Added secondary security login with double password
This commit is contained in:
parent
ea4becd52d
commit
6c50b051bc
@ -1,7 +1,7 @@
|
|||||||
function login ( ) {
|
function login ( ) {
|
||||||
var username = document.getElementById ( "form-username" ).value;
|
var username = document.getElementById ( "form-username" ).value;
|
||||||
var password = document.getElementById ( "form-password" ).value;
|
var password = document.getElementById ( "form-password" ).value;
|
||||||
password = SHA512 ( password );
|
hashedpassword = SHA512 ( password );
|
||||||
var xhr = new XMLHttpRequest ( );
|
var xhr = new XMLHttpRequest ( );
|
||||||
xhr.open ( "POST", 'login', true );
|
xhr.open ( "POST", 'login', true );
|
||||||
xhr.onreadystatechange = function ( ) {
|
xhr.onreadystatechange = function ( ) {
|
||||||
@ -24,6 +24,7 @@ function login ( ) {
|
|||||||
data = new FormData ( );
|
data = new FormData ( );
|
||||||
data.append('username', username);
|
data.append('username', username);
|
||||||
data.append('password', password);
|
data.append('password', password);
|
||||||
|
data.append('hashedpassword', hashedpassword);
|
||||||
xhr.send( data );
|
xhr.send( data );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -7,16 +7,8 @@
|
|||||||
include ( 'lib/php/forgot.php' );
|
include ( 'lib/php/forgot.php' );
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
|
if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) && isset ( $_POST [ 'hashedpassword' ] ) ) {
|
||||||
$username = $_POST [ 'username' ];
|
function wrong_credentials ( ) {
|
||||||
$password = $_POST [ 'password' ];
|
|
||||||
$database = new Database ( $config [ 'db' ] );
|
|
||||||
$database->connect ( );
|
|
||||||
$database->prepare ( "SELECT users.id FROM users WHERE users.username = :username AND users.password = :password" );
|
|
||||||
$database->bind ( [ ':username' => $username, ':password' => $password ] );
|
|
||||||
$database->execute ( );
|
|
||||||
$result = $database->get_result ( );
|
|
||||||
if ( $result->rowCount ( ) == 0 ) {
|
|
||||||
header ( 'Content-Type: application/json' );
|
header ( 'Content-Type: application/json' );
|
||||||
http_response_code ( 401 );
|
http_response_code ( 401 );
|
||||||
$response = [
|
$response = [
|
||||||
@ -26,6 +18,21 @@
|
|||||||
echo ( json_encode ( $response ) );
|
echo ( json_encode ( $response ) );
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
$username = $_POST [ 'username' ];
|
||||||
|
$password = $_POST [ 'password' ];
|
||||||
|
$hashedpassword = $_POST [ 'hashedpassword' ];
|
||||||
|
if ( strcasecmp ( hash ( "sha512", $password ), $hashedpassword ) != 0 ) {
|
||||||
|
wrong_credentials ( );
|
||||||
|
}
|
||||||
|
$database = new Database ( $config [ 'db' ] );
|
||||||
|
$database->connect ( );
|
||||||
|
$database->prepare ( "SELECT users.id FROM users WHERE users.username = :username AND users.password = :password" );
|
||||||
|
$database->bind ( [ ':username' => $username, ':password' => strtoupper ( $hashedpassword ) ] );
|
||||||
|
$database->execute ( );
|
||||||
|
$result = $database->get_result ( );
|
||||||
|
if ( $result->rowCount ( ) == 0 ) {
|
||||||
|
wrong_credentials ( );
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
$row = $result->fetchAll ( ) [ 0 ];
|
$row = $result->fetchAll ( ) [ 0 ];
|
||||||
$_SESSION [ 'user_id' ] = $row [ 'id' ];
|
$_SESSION [ 'user_id' ] = $row [ 'id' ];
|
||||||
|
Reference in New Issue
Block a user