Added salting and no similar username
This commit is contained in:
Joey Lai
@@ -21,14 +21,16 @@
|
|||||||
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$uname=$_POST["uname"];
|
$uname=strtolower($_POST["uname"]);
|
||||||
$psw=$_POST["psw"];
|
$psw=$_POST["psw"];
|
||||||
$hash=hashPassword()["password"];
|
$hash=hashPassword()["password"];
|
||||||
|
$userid=hashPassword()["userID"];
|
||||||
|
|
||||||
// If there's an account, go to the profile page
|
// If there's an account, go to the profile page
|
||||||
if(password_verify($psw, $hash)) {
|
if(password_verify($psw.$uname, $hash)) {
|
||||||
|
$_SESSION["userID"] = $userid;
|
||||||
|
header("location: /profile.php");
|
||||||
|
|
||||||
header("location: myhyvesbookplus.nl/profile.php");
|
|
||||||
} else {
|
} else {
|
||||||
$loginErr = "Inloggegevens zijn niet correct";
|
$loginErr = "Inloggegevens zijn niet correct";
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -88,9 +88,9 @@
|
|||||||
$usernameErr = "Gebruikersnaam moet minstens 6 karakters bevatten";
|
$usernameErr = "Gebruikersnaam moet minstens 6 karakters bevatten";
|
||||||
$correct = false;
|
$correct = false;
|
||||||
|
|
||||||
} else if (getExistingUser() == 1 ){
|
} else if (getExistingUsername() == 1){
|
||||||
$usernameErr = "Gebruikersnaam bestaat al";
|
$usernameErr = "Gebruikersnaam bestaat al";
|
||||||
$correct = false;
|
$correct = false;
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -153,7 +153,7 @@
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
registerAccount();
|
registerAccount();
|
||||||
// header("location: login.php");
|
header("location: login.php");
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,11 +3,12 @@
|
|||||||
function hashPassword() {
|
function hashPassword() {
|
||||||
$stmt = $GLOBALS["db"]->prepare("
|
$stmt = $GLOBALS["db"]->prepare("
|
||||||
SELECT
|
SELECT
|
||||||
`password`
|
`password`,
|
||||||
|
`userID`
|
||||||
FROM
|
FROM
|
||||||
`user`
|
`user`
|
||||||
WHERE
|
WHERE
|
||||||
`username` = :username
|
`username` LIKE :username
|
||||||
");
|
");
|
||||||
|
|
||||||
$stmt->bindParam(":username", $_POST["uname"]);
|
$stmt->bindParam(":username", $_POST["uname"]);
|
||||||
|
|||||||
@@ -1,8 +1,13 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
function getExistingUser() {
|
function getExistingUsername() {
|
||||||
$stmt = $GLOBALS["db"]->prepare("
|
$stmt = $GLOBALS["db"]->prepare("
|
||||||
SELECT * FROM `user` WHERE `username` = :username
|
SELECT
|
||||||
|
`username`
|
||||||
|
FROM
|
||||||
|
`user`
|
||||||
|
WHERE
|
||||||
|
`username` LIKE :username
|
||||||
");
|
");
|
||||||
|
|
||||||
$stmt->bindParam(":username", $_POST["username"]);
|
$stmt->bindParam(":username", $_POST["username"]);
|
||||||
@@ -41,7 +46,7 @@ function registerAccount() {
|
|||||||
:email
|
:email
|
||||||
)");
|
)");
|
||||||
|
|
||||||
$hash=password_hash($_POST["password"], PASSWORD_DEFAULT);
|
$hash=password_hash($_POST["password"].(strtolower($_POST["username"])), PASSWORD_DEFAULT);
|
||||||
|
|
||||||
$stmt->bindParam(":fname", $_POST["name"]);
|
$stmt->bindParam(":fname", $_POST["name"]);
|
||||||
$stmt->bindParam(":lname", $_POST["surname"]);
|
$stmt->bindParam(":lname", $_POST["surname"]);
|
||||||
@@ -51,7 +56,7 @@ function registerAccount() {
|
|||||||
$stmt->bindParam(":location", $_POST["location"]);
|
$stmt->bindParam(":location", $_POST["location"]);
|
||||||
$stmt->bindParam(":email", $_POST["email"]);
|
$stmt->bindParam(":email", $_POST["email"]);
|
||||||
|
|
||||||
print("execute".$stmt->execute());
|
$stmt->execute();
|
||||||
print("count".$stmt->rowCount());
|
$stmt->rowCount();
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|||||||
Reference in New Issue
Block a user