/** * * @return true if the hash password matches with the hash for the username and password * */ public static function verifyPass($algo, $hash, $salt, $username, $password) { $attempt = authUtil::makePassHash($algo, $salt, $username, $password); // Slow equals, so check functions in linear time (more secure than traditional equals) // Checks if the same size (continues to check equality anyway, for constant time) $diff = strlen($hash) ^ strlen($attempt); // Iterates through every character and OR's the XOR'ed value of both string's characters at that iterative point for ($i = 0; $i < strlen($hash) && $i < strlen($attempt); $i++) { $diff |= ord($hash[$i]) ^ ord($attempt[$i]); } // Return whether or not the strings are different return $diff === 0; }
/** * Adds the given user the database if the user is not already in the database. * @return null on success and string containing error message on error. */ public function addUser() { echo "starting the salt"; $salt = authUtil::makeSalt(SALTSIZE); echo "passed the salt"; $hash = authUtil::makePassHash(HASHALGO, $salt, $this->player_tag, $this->password); $sql = SqlConnect::getInstance(); $result = $sql->runQuery("SELECT member_id FROM Member where player_tag = '" . $this->player_tag . "';"); if ($result->num_rows != 0) { return "Username already exists. Please select a different username."; } $query = "INSERT INTO Member (player_tag, email, pass_hash, salt) VALUES ('" . $this->player_tag . "', '" . $this->email . "', '" . $hash . "', '" . $salt . "');"; $result = $sql->runQuery($query); $result = $sql->runQuery("SELECT member_id FROM Member where player_tag = '" . $this->player_tag . "';"); $this->id = $result->fetch_assoc()["member_id"]; $_SESSION["id"] = $this->id; $_SESSION["player_tag"] = $this->player_tag; return NULL; }