diff --git a/libs/includes/Database.class.php b/libs/includes/Database.class.php
index 03e9d91742d9c47436cb6575bae1c63e1ac5656e..af71ea50edea0a7a325d90b3cc16a4411efab359 100644
--- a/libs/includes/Database.class.php
+++ b/libs/includes/Database.class.php
@@ -8,7 +8,7 @@ class Database
if (Database::$conn == null) {
$servername = "mysql.selfmade.ninja";
$username = "sibidharan";
- $password = "xyjxo8-xefjat-gYnsif";
+ $password = "gifSaw-nycdag-6kifwa";
$dbname = "sibidharan_newdb";
// Create connection
diff --git a/libs/includes/User.class.php b/libs/includes/User.class.php
index 1a85d29f1ce1ba5896d47c25f3ef82a041133e37..16a9cd12f82fe17d877bec7eca3082f3e4e25300 100644
--- a/libs/includes/User.class.php
+++ b/libs/includes/User.class.php
@@ -5,10 +5,13 @@ class User
private $conn;
public static function signup($user, $pass, $email, $phone)
{
- $pass = md5(strrev(md5($pass))); //Security through obscurity
+ $options = [
+ 'cost' => 9,
+ ];
+ $pass = password_hash($pass, PASSWORD_BCRYPT, $options);
$conn = Database::getConnection();
- $sql = "INSERT INTO `auth` (`username`, `password`, `email`, `phone`, `active`)
- VALUES ('$user', '$pass', '$email', '$phone', '1');";
+ $sql = "INSERT INTO `auth` (`username`, `password`, `email`, `phone`)
+ VALUES ('$user', '$pass', '$email', '$phone');";
$error = false;
if ($conn->query($sql) === true) {
$error = false;
@@ -23,13 +26,13 @@ class User
public static function login($user, $pass)
{
- $pass = md5(strrev(md5($pass)));
$query = "SELECT * FROM `auth` WHERE `username` = '$user'";
$conn = Database::getConnection();
$result = $conn->query($query);
if ($result->num_rows == 1) {
$row = $result->fetch_assoc();
- if ($row['password'] == $pass) {
+ //if ($row['password'] == $pass) {
+ if (password_verify($pass, $row['password'])) {
return $row;
} else {
return false;
diff --git a/logintest.php b/logintest.php
index dd99528850ac379d1fffaeab405d19ccf0e368d9..0afdfe0b168d7ed813a174f15822e22c6b8eca1b 100644
--- a/logintest.php
+++ b/logintest.php
@@ -1,8 +1,8 @@
<?php
include 'libs/load.php';
-$user = "fooboo";
-$pass = "decneg-napCaf-jakcy1";
+$user = "sibidharan";
+$pass = isset($_GET['pass']) ? $_GET['pass'] : '';
$result = null;
if (isset($_GET['logout'])) {
@@ -22,7 +22,7 @@ if (Session::get('is_loggedin')) {
Session::set('is_loggedin', true);
Session::set('session_user', $result);
} else {
- echo "Login failed <br>";
+ echo "Login failed, $user <br>";
}
}
echo <<<EOL
diff --git a/passwordhash.php b/passwordhash.php
new file mode 100644
index 0000000000000000000000000000000000000000..a6c1c67ba23d9a74e7508ced343223e71e675fa9
--- /dev/null
+++ b/passwordhash.php
@@ -0,0 +1,13 @@
+<?php
+$time = microtime(true);
+$options = [
+ 'cost' => 20,
+];
+echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);
+echo "\nTook ".(microtime(true) - $time) . " sec";
+
+// if (password_verify("rasmuslerdorf", '$2y$12$vxk72IX.vOSgV4gleQs0ru5MNo5CMHBFuHMVBHyeT03LLqsbwREzC')) {
+// print("Correct password");
+// } else {
+// print("Wrong password");
+// }
diff --git a/testhash.php b/testhash.php
index a94dafa57d06bca83733e5c0fe45b68be64f5219..e1008fca3e2fe707a3de3c7893625f3f57deb0ea 100644
--- a/testhash.php
+++ b/testhash.php
@@ -17,3 +17,11 @@ $b64len = strlen($b64);
echo("MD5: $md5 (Lenght: $md5len)\n");
echo("Base64: $b64 \n(Length: $b64len)\n");
+
+
+$data = "sibidharan";
+
+foreach (hash_algos() as $v) {
+ $r = hash($v, $data, false);
+ printf("%-12s %3d %s\n", $v, strlen($r), $r);
+}