-
-
Save renerdias/8ae6f057f0b491abb18589bdc58dbb78 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Create a mySQL table to hold hashed passwords and random salt | |
| -- | |
| -- SQL create script for for table `users` | |
| -- | |
| CREATE TABLE IF NOT EXISTS `users` ( | |
| `user_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT, | |
| `email` varchar(30) NOT NULL, | |
| `reg_date` date NOT NULL, | |
| `fname` varchar(20) DEFAULT NULL, | |
| `lname` varchar(20) DEFAULT NULL, | |
| `salt` char(21) NOT NULL, | |
| `password` char(60) NOT NULL, | |
| PRIMARY KEY (`user_id`), | |
| UNIQUE KEY `email` (`email`) | |
| ) ; | |
| <?php | |
| // PHP code required by both registration and validation | |
| //ini_set("display_errors","1"); | |
| //ERROR_REPORTING(E_ALL); | |
| CRYPT_BLOWFISH or die ('No Blowfish found.'); | |
| $link = mysql_connect('localhost', 'wpscanner', 'aUvmxcxvTUPtW8Kw') | |
| or die('Not connected : ' . mysql_error()); | |
| mysql_select_db('wpscanner', $link) | |
| or die ('Not selected : ' . mysql_error()); | |
| $password = mysql_real_escape_string($_GET['password']); | |
| $email = mysql_real_escape_string($_GET['email']); | |
| //This string tells crypt to use blowfish for 5 rounds. | |
| $Blowfish_Pre = '$2a$05$'; | |
| $Blowfish_End = '$'; | |
| // PHP code you need to register a user | |
| // Blowfish accepts these characters for salts. | |
| $Allowed_Chars = | |
| 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./'; | |
| $Chars_Len = 63; | |
| // 18 would be secure as well. | |
| $Salt_Length = 21; | |
| $mysql_date = date( 'Y-m-d' ); | |
| $salt = ""; | |
| for($i=0; $i<$Salt_Length; $i++) | |
| { | |
| $salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)]; | |
| } | |
| $bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End; | |
| $hashed_password = crypt($password, $bcrypt_salt); | |
| $sql = 'INSERT INTO users (reg_date, email, salt, password) ' . | |
| "VALUES ('$mysql_date', '$email', '$salt', '$hashed_password')"; | |
| mysql_query($sql) or die( mysql_error() ); | |
| // Now to verify a user’s password | |
| $sql = "SELECT salt, password FROM users WHERE email='$email'"; | |
| $result = mysql_query($sql) or die( mysql_error() ); | |
| $row = mysql_fetch_assoc($result); | |
| $hashed_pass = crypt($password, $Blowfish_Pre . $row['salt'] . $Blowfish_End); | |
| if ($hashed_pass == $row['password']) { | |
| echo 'Password verified!'; | |
| } else { | |
| echo 'There was a problem with your user name or password.'; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment