Password implementation using password_hash()

d6b2f7ff · Raghav · bc0641b5 · d6b2f7ff · d6b2f7ff · d6b2f7ff
Commit d6b2f7ff authored 6 days ago by Raghav
--- a/_includes/User.class.php
+++ b/_includes/User.class.php
@@ -8,8 +8,11 @@ class User
        // Store $conn values from class Database
        $conn = Database::getConnection();

-        // To save password as md5 hash format
-        $pass = md5(strrev(md5($pass))); //Security through obscurity
+        // To save password with password_hash()
+        $option = [
+            'cost' => 9
+        ];
+        $pass = password_hash($pass, PASSWORD_BCRYPT, $option);

        $sql = "INSERT INTO `auth` (`username`, `password`, `email`, `phone`, `block`, `active`)
    VALUES ('$user', '$pass', '$email', '$phone', '0', '1');";
@@ -27,8 +30,9 @@ class User
        return $error;
    }

-    // Check whether the user credential is exists in database 
-    public static function login($user, $pass){
+    // Check whether the user credential is exists in database
+    public static function login($user, $pass)
+    {

        // Since it is in static function we need to declare again in this function.
        $password = $pass;
@@ -44,19 +48,20 @@ class User

        /*
        [*] Accessing (num_rows) is the variable present inside the class eg: $object->variable_name;
-        */       
-        if($result -> num_rows == 1){
+        */
+        if ($result -> num_rows == 1) {

            // fetch data as array from database and store in $row
            $row = $result->fetch_assoc();

-            // validate password from database
-            if($row['password'] == $password){
+            // validate password with password_verify() from database
+            // if ($row['password'] == $password) {
+            if (password_verify($password, $row['password'])) {
                return $row;
-            }else{
+            } else {
                return false;
            }
-        }else{
+        } else {
            return false;
        }


--- a/_templates/login-content.php
+++ b/_templates/login-content.php
 <?php
 // Getting the values from the form and storing them in variables.
-$email = $_POST['email'];
-$password = $_POST['password'];
-$validate = validate_credentials($email, $password);
+// $email = $_POST['email'];
+// $password = $_POST['password'];
+// $validate = validate_credentials($email, $password);

 if ($validate) {?>
 <!-- If it is true is display true page -->

--- a/_templates/signup-content.php
+++ b/_templates/signup-content.php
@@ -19,7 +19,7 @@ if ($signup) {
 <main class="container">
 	<div class="bg-body-tertiary p-5 rounded">
 		<h1>Signup Success</h1>
-		<p class="lead">Know you can login <a href="login.php">here</a>.</p>
+		<p class="lead">Now you can login <a href="/photogram-project-php/login.php">here</a>.</p>
 		<a class="btn btn-lg btn-primary" href="/docs/5.3/components/navbar/" role="button">View navbar docs »</a>
 	</div>
 </main>

--- a/costtest.php
+++ b/costtest.php
@@ -7,8 +7,13 @@
 // echo password_hash("password", PASSWORD_BCRYPT, $option);
 // echo "\nTook ". microtime((true) - $time) . " sec";

-if (password_verify("raghav", '$2y$10$AQDHj9ymPO7To2vNlKvQXedzO4a/3s0aL3sEuh22bS/OMfaRKjzWm')) {
-    echo "Password correct";
-} else {
-    echo "Password Incorrect";
-}
+// if (password_verify("raghav", '$2y$10$AQDHj9ymPO7To2vNlKvQXedzO4a/3s0aL3sEuh22bS/OMfaRKjzWm')) {
+//     echo "Password correct";
+// } else {
+//     echo "Password Incorrect";
+// }
+
+$option = [
+    'cost' => 7
+];
+echo(password_hash("raghav", PASSWORD_BCRYPT, $option));
--- a/logintest.php
+++ b/logintest.php
 <?php
 include 'libs/load.php';

-$user = "devyani ";
-$pass = "devyani";
+$user = $_GET['user'];
+$pass = $_GET['pass'];


 if(isset($_GET['logout'])){