Okay,, jeg har fattet hvordan jeg kryptere et password og gemmer det i en MySQL DB...
Men jeg fatter intet af hvordan jeg, tjekker om det angivne password (som jeg vil logge ind med) er det samme som det der står i MySQL DB'en.
Koden for signin.php:
- <?php
- require("mysql.open.php");
-
- $username = $_POST["user"];
- $password = $_POST["pass"];
-
- $username = stripslashes($username);
- $password = stripslashes($password);
-
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
-
- // secure hashing of passwords using bcrypt, needs PHP 5.3+
- // see http://codahale.com/how-to-safely-store-a-password/
- function generateSalt($max = 15) {
- $characterList = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
- $i = 0;
- $salt = "";
- do {
- $salt .= $characterList{mt_rand(0,strlen($characterList)-1)};
- // salt for bcrypt needs to be 22 base64 characters (but just [./0-9A-Za-z]), see http://php.net/crypt
- // just an example; please use something more secure/random than sha1(microtime) :)
- $salt = substr(str_replace('+', '.', base64_encode($salt)), 0, 22);
- $i++;
- } while ($i <= $max);
- return $salt;
- }
-
- $salt = generateSalt();
-
- // 2a is the bcrypt algorithm selector, see http://php.net/crypt
- // 12 is the workload factor (around 300ms on my Core i7 machine), see http://php.net/crypt
- $hash = crypt($password . "$2a$12$" . $salt);
-
- mysql_query("INSERT INTO structure_admin (username, password) VALUES ('$username', '$hash')") or die(mysql_error());
-
- require("mysql.close.php");
-
- header("Location: index.php");
- ?>