@mefsh:
@Miang:
w tej tabelce jest napisane automatycznie czyli hash od rejestracji i ręcznie czyli hash zrobiony przy logowaniu. Dam cały kod:
login.php
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
if((!isset($_POST['login']))||(!isset($_POST['password'])))
{
header('Location: /../index.php');
exit();
}
require ("database.php");
$login = $_POST['login'];
$password = $_POST['password'];
$login = htmlentities($login, ENT_QUOTES, "UTF-8");
$stmt = $pdo->prepare("SELECT * FROM users WHERE Username= :login");
if ($stmt === false) {
//var_dump($db->errorInfo());
echo "db error";
exit();
} else {
$stmt->bindParam('login', $login);
$stmt->execute();
}
//if($result = @$db->query($sql)){
//$rowcount = count($stmt);
// var_dump($stmt);
$rowcount = $stmt->rowCount();
if($rowcount>0)
{
$result = $stmt;
$row = $result->fetch(PDO::FETCH_ASSOC); //or die("Fetch array error!");
$rowpass = $row['Password'];
echo "<table border=2px>
<tr><td>Utworzone</td><td>Haslo</td><td>Hash</td><td>Zgodność</td></tr>
<tr><td>Automatycznie</td><td>$password</td><td>$rowpass</td><td>"; $temp2122 = password_verify($password,$row['Password']);var_dump( $temp2122); echo "</td></tr>
<tr><td>Ręcznie</td><td>$password</td><td>"; $hashedx = password_hash($password, PASSWORD_DEFAULT); echo"$hashedx</td><td>";$temp2122 = password_verify($password,$hashedx); var_dump($temp2122); echo"</td></tr>
</table>";
if(password_verify($password,$row['Password'])){
echo "pass ok";
$_SESSION['user'] = $row['Username'];
$_SESSION['UserID'] = $row['ID'];
unset($_SESSION['error_cant_login']);
$_SESSION['logged'] = 1;
header('Location: index.php');
}
else
{
$_SESSION['error_cant_login'] = "Incorrect login or password! Try again or <a href=\"#\">reset your password.</a>";
// header('Location: ../index.php?error');
}
}
else
{
$_SESSION['error_cant_login'] = "Incorrect login or password! Try again or <a href=\"#\">reset your password.</a>";
//header('Location: ../index.php?error');
}
// }
register.php
<?php
session_start();
require ("database.php");
if(isset($_POST['email']))
{
//Udana walidacja? Załóżmy, że tak
$everything_OK=true;
//Sprawdź poprawność nickname'a
$nick = $_POST['nick'];
if ((strlen($nick)<4)||((strlen($nick)>20))) {
$everything_OK=false;
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- login name - incorrect length</br>"; else $_SESSION['e_register'].= "- login name</br>";
}
if(ctype_alnum($nick)==false){
$everything_OK=false;
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- login name - incorrect characters</br>"; else $_SESSION['e_register'].= "- login name - incorrect characters</br>";
}
//Sprawdź poprawność email
$email = $_POST['email'];
$emailB = filter_var($email, FILTER_SANITIZE_EMAIL);
if((filter_var($emailB, FILTER_VALIDATE_EMAIL)==false)||($emailB!=$email)){
$everything_OK=false;
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- email - incorrect email</br>"; else $_SESSION['e_register'].= "- email - incorrect email</br>";
}
//Sprawdz poprawnosc hasla
$password1=$_POST['password1'];
$password2=$_POST['password2'];
if ((strlen($password1))<6||(strlen($password1)>25))
{
$everything_OK=false;
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- password - too short or too long</br>"; else $_SESSION['e_register'].= "- password - too short or too long</br>";
}
if(!$password1==$password2)
{
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- password - passwords do not match</br>"; else $_SESSION['e_register'].= "- password - passwords do not match</br>";
}
$password_hash = password_hash($password1, PASSWORD_DEFAULT);
//CHECKBOX REGULAMIN
if(!isset($_POST['termscheckbox'])){
$everything_OK = false;
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- terms and conditions - not accepted</br>"; else $_SESSION['e_register'].= "- terms and conditions - not accepted</br>";
}
//Bot or not?
$sekret = "6Lfvjm0UAAAAAKjNHsIoiOZ_4xOVeNDIVmYePDNg";
$sprawdz = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$sekret.'&response='.$_POST['g-recaptcha-response']);
$odpowiedz = json_decode($sprawdz);
if ($odpowiedz->success==false)
{
$everything_OK=false;
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- reCaptcha - error</br>"; else $_SESSION['e_register'].= "- reCaptcha - error</br>";
}
//Remeber entered forms
$_SESSION['fr_nick'] = $nick;
$_SESSION['fr_email'] = $email;
$_SESSION['fr_password1'] = $password1;
$_SESSION['fr_password2'] = $password2;
if(isset($_POST['termscheckbox'])) $_SESSION['fr_termscheckbox']=true;
//Is Email and Login exist?
$result = $pdo->query("SELECT COUNT(ID) FROM Users WHERE Email='$email'");
$result = $result->fetch(PDO::FETCH_BOTH);
$emails_count = $result[0];
if($emails_count>0)
{
$everything_OK = false;
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- email - this email is already in use</br>"; else $_SESSION['e_register'].= "- email - this email is already in use</br>";
}
$result = $pdo->query("SELECT COUNT(ID) FROM Users WHERE Username='$nick'");
$result = $result->fetch(PDO::FETCH_BOTH);
$nicks_count = $result[0];
if($nicks_count>0)
{
$everything_OK = false;
if(!isset($_SESSION['e_register'])) $_SESSION['e_register']= "- login name - this name is already in use</br>"; else $_SESSION['e_register'].= "- login name - this name is already in use</br>";
}
//LAST CHECK
if($everything_OK==true){
if($pdo->query("INSERT INTO users VALUES (NULL, '$nick', '$email', '$password_hash')")){
$_SESSION['e_register_complete'] = "Thank you for your registration.";
//form unset
if(isset($_SESSION['fr_nick'])) unset($_SESSION['fr_nick']);
if(isset($_SESSION['fr_email'])) unset($_SESSION['fr_email']);
if(isset($_SESSION['fr_password1'])) unset($_SESSION['fr_password1']);
if(isset($_SESSION['fr_password2'])) unset($_SESSION['fr_password2']);
if(isset($_SESSION['fr_termscheckbox'])) unset($_SESSION['fr_termscheckbox']);
//error unset
if(isset($_SESSION['e_register'])) unset($_SESSION['e_register']);
//complete
header('Location: index.php');
}
}
else
{
$temp_val= $_SESSION['e_register'];
$_SESSION['e_register'] = "There are errors in the registration form, please correct them and try again.</br>".$temp_val;
unset($temp_val);
}
}
header('Location: ../index.php?error=reg');