bryanpedini/OpenShorte.old
Archived
0
0
Fork 0
Code Releases Activity

Added secondary security login with double password

Browse Source
This commit is contained in:
Bryan
2019-06-06 00:59:20 +02:00
parent ea4becd52d
commit 6c50b051bc
2 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/php/login.php
View File

@@ -7,16 +7,8 @@
include ( 'lib/php/forgot.php' );
exit;
}
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
$username = $_POST [ 'username' ];
$password = $_POST [ 'password' ];
$database = new Database ( $config [ 'db' ] );
$database->connect ( );
$database->prepare ( "SELECT users.id FROM users WHERE users.username = :username AND users.password = :password" );
$database->bind ( [ ':username' => $username, ':password' => $password ] );
$database->execute ( );
$result = $database->get_result ( );
if ( $result->rowCount ( ) == 0 ) {
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) && isset ( $_POST [ 'hashedpassword' ] ) ) {
function wrong_credentials ( ) {
header ( 'Content-Type: application/json' );
http_response_code ( 401 );
$response = [
@@ -26,6 +18,21 @@
echo ( json_encode ( $response ) );
exit;
}
$username = $_POST [ 'username' ];
$password = $_POST [ 'password' ];
$hashedpassword = $_POST [ 'hashedpassword' ];
if ( strcasecmp ( hash ( "sha512", $password ), $hashedpassword ) != 0 ) {
wrong_credentials ( );
}
$database = new Database ( $config [ 'db' ] );
$database->connect ( );
$database->prepare ( "SELECT users.id FROM users WHERE users.username = :username AND users.password = :password" );
$database->bind ( [ ':username' => $username, ':password' => strtoupper ( $hashedpassword ) ] );
$database->execute ( );
$result = $database->get_result ( );
if ( $result->rowCount ( ) == 0 ) {
wrong_credentials ( );
}
else {
$row = $result->fetchAll ( ) [ 0 ];
$_SESSION [ 'user_id' ] = $row [ 'id' ];