function LoadPatientTable($truncate_table = false) { $MyHash = new PasswordHash(); //Truncate table if needed (empty table, without dropping it.) if ($truncate_table) { $trunc = $this->DbConn->rawQuery('truncate patient'); } $uid = 1; foreach ($this->Users as $user) { $picture_name = strrchr($user->picture, '/'); exec("wget {$user->picture} -O /var/www/media/images{$picture_name}"); list($algorithm, $iterations, $salt, $hash) = explode(":", $MyHash->create_hash($user->password)); $data = array('patient_id' => $uid, 'title' => ucfirst(strtolower($user->name->title)), 'fname' => ucfirst(strtolower($user->name->first)), 'middle' => chr(rand(65, 87)) . ".", 'lname' => ucfirst(strtolower($user->name->last)), 'dob' => $user->dob, 'street_address' => ucwords(strtolower($user->location->street)), 'city' => ucwords(strtolower($user->location->city)), 'state' => strtoupper($user->location->state), 'zip' => $user->location->zip, 'email' => strtolower($user->email), 'username' => $user->username, 'sex' => $user->gender, 'race' => $this->RandomRace(), 'bmi' => rand(10, 30), 'height' => rand(48, 78), 'weight' => rand(100, 300), 'salt' => $salt, 'iterations' => $iterations, 'algorithm' => $algorithm, 'hash' => $hash, 'registered' => $user->registered, 'phone' => $user->phone, 'cell' => $user->cell, 'ssn' => $user->SSN, 'picture_path' => '/var/www/media/images' . $picture_name, 'picture_url' => 'http://msu2u.net/media/images' . $picture_name); $id = $this->DbConn->insert('patient', $data); if ($id) { echo 'user was created. Id=' . $id; } $uid++; } }
if (isset($_POST['user_name']) && isset($_POST['user_password']) && isset($_POST['user_email']) && isset($_POST['Register'])) { $db = new PDO('mysql:host=' . DB_HOST . ';dbname=' . DB_NAME . ';charset=utf8', DB_USER, DB_PASS); $userCheck = $db->prepare('SELECT * FROM ovr_lists_login WHERE user_name = :user'); $userCheck->execute(array('user' => $_POST['user_name'])); $emailCheck = $db->prepare('SELECT * FROM ovr_lists_login WHERE user_email = :email'); $emailCheck->execute(array('email' => $_POST['user_email'])); if ($userCheck->rowCount() > 0) { # No duplicate user names echo "Sorry, that username is already in use"; } else { if ($emailCheck->rowCount() > 0) { # No duplicate emails echo "Sorry, that email is already in use"; } else { # Carry on with registration $passwordHash = PasswordHash::create_hash($_POST['user_password']); $addUser = $db->prepare("INSERT INTO ovr_lists_login (user_name,user_password_hash,user_email)\n VALUES(:user_name, :user_password_hash, :user_email)"); $addUser->execute(array('user_name' => $_POST['user_name'], 'user_password_hash' => $passwordHash, 'user_email' => $_POST['user_email'])); $userId = $db->lastInsertId(); $activation_hash_string = $userId . $_POST['user_name'] . $_POST['user_email'] . $passwordHash; $activation = urlencode(hash_hmac('sha256', $activation_hash_string, $passwordHash)); $mandrillAPI = new Mandrill(getenv('MANDRILL_API')); $textBody = <<<AAA Lists account request User: {$_POST['user_name']} Email: {$_POST['user_email']}
<?php session_start(); require_once "../../PasswordHashClass.php"; $DB = new DB('sqlite::memory:'); // Replace with your own if (isset($_POST['username']) && isset($_POST['password'])) { // Other validation logic can take place here $hashed = PasswordHash::create_hash($_POST['password']); $check = $DB->pQuery("SELECT * FROM user_accounts WHERE username = ?", array($_POST['username'])); if (!empty($check)) { $_SESSION['msg'] = "Username already in use."; header("Location: /signup.php"); } else { $res = $DB->pQuery("INSERT INTO user_accounts (username, password) VALUES (?, ?);", array($_POST['username'], $hashed)); if ($res) { $_SESSION['msg'] = "Your registration was successful!"; header("Location: /login.php"); } else { $_SESSION['msg'] = "An error has occurred."; header("Location: /signup.php"); } } exit; } else { // Just a basic HTML form ?> <!DOCTYPE html> <html> <head> <title>DEMO</title>
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once 'PasswordHash.php'; $MyHash = new PasswordHash(); echo "Sample hash:\n"; $hash = $MyHash->create_hash("test_password"); echo $hash . "\n"; echo "Sample hash:\n"; $hash = $MyHash->create_hash("rugger31"); echo $hash . "\n"; echo "Sample hash:\n"; $hash = $MyHash->create_hash("Rugger31!"); echo $hash . "\n"; echo "\nTest results:\n"; // Test vector raw output. $a = bin2hex($MyHash->pbkdf2("sha1", "password", "salt", 2, 20, true)); $b = "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"; if ($a === $b) { echo "pass\n"; } else { echo "FAIL\n";