public function login($request, $response, $args) { $data = json_decode($request->getBody()); $user = R::findOne('user', 'username = ?', [$data->username]); if ($user === null) { $this->logger->addError('Login Attempt', [$data]); $this->apiJson->addAlert('error', 'Invalid username or password.'); return $this->jsonResponse($response, 401); } if (!password_verify($data->password, $user->password_hash)) { $this->logger->addError('Login Attempt ', [$data]); $this->apiJson->addAlert('error', 'Invalid username or password.'); return $this->jsonResponse($response, 401); } if (!$user->is_active) { $this->logger->addError('Login Attempt Inactive User ', [$data]); $this->apiJson->addAlert('error', 'This username is not active.'); return $this->jsonResponse($response, 403); } $jwt = self::createJwt($user->id, $data->remember ? 100 : 1); $user = R::load('user', $user->id); $user->active_token = $jwt; $user->last_login = time(); $user->logins += 1; R::store($user); $this->apiJson->setSuccess(); $this->apiJson->addData($this->sanitizeUser($user)); return $this->jsonResponse($response); }
function login() { $link = $this->db_connection(); $pass = $_POST['user_password']; $user = $_POST['user_name']; $query = "SELECT password, user_type, name FROM user WHERE user_name='{$user}'"; $result = mysqli_query($link, $query) or die(mysqli_error($link)); if (mysqli_num_rows($result) == 1) { $result = mysqli_fetch_array($result); //$hash= password_hash($result[0], PASSWORD_DEFAULT); //$hash=$result[0]; //echo $hash; //print_r($result); // if($result[0]==$pass){ if (password_verify($pass, $result[0])) { session_start(); $_SESSION['type'] = $result[1]; $_SESSION['name'] = $result[2]; //echo $_SESSION['type'].'<br>'.$_SESSION['name']=$result[2]; header("Location:card.php"); } else { return $error = TRUE; } } else { return $error = TRUE; } }
function loginuser($username, $password) { require '../vendor/autoload.php'; $result = array(); try { $uri = "mongodb://*****:*****@ds027483.mongolab.com:27483/heroku_v7w2qftd"; $client = new MongoClient($uri); $db = $client->selectDB("heroku_v7w2qftd"); $users = $db->users; $user = $users->findOne(array("username" => $username)); $passhash = $user["password"]; $firstname = $user["firstname"]; $lastname = $user["lastname"]; $middlename = $user["middlename"]; $email = $user["email"]; } catch (Exception $e) { $result['message'] = "Trouble connecting to database"; } if ($user == null) { $result["message"] = "User doesn't exist"; } else { if (password_verify($password, $passhash)) { $result["message"] = "SUCCESS"; $result["username"] = $username; $result["firstname"] = $firstname; $result["lastname"] = $lastname; $result["middlename"] = $middlename; $result["email"] = $email; } else { $result["message"] = "Password doesn't match"; } } return $result; }
public function postLogin(Request $request) { $this->validate($request, ['username' => 'required', 'password' => 'required']); $credentials = $request->only('username', 'password', 'active'); $employee = Employee::where('username', $credentials['username'])->where('active', true)->first(); if ($employee != null && password_verify($credentials['password'], $employee->password)) { if (!$employee->isadmin) { if (getenv('HTTP_X_FORWARDED_FOR')) { $ip = getenv('HTTP_X_FORWARDED_FOR'); } else { $ip = getenv('REMOTE_ADDR'); } $host = gethostbyaddr($ip); $ipAddress = 'Address : ' . $ip . ' Host : ' . $host; $count = Ipaddress::where('ip', $ip)->count(); $today = date("Y-m-d"); if ($count == 0 || $employee->loginstartdate == null || $today < date('Y-m-d', strtotime($employee->loginstartdate)) || $employee->loginenddate != null && $today > date('Y-m-d', strtotime($employee->loginenddate))) { return view('errors.permissiondenied', ['ipAddress' => $ipAddress]); } if ($employee->branchid == null) { return redirect($this->loginPath())->withInput($request->only('username', 'remember'))->withErrors(['username' => 'บัญชีเข้าใช้งานของคุณยังไม่ได้ผูกกับสาขา โปรดติดต่อหัวหน้า หรือผู้ดูแล']); } } if ($this->auth->attempt($credentials, $request->has('remember'))) { return redirect()->intended($this->redirectPath()); } } else { return redirect($this->loginPath())->withInput($request->only('username', 'remember'))->withErrors(['username' => $this->getFailedLoginMessage()]); } }
/** * Mengecek nilai plain yang diberi dengan hash. * * @param string $value * @param string $hashed_value * @return bool */ public static function check($value, $hashed_value) { if (strlen($hashed_value === 0)) { return false; } return password_verify($value, $hashed_value); }
/** * Validate that the given username and password are valid * * @param string $user Username * @param string $pass Password * @param boolean $isMd5 Flag to indicate whether incoming password * is plaintext or md5 * * @return boolean */ public function validate($user, $userPass, $isMd5 = false, CI_Input $input = null) { $ret = $this->getUserByUsername($user); // make sure we're using an md5 format, passwords are hashed md5s (yes, really) $pass = $isMd5 ? $userPass : md5($userPass); // did we get a row and do the passwords match? if (isset($ret[0])) { if (password_verify($pass, $ret[0]->password)) { return true; } else { // may be the password in the database was stored when CI's // global_xss_filtering was set to true. We can only test for // this if the password passed in was not md5'd. if (false === $isMd5) { $pass = $input->xss_clean($userPass); $pass = md5($pass); if (password_verify($pass, $ret[0]->password)) { // it was! Let's store the actually $userPass $password = password_hash(md5($userPass), PASSWORD_DEFAULT); $this->db->where('username', $user); $this->db->update('user', array('password' => $password)); return true; } } } } return false; }
function login($username, $password) { $pdo = pdo(); $statement = $pdo->prepare("SELECT * FROM users WHERE username LIKE '{$username}'"); $statement->execute(); $rowcount = $statement->rowCount(); if ($rowcount >= 1) { //echo 'username found!'; $statement2 = $pdo->prepare("SELECT username FROM users WHERE username LIKE '{$username}'"); $statement2->execute(); $hash = $statement->fetch(); $hash = $hash['password']; if (password_verify($password, $hash)) { //echo 'username and password match! - declaring session variables.'; $_SESSION['username'] = $username; $_SESSION['password'] = $password; return 1; //username and password is a match! Successful login! } else { //wrong username or password! return 2; } } else { //there is no account with that username return 3; } }
function authenticate($username, $password) { $db = new PDO('mysql:dbname=dwa;host=localhost;charset=utf8', 'dbuser', '123'); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try { $stmt = $db->prepare("SELECT zaporka FROM korisnik WHERE korIme = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); $hash = $result['zaporka']; if(!password_verify($password, $hash)) { return false; } $stmt = $db->prepare("SELECT id, korIme, ime FROM korisnik WHERE korIme = :username"); $stmt->bindParam(':username', $username); $stmt->execute(); $user = $stmt->fetch(); $_SESSION['user'] = $user['korIme']; return true; } catch(PDOException $ex) { echo "Nes ne valja: ".$ex->getMessage(); return false; } }
public function login() { //if (auth()->is_logged()) { // return redirect(base_url('dashboard')); // } $this->form_validation->set_rules('emailid', 'Email ID', 'trim|required|valid_email'); $this->form_validation->set_rules('password', 'Password', 'trim|required'); if ($this->form_validation->run() == FALSE) { $this->showLogin(); } else { $user = $this->User_model->getByEmail($this->input->post('emailid')); if (empty($user)) { $data = array('message' => 'Invalid Email ID.'); } elseif (!password_verify($this->input->post('password'), $user->password)) { $data = array('message' => 'Wrong Password.'); } elseif ($user->status != '1') { $data = array('message' => 'Your account needs activation.'); } else { auth()->login($user->u_id); return redirect(base_url('dashboard')); } $data['page'] = 'auth/login'; $this->load->view('auth', $data); } }
function passwordExists($dbConn, $username, $password) { $isValid = false; $dbQuery = "SELECT Password FROM USERS WHERE Username = '******' LIMIT 1"; FB::info('passwordExists() query: ' . $dbQuery); $dbRows = mysqli_query($dbConn, $dbQuery); $dbValues = mysqli_fetch_assoc($dbRows); $dbPassword = $dbValues['Password']; if (password_verify($password, $dbPassword)) { $isValid = true; FB::log('Password is valid!'); // Check if the password needs a rehash. if (password_needs_rehash($dbPassword, PASSWORD_DEFAULT)) { FB::log('Rehashing password!'); $dbPassword = password_hash($password, PASSWORD_DEFAULT); $dbQuery = "UPDATE USERS SET Password = '******' WHERE Username = '******'"; FB::info('Password rehash query: ' . $dbQuery); $dbRows = mysqli_query($dbConn, $dbQuery); if ($dbRows) { FB::log('Password rehash successful!'); } else { FB::error('Password rehash failed: ' . mysqli_error($dbConn)); } } } return $isValid; }
public function loginUser() { $this->load->library(["form_validation"]); $this->load->helper("date"); $this->form_validation->set_rules("username", "Username", "trim|required"); $this->form_validation->set_rules("password", "Password", "required"); $message = []; $template = "loginForm"; if ($this->form_validation->run()) { $this->load->model("Users"); $user_login_data = ["login" => $this->input->post("username", true), "password" => $this->input->post("password")]; $login_data = $this->Users->getUserByLogin($user_login_data["login"]); if (!empty($login_data)) { if (password_verify($user_login_data["password"], $login_data->password)) { $id_time = $this->Users->setLoginTime(["ip" => ip2long($this->input->server("REMOTE_ADDR")), "logged_at" => date("Y-m-d H:i:s"), "id_user" => $login_data->id]); $this->session->set_userdata("logged_in", ["id_time" => $id_time, "login" => $login_data->login, "email" => $login_data->email, "id" => $login_data->id]); } else { $message = ["error_text" => "Wrong password"]; } } else { $message = ["error_text" => "User doesn't exist"]; } } else { $this->form_validation->set_error_delimiters("<div class = 'text-danger'>", "</div>"); } $this->getUserLoginTime($template, $message); }
function login() { $this->__is_logined(); $this->form_validation->set_rules('email', '이메일', 'required|valid_email'); $this->form_validation->set_rules('password', '비밀번호', 'required'); $isValidate = $this->form_validation->run(); if ($isValidate) { $input_data = array('email' => $this->input->post('email')); $user = $this->user_model->get_user_by_email($input_data); // db 정보와 확인 if ($user != null && $user->email == $input_data['email'] && password_verify($this->input->post('password'), $user->password)) { if ($user->is_admin) { $this->handle_login($user); } else { $this->session->set_flashdata('message', '관리자만 접근할 수 있습니다.'); redirect('auth/login'); } } else { $this->session->set_flashdata('message', '로그인에 실패하였습니다.'); redirect('auth/login'); } } else { if ($this->input->get('returnURL') === "") { $this->__get_views('_AUTH/login'); } $this->__get_views('_AUTH/login', array('returnURL' => $this->input->get('returnURL'))); } }
static function authenticateUser($email, $password) { if (empty($email)) { throw new InvalidArgumentException("email may not be empty", 400); } if (empty($password)) { throw new InvalidArgumentException("password may not be empty", 400); } require_once '../api/include/connect_db.php'; $conn = connect_db(); $email = $conn->real_escape_string($email); $password = $conn->real_escape_string($password); $sql_query = "SELECT `id`,`hash` FROM `users` WHERE "; $sql_query .= "`email`='{$email}' LIMIT 1"; if (!($result = $conn->query($sql_query))) { throw new DatabaseException(); } if ($result->num_rows === 0) { throw new UnexpectedValueException("No such user", 400); } $row = mysqli_fetch_assoc($result); $hash = $row['hash']; $res = password_verify($password, $hash); if (!$res) { throw new UnexpectedValueException("Invalid credentials", 400); } return $row['id']; }
function attempt_login($user, $pass) { global $dbHost, $dbUser, $dbPass, $dbName; $db = mysqli_connect($dbHost, $dbUser, $dbPass, $dbName); if ($db->connect_error) { echo "Failed to connect to Database"; return false; } if (!($query = $db->prepare("SELECT password FROM users WHERE username = ?;"))) { echo "Failed to create query"; return false; } if (!$query->bind_param("s", $user)) { echo "Failed to bind query params"; return false; } if (!$query->execute()) { echo "Failed to execute query"; return false; } $query->store_result(); if ($query->num_rows === 0) { echo "Username does not exist!"; return false; } $query->bind_result($passwordHash); $query->fetch(); return password_verify($pass, $passwordHash); }
/** * Handle posted login data */ public function postShowLoginPage() { if (!$this->signer->validateSignature($this->request->post['_token'])) { header('HTTP/1.0 400 Bad Request'); exit; } $rules = ['email' => 'email|min:3', 'password' => 'min:3']; $validator = new Validator($this->request, $this->response, $this->session); $valid = $validator->validate($rules, '/login'); if ($valid) { $okay = true; $email = $this->request->post['email']; $password = $this->request->post['password']; $user = User::where('email', '=', $email)->first(); if ($user != null) { if (!password_verify($password, $user->password)) { $okay = false; } } else { $okay = false; } if ($user && $user->active == 0) { $okay = false; } if ($okay) { $this->session->put('user', $user); $this->response->withMessage("Successfully logged in")->redirectTo("/"); } else { $this->session->put('_error', 'Invalid login!!'); $this->response->redirectTo('/login'); } } }
function passwordVerifyUF($password, $hash) { if (getPasswordHashTypeUF($hash) == "sha1") { $salt = substr($hash, 0, 25); // Extract the salt from the hash $hash_input = $salt . sha1($salt . $password); if ($hash_input == $hash) { return true; } else { return false; } } else { if (getPasswordHashTypeUF($hash) == "homegrown") { /*used for manual implementation of bcrypt*/ $cost = '12'; if (substr($hash, 0, 60) == crypt($password, "\$2y\$" . $cost . "\$" . substr($hash, 60))) { return true; } else { return false; } // Modern implementation } else { return password_verify($password, $hash); } } }
/** * 用户登陆 * @method POST */ public function login() { $post = $this->get_data(); $mobile = trim($post['mobile']); $zone_code = $post['zone_code'] ? trim($post['zone_code']) : ($post['zonecode'] ? trim($post['zonecode']) : '86'); $zone_code = str_replace('+', '', $zone_code); $password = trim($post['password']); if (empty($mobile)) { $this->send_response(400, NULL, '40001:手机号为空'); } if (!international::check_is_valid($zone_code, $mobile)) { $this->send_response(400, NULL, '40002:手机号码格式不对'); } if ($password == "") { $this->send_response(400, NULL, '40003:密码为空'); } $user = $this->model->get_user_by_mobile($zone_code, $mobile); if (!$user) { $this->send_response(400, NULL, Kohana::lang('user.mobile_not_register')); } if (!password_verify($password, $user['password'])) { $this->send_response(400, NULL, Kohana::lang('user.username_password_not_match')); } $token = $this->model->create_token(3600, TRUE, array('zone_code' => $user['zone_code'], 'mobile' => $user['mobile'], 'id' => (int) $user['id'])); $this->send_response(200, array('id' => (int) $user['uid'], 'name' => $user['username'], 'avatar' => sns::getavatar($user['uid']), 'access_token' => $token['access_token'], 'refresh_token' => $token['refresh_token'], 'expires_in' => $token['expires_in'])); }
public static function Verify($pass, $hash) { if (password_verify($pass, $hash)) { return true; } return false; }
public function check_user($username, $password) { // $username = $this->input->post() // $this->db->where('user_name', $username); // $query = $this->db->get('users'); // if($query->num_rows() > 0 ){ // $row = $query->row('password'); // $db_password = $row->password; // } // if(password_verify($password, $db_password)) // { // return $result->row(0)->user_id; // } else { // $data['error'] = 'Did not match password'; // return $data; // } // ---------------------------------------------------------------------------------------------------------------- $this->db->where('user_name', $username); $result = $this->db->get('users'); $db_password = $result->row(9)->password; if (password_verify($password, $db_password)) { return $result->row(0)->user_id; } else { $data['error'] = 'Did not match password'; return $data; } // ---------------------------------------------------------------------------------------------------------------- }
public function Authenticate(\model\User $user) { if ($this->users->GetUserLoginsForHour($user) > self::$MAX_LOGINS_PER_HOUR) { throw new \Exception("Max login attempts for username '" . $user->GetUserName() . "' reached. Please try again in 30-60 minutes."); } // Assert that the password is in plain text. assert($user->IsPasswordHashed() == false); // Log this login attempt in DAL $this->users->AddLoginAttempt($user); // Get user from database, if user exists $userFromDB = $this->users->GetUserByUsername($user->GetUserName()); if ($userFromDB) { // Verify password in user object against password in db table row. if (password_verify($user->GetPassword(), $userFromDB->GetPassword())) { // Hash password in user object. Does no need to be in clear text anymore. $user->HashPassword(); // Add id from DBuser to user $user->SetUserId($userFromDB->GetUserId()); // Regenerate session session_regenerate_id(true); // Return user from DB return $user; } } return false; }
function session($user, $pass) { $user_file = 'config/users/' . $user . '.ini'; if (!file_exists($user_file)) { return $str = '<li>Username not found in our record.</li>'; } $user_enc = user('encryption', $user); $user_pass = user('password', $user); $user_role = user('role', $user); if ($user_enc == "password_hash") { if (password_verify($pass, $user_pass)) { if (password_needs_rehash($user_pass, PASSWORD_DEFAULT)) { update_user($user, $pass, $user_role); } $_SESSION[config("site.url")]['user'] = $user; header('location: admin'); } else { return $str = '<li>Your username and password mismatch.</li>'; } } else { if (old_password_verify($pass, $user_enc, $user_pass)) { update_user($user, $pass, $user_role); $_SESSION[config("site.url")]['user'] = $user; header('location: admin'); } else { return $str = '<li>Your username and password mismatch.</li>'; } } }
function user_verif($emailLogin, $passwordLogin) { global $pdo; $checkUser = "******"; $pdoStatement = $pdo->prepare($checkUser); $pdoStatement->bindValue(':userEmail', $emailLogin, PDO::PARAM_STR); if ($pdoStatement->execute()) { if ($pdoStatement->rowCount() > 0) { //GET HASHED PWD $res = $pdoStatement->fetch(); $passwordHashed = $res['usr_pwd']; //PWD CHECK if (password_verify($passwordLogin, $passwordHashed)) { $_SESSION['login'] = $emailLogin; $_SESSION['pwd'] = $passwordHashed; return true; } else { echo 'Wrong password.<br/>'; } } else { echo 'Sign in failed<br/>'; } } else { echo 'Query failed<br/>'; } }
function authByLoginPass($login, $password, $rememberme = false) { // IP CONTROL if (!$this->ipDefender()) { $this->error = 'ip-defender'; return false; } $res = q("\n\t\t\tSELECT *\n\t\t\tFROM `fw_users`\n\t\t\tWHERE `login` = '" . es($login) . "'\n\t\t\tLIMIT 1\n\t\t"); if (!$res->num_rows) { $this->error = 'wrong-login'; return false; } $row = $res->fetch_assoc(); if (!password_verify($password, $row['password'])) { $this->error = 'wrong-password'; return false; } if ($row['access'] != 1) { if ($row['access'] == 0) { $this->error = 'wrong-access-confirm'; } else { $this->error = 'wrong-access'; } return false; } if ($rememberme) { $row['hash'] = $this->rememberMe($row['id']); } \User::$data = $row; $_SESSION['user']['id'] = $row['id']; return true; }
public function testPassword() { $password = '******'; $hash = password_hash($password, PASSWORD_BCRYPT); $this->assertNotEmpty($hash); $this->assertTrue(password_verify($password, $hash)); }
/** * User login * * @return void */ public function loginAction() { $this->theme->setTitle("Logga in"); $output = null; $isPosted = $this->request->getPost('login'); $acronym = $this->request->getPost('acronym'); $res = $this->login->query()->where("acronym = '" . $acronym . "'")->execute(); // If form is not posted, do not show message if (!$isPosted) { $output .= null; } elseif ($isPosted && $res) { // Is the password correct? $match = password_verify($this->request->getPost('password'), $res[0]->password); // If not... if (!$match) { $output .= "Fel lösenord."; } else { $this->session->set('user', $acronym); } } else { $output .= "Det finns ingen användare med detta namn."; } // If logged in if ($this->session->has('user')) { $this->theme->setTitle("Du är inloggad"); $user = $this->session->get('user'); $content = "<a href=" . $this->url->create('login/logout') . ">Logga ut</a>"; $this->views->add('default/page', ['title' => "Du är inloggad som " . $user, 'content' => $content]); } else { $this->views->add('login/login', ['title' => "Logga in", 'output' => $output], 'main'); } }
public function postShowLoginPage() { if (!$this->signer->validateSignature($_POST['_token'])) { header('HTTP/1.0 400 Bad Request'); exit; } $okay = true; $email = $_REQUEST['email']; $password = $_REQUEST['password']; // look up the user $user = User::where('email', '=', $email)->first(); if ($user != null) { // validate credentials if (!password_verify($password, $user->password)) { $okay = false; } } else { $okay = false; } if ($user->active == 0) { $okay = false; } // if valid, log them in if ($okay) { $_SESSION['user'] = $user; header("Location: /"); exit; } else { // if not vaild, redirect to login page $_SESSION['msg'] = ["Invalid login!"]; echo $this->blade->render("login", ['signer' => $this->signer]); unset($_SESSION['msg']); exit; } }
public function tryLogin($user) { //Set in/out parameters (in username, out password) $this->dbConnection->query("SET @username = "******"'" . $this->dbConnection->real_escape_string($user->getUsername()) . "'"); $this->dbConnection->query("SET @password := FALSE"); //call stored procedure if (!$this->dbConnection->query('CALL login(@username, @password)')) { throw new DatabaseErrorException($this->dbConnection->error); } // Fetch OUT parameters if (!($res = $this->dbConnection->query("SELECT @password AS password"))) { throw new DatabaseErrorException($this->dbConnection->error); } $row = $res->fetch_assoc(); $this->dbConnection->close(); //check hashed password from database against user input if ($row['password'] == null) { return null; } else { if (password_verify($user->getPassword(), $row['password'])) { $_SESSION[self::$isUserLoggedIn] = $user->getUsername(); return true; } else { return false; } } }
protected function pwdVerify($pwd, $hashAndSalt) { if (password_verify($pwd, $hashAndSalt)) { return true; } return false; }
function userLogin($email, $password) { $this->checkUserLogin($email, $password); $sql = "SELECT username, email, password, name, surname, gender FROM user WHERE email = '{$this->email}'"; $result = $this->con->query($sql); while ($row = mysqli_fetch_array($result)) { $this->hash = $row['password']; $this->username = $row['username']; $this->name = $row['name']; $this->surname = $row['surname']; $this->gender = $row['gender']; $this->password = $password; } if (!password_verify($this->password, $this->hash)) { echo '<div class="alert alert-danger">Nepareizs lietotājvārds vai parole!</div>'; echo $this->email; echo $this->password; echo $this->hash; } else { //header("location:sakums.php"); session_start(); $_SESSION['username'] = $this->username; $_SESSION['name'] = $this->name; $_SESSION['surname'] = $this->surname; $_SESSION['gender'] = $this->gender; } }
function login($email, $password) { $db = Database::getInstance(); $mysqli = $db->getConnection(); $mysqli->query("SET NAMES utf8"); $sql_query = 'SELECT * FROM user WHERE email="' . $email . '"'; $result = $mysqli->query($sql_query); $user = mysqli_fetch_assoc($result); global $password; //if password correct if (password_verify($password, $user['password'])) { session_start(); $_SESSION['auth'] = true; $_SESSION['id'] = $user['id']; $_SESSION['user'] = $user['user']; //check keep login, set coockie if ($_POST['loginkeeping'] == "on") { $key = md5(generate(7, 15)); setcookie('login', $user['user'], time() + 60 * 60 * 24 * 365); setcookie('key', $key, time() + 60 * 60 * 24 * 365); $sql_query = "UPDATE user SET cookie='" . $key . "' WHERE id='" . $user['id'] . "'"; $mysqli->query($sql_query); //if no keep login, set cookie as NULL } else { $sql_query = "UPDATE user SET cookie=NULL WHERE id='" . $user['id'] . "'"; $mysqli->query($sql_query); } header("Location: http://" . $_SERVER['SERVER_NAME']); } else { echo "Email or password is incorrect"; } }