· 6 years ago · Sep 19, 2019, 05:10 PM
1-- Create a mySQL table to hold hashed passwords and random salt
2
3--
4-- SQL create script for for table `users`
5--
6
7CREATE TABLE IF NOT EXISTS `users` (
8`user_id` mediumint(8) unsigned NOT NULL AUTO_INCREMENT,
9`email` varchar(30) NOT NULL,
10`reg_date` date NOT NULL,
11`fname` varchar(20) DEFAULT NULL,
12`lname` varchar(20) DEFAULT NULL,
13`salt` char(21) NOT NULL,
14`password` char(60) NOT NULL,
15PRIMARY KEY (`user_id`),
16UNIQUE KEY `email` (`email`)
17) ;
18
19<?php
20// PHP code required by both registration and validation
21
22//ini_set("display_errors","1");
23//ERROR_REPORTING(E_ALL);
24CRYPT_BLOWFISH or die ('No Blowfish found.');
25
26$link = mysql_connect('localhost', 'wpscanner', 'aUvmxcxvTUPtW8Kw')
27 or die('Not connected : ' . mysql_error());
28mysql_select_db('wpscanner', $link)
29 or die ('Not selected : ' . mysql_error());
30
31$password = mysql_real_escape_string($_GET['password']);
32$email = mysql_real_escape_string($_GET['email']);
33
34//This string tells crypt to use blowfish for 5 rounds.
35$Blowfish_Pre = '$2a$05$';
36$Blowfish_End = '$';
37
38// PHP code you need to register a user
39
40// Blowfish accepts these characters for salts.
41$Allowed_Chars =
42'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
43$Chars_Len = 63;
44
45// 18 would be secure as well.
46$Salt_Length = 21;
47
48$mysql_date = date( 'Y-m-d' );
49$salt = "";
50
51for($i=0; $i<$Salt_Length; $i++)
52{
53 $salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
54}
55$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;
56
57$hashed_password = crypt($password, $bcrypt_salt);
58
59$sql = 'INSERT INTO users (reg_date, email, salt, password) ' .
60 "VALUES ('$mysql_date', '$email', '$salt', '$hashed_password')";
61
62mysql_query($sql) or die( mysql_error() );
63
64// Now to verify a user’s password
65
66$sql = "SELECT salt, password FROM users WHERE email='$email'";
67$result = mysql_query($sql) or die( mysql_error() );
68$row = mysql_fetch_assoc($result);
69
70$hashed_pass = crypt($password, $Blowfish_Pre . $row['salt'] . $Blowfish_End);
71
72if ($hashed_pass == $row['password']) {
73 echo 'Password verified!';
74} else {
75 echo 'There was a problem with your user name or password.';
76}