· 5 years ago · Oct 21, 2020, 11:26 PM
1// begin HTML form
2<!DOCTYPE html>
3<html lang="en">
4<head>
5 <meta charset="UTF-8">
6 <meta name="viewport" content="width=device-width, initial-scale=1.0">
7 <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
8 <title>passwords</title>
9</head>
10<body>
11<div class="container">
12<h1 class="text-center">login</h1>
13
14<form action="login.php" method="post">
15 <div class="form-group">
16 <label for="exampleInputEmail1">username</label>
17 <input type="text" class="form-control" name="username" aria-describedby="emailHelp">
18 </div>
19 <div class="form-group">
20 <label for="exampleInputPassword1">Password</label>
21 <input type="password" class="form-control" name="password">
22 </div>
23 <button type="submit" class="btn btn-primary">Submit</button>
24</form>
25</div>
26
27<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
28<script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>
29</body>
30</html>
31
32// end HTML form
33
34// begin PHP processing page
35<?php
36
37// check to make sure the form has been submitted (POST request)
38if ($_SERVER['REQUEST_METHOD'] === 'POST') {
39
40// submitted form data
41$postName = $_POST['username'];
42$postPassword = $_POST['password'];
43
44echo "The username submitted is: " . $postName . "<br>";
45echo "The password submitted is: " . $postPassword . "<br>";
46
47// hash the password and assign to variable "$HashedPassword"
48$HashedPassword=password_hash($postPassword, PASSWORD_DEFAULT);
49echo "The HASHED password is: " . $HashedPassword . "<br>";
50
51// "MD5" password and assign to variable "$md5Password"
52$md5Password=md5($postPassword);
53echo "The MD5 password is: " . $md5Password . "<br><br>";
54
55} else{
56 echo "only post requests are allowed";
57}
58
59// set up database connection
60$servername = "localhost";
61$username = "root";
62$password = "";
63
64try {
65 $conn = new PDO("mysql:host=$servername;dbname=passwords", $username, $password);
66 // set the PDO error mode to exception
67 $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
68} catch(PDOException $e) {
69 echo "Connection failed: " . $e->getMessage();
70}
71
72// check to see if user exists
73$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
74$stmt->execute([$postName]);
75$user = $stmt->fetch();
76
77// check for plain text password
78if ($user && ($postPassword === $user['password']))
79{
80 echo "valid, plaintext" . "<br>";
81 // now update the database with hashed password
82 updatePassword($HashedPassword, $user['id']);
83} else{
84 // now check if the password is in MD5 format
85 if ($user && ($md5Password == $user['password']))
86 {
87 echo "valid, MD5" . "<br>";
88 // now update the database with hashed password
89 updatePassword($HashedPassword, $user['id']);
90 } else {
91 // finally, check if password is hashed
92 if ($user && password_verify($postPassword, $user['password']))
93 {
94 echo "valid, hashed" . "<br>";
95 } else {
96 echo "invalid password";
97 }
98 }
99}
100
101
102
103function updatePassword($newPassword, $userId){
104 global $conn;
105 $sql = "UPDATE users SET password=? WHERE id=?";
106 $stmt= $conn->prepare($sql);
107 $stmt->execute([$newPassword, $userId]);
108 echo "password has been updated";
109}
110
111?>
112
113
114// begin MYSQL to create database used with this paste:
115-- phpMyAdmin SQL Dump
116-- version 5.0.2
117-- https://www.phpmyadmin.net/
118--
119-- Host: 127.0.0.1
120-- Generation Time: Oct 22, 2020 at 01:14 AM
121-- Server version: 10.4.11-MariaDB
122-- PHP Version: 7.4.5
123
124SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
125START TRANSACTION;
126SET time_zone = "+00:00";
127
128
129/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
130/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
131/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
132/*!40101 SET NAMES utf8mb4 */;
133
134--
135-- Database: `passwords`
136--
137
138-- --------------------------------------------------------
139
140--
141-- Table structure for table `users`
142--
143
144CREATE TABLE `users` (
145 `id` int(11) NOT NULL,
146 `username` varchar(255) NOT NULL,
147 `password` varchar(255) NOT NULL
148) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
149
150--
151-- Dumping data for table `users`
152--
153
154INSERT INTO `users` (`id`, `username`, `password`) VALUES
155(1, 'user1', 'password'),
156(2, 'user2', '5f4dcc3b5aa765d61d8327deb882cf99'),
157(3, 'user3', '$2y$10$Wk9ge/TJAQqwb3wbhOTryeSWdFo6GaAc.dks05LG2esFBDTqWZsFu');
158
159--
160-- Indexes for dumped tables
161--
162
163--
164-- Indexes for table `users`
165--
166ALTER TABLE `users`
167 ADD PRIMARY KEY (`id`);
168
169--
170-- AUTO_INCREMENT for dumped tables
171--
172
173--
174-- AUTO_INCREMENT for table `users`
175--
176ALTER TABLE `users`
177 MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4;
178COMMIT;
179
180/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
181/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
182/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
183