Greg-Boggs · September 8, 2019 22:31
diff --git a/php-brcypt-salt.php b/php-brcypt-salt.php
 -- Create a mySQL table to hold hashed passwords and random salt

 --
 -- SQL create script for for table `users`
 --

 CREATE TABLE IF NOT EXISTS `users` (
 `user_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
 `email` varchar(30) NOT NULL,
 `reg_date` date NOT NULL,
 `fname` varchar(20) DEFAULT NULL,
 `lname` varchar(20) DEFAULT NULL,
 `salt` char(21) NOT NULL,
 `password` char(60) NOT NULL,
 PRIMARY KEY (`user_id`),
 UNIQUE KEY `email` (`email`)
 ) ;

 <?php 
 // PHP code required by both registration and validation

 //ini_set("display_errors","1");
 //ERROR_REPORTING(E_ALL);
 CRYPT_BLOWFISH or die ('No Blowfish found.');

 $link = mysql_connect('localhost', 'wpscanner', 'aUvmxcxvTUPtW8Kw')
    or die('Not connected : ' . mysql_error());
 mysql_select_db('wpscanner', $link)
    or die ('Not selected : ' . mysql_error());

 $password = mysql_real_escape_string($_GET['password']);
 $email = mysql_real_escape_string($_GET['email']);

 //This string tells crypt to use blowfish for 5 rounds.
 $Blowfish_Pre = '$2a$05$';
 $Blowfish_End = '$';

 // PHP code you need to register a user

 // Blowfish accepts these characters for salts.
 $Allowed_Chars =
 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
 $Chars_Len = 63;

 // 18 would be secure as well.
 $Salt_Length = 21;

 $mysql_date = date( 'Y-m-d' );
 $salt = "";

 for($i=0; $i&lt;$Salt_Length; $i++)
 {
    $salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
 }
 $bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;

 $hashed_password = crypt($password, $bcrypt_salt);

 $sql = 'INSERT INTO users (reg_date, email, salt, password) ' .
    "VALUES ('$mysql_date', '$email', '$salt', '$hashed_password')";

 mysql_query($sql) or die( mysql_error() );

 // Now to verify a user’s password

 $sql = "SELECT salt, password FROM users WHERE email='$email'";
 $result = mysql_query($sql) or die( mysql_error() );
 $row = mysql_fetch_assoc($result);

 $hashed_pass = crypt($password, $Blowfish_Pre . $row['salt'] . $Blowfish_End);

 if ($hashed_pass == $row['password']) {
    echo 'Password verified!';
 } else {
    echo 'There was a problem with your user name or password.';
 }
	-- Create a mySQL table to hold hashed passwords and random salt

	--
	-- SQL create script for for table `users`
	--

	CREATE TABLE IF NOT EXISTS `users` (
	`user_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
	`email` varchar(30) NOT NULL,
	`reg_date` date NOT NULL,
	`fname` varchar(20) DEFAULT NULL,
	`lname` varchar(20) DEFAULT NULL,
	`salt` char(21) NOT NULL,
	`password` char(60) NOT NULL,
	PRIMARY KEY (`user_id`),
	UNIQUE KEY `email` (`email`)
	) ;

	<?php
	// PHP code required by both registration and validation

	//ini_set("display_errors","1");
	//ERROR_REPORTING(E_ALL);
	CRYPT_BLOWFISH or die ('No Blowfish found.');

	$link = mysql_connect('localhost', 'wpscanner', 'aUvmxcxvTUPtW8Kw')
	or die('Not connected : ' . mysql_error());
	mysql_select_db('wpscanner', $link)
	or die ('Not selected : ' . mysql_error());

	$password = mysql_real_escape_string($_GET['password']);
	$email = mysql_real_escape_string($_GET['email']);

	//This string tells crypt to use blowfish for 5 rounds.
	$Blowfish_Pre = '$2a$05$';
	$Blowfish_End = '$';

	// PHP code you need to register a user

	// Blowfish accepts these characters for salts.
	$Allowed_Chars =
	'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
	$Chars_Len = 63;

	// 18 would be secure as well.
	$Salt_Length = 21;

	$mysql_date = date( 'Y-m-d' );
	$salt = "";

	for($i=0; $i<$Salt_Length; $i++)
	{
	$salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
	}
	$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;

	$hashed_password = crypt($password, $bcrypt_salt);

	$sql = 'INSERT INTO users (reg_date, email, salt, password) ' .
	"VALUES ('$mysql_date', '$email', '$salt', '$hashed_password')";

	mysql_query($sql) or die( mysql_error() );

	// Now to verify a user’s password

	$sql = "SELECT salt, password FROM users WHERE email='$email'";
	$result = mysql_query($sql) or die( mysql_error() );
	$row = mysql_fetch_assoc($result);

	$hashed_pass = crypt($password, $Blowfish_Pre . $row['salt'] . $Blowfish_End);

	if ($hashed_pass == $row['password']) {
	echo 'Password verified!';
	} else {
	echo 'There was a problem with your user name or password.';
	}