/**
*
* @return true if the hash password matches with the hash for the username and password
*
*/
public static function verifyPass($algo, $hash, $salt, $username, $password)
{
$attempt = authUtil::makePassHash($algo, $salt, $username, $password);
// Slow equals, so check functions in linear time (more secure than traditional equals)
// Checks if the same size (continues to check equality anyway, for constant time)
$diff = strlen($hash) ^ strlen($attempt);
// Iterates through every character and OR's the XOR'ed value of both string's characters at that iterative point
for ($i = 0; $i < strlen($hash) && $i < strlen($attempt); $i++) {
$diff |= ord($hash[$i]) ^ ord($attempt[$i]);
}
// Return whether or not the strings are different
return $diff === 0;
}
/**
* Adds the given user the database if the user is not already in the database.
* @return null on success and string containing error message on error.
*/
public function addUser()
{
echo "starting the salt";
$salt = authUtil::makeSalt(SALTSIZE);
echo "passed the salt";
$hash = authUtil::makePassHash(HASHALGO, $salt, $this->player_tag, $this->password);
$sql = SqlConnect::getInstance();
$result = $sql->runQuery("SELECT member_id FROM Member where player_tag = '" . $this->player_tag . "';");
if ($result->num_rows != 0) {
return "Username already exists. Please select a different username.";
}
$query = "INSERT INTO Member (player_tag, email, pass_hash, salt) VALUES ('" . $this->player_tag . "', '" . $this->email . "', '" . $hash . "', '" . $salt . "');";
$result = $sql->runQuery($query);
$result = $sql->runQuery("SELECT member_id FROM Member where player_tag = '" . $this->player_tag . "';");
$this->id = $result->fetch_assoc()["member_id"];
$_SESSION["id"] = $this->id;
$_SESSION["player_tag"] = $this->player_tag;
return NULL;
}
