diff --git a/_includes/User.class.php b/_includes/User.class.php
index 96fb85051e025b38392d9264c8455d3c81f2a18e..867df2b748164432289d0b0f67588a13cb6657ed 100644
--- a/_includes/User.class.php
+++ b/_includes/User.class.php
@@ -8,8 +8,11 @@ class User
// Store $conn values from class Database
$conn = Database::getConnection();
- // To save password as md5 hash format
- $pass = md5(strrev(md5($pass))); //Security through obscurity
+ // To save password with password_hash()
+ $option = [
+ 'cost' => 9
+ ];
+ $pass = password_hash($pass, PASSWORD_BCRYPT, $option);
$sql = "INSERT INTO `auth` (`username`, `password`, `email`, `phone`, `block`, `active`)
VALUES ('$user', '$pass', '$email', '$phone', '0', '1');";
@@ -27,8 +30,9 @@ class User
return $error;
}
- // Check whether the user credential is exists in database
- public static function login($user, $pass){
+ // Check whether the user credential is exists in database
+ public static function login($user, $pass)
+ {
// Since it is in static function we need to declare again in this function.
$password = $pass;
@@ -44,19 +48,20 @@ class User
/*
[*] Accessing (num_rows) is the variable present inside the class eg: $object->variable_name;
- */
- if($result -> num_rows == 1){
+ */
+ if ($result -> num_rows == 1) {
// fetch data as array from database and store in $row
$row = $result->fetch_assoc();
- // validate password from database
- if($row['password'] == $password){
+ // validate password with password_verify() from database
+ // if ($row['password'] == $password) {
+ if (password_verify($password, $row['password'])) {
return $row;
- }else{
+ } else {
return false;
}
- }else{
+ } else {
return false;
}
diff --git a/_templates/login-content.php b/_templates/login-content.php
index 52575817b0ec94ac9b92313401b065a938669813..ac85e417da089bbb523c85209e52b9c78fe66e00 100644
--- a/_templates/login-content.php
+++ b/_templates/login-content.php
@@ -1,8 +1,8 @@
<?php
// Getting the values from the form and storing them in variables.
-$email = $_POST['email'];
-$password = $_POST['password'];
-$validate = validate_credentials($email, $password);
+// $email = $_POST['email'];
+// $password = $_POST['password'];
+// $validate = validate_credentials($email, $password);
if ($validate) {?>
<!-- If it is true is display true page -->
diff --git a/_templates/signup-content.php b/_templates/signup-content.php
index c0bf1fa3513d490427562e93978fd8b036e7b7ba..b76c7f154728e0cc61ada37271169619067056bb 100644
--- a/_templates/signup-content.php
+++ b/_templates/signup-content.php
@@ -19,7 +19,7 @@ if ($signup) {
<main class="container">
<div class="bg-body-tertiary p-5 rounded">
<h1>Signup Success</h1>
- <p class="lead">Know you can login <a href="login.php">here</a>.</p>
+ <p class="lead">Now you can login <a href="/photogram-project-php/login.php">here</a>.</p>
<a class="btn btn-lg btn-primary" href="/docs/5.3/components/navbar/" role="button">View navbar docs »</a>
</div>
</main>
diff --git a/costtest.php b/costtest.php
index 8f02fefd05c7b4ced9c815792edfb206c9ae594b..a93596d66b5297c92e57725062d04de98810402f 100644
--- a/costtest.php
+++ b/costtest.php
@@ -7,8 +7,13 @@
// echo password_hash("password", PASSWORD_BCRYPT, $option);
// echo "\nTook ". microtime((true) - $time) . " sec";
-if (password_verify("raghav", '$2y$10$AQDHj9ymPO7To2vNlKvQXedzO4a/3s0aL3sEuh22bS/OMfaRKjzWm')) {
- echo "Password correct";
-} else {
- echo "Password Incorrect";
-}
+// if (password_verify("raghav", '$2y$10$AQDHj9ymPO7To2vNlKvQXedzO4a/3s0aL3sEuh22bS/OMfaRKjzWm')) {
+// echo "Password correct";
+// } else {
+// echo "Password Incorrect";
+// }
+
+$option = [
+ 'cost' => 7
+];
+echo(password_hash("raghav", PASSWORD_BCRYPT, $option));
diff --git a/logintest.php b/logintest.php
index d2b78aa7be849415fa81b1c1dc45fac97871bc8b..b06c6d2142fc0442a6168fc9df680e675fc375d3 100644
--- a/logintest.php
+++ b/logintest.php
@@ -1,8 +1,8 @@
<?php
include 'libs/load.php';
-$user = "devyani ";
-$pass = "devyani";
+$user = $_GET['user'];
+$pass = $_GET['pass'];
if(isset($_GET['logout'])){