn->prepare($sql); // $prepared->bind_param("sss", $input_username, $saltedHashPw, $userID_salt); // $prepared->execute(); // $conn->close(); // Select data // $sql = "SELECT * FROM `Freunde` WHERE 1"; // $result = $conn->query($sql);