From 1aec0513986c087242400d40a1e582b30a99a4f0 Mon Sep 17 00:00:00 2001 From: Hui Lan Date: Wed, 18 Mar 2020 22:07:13 +0800 Subject: [PATCH] Script.php: login backward compatibility Make sure the really old, legitimate users could still login. Note that these users' passwords were first encrypted by SHA512 then stored in column HashPassword. In recent updates, we totally disuse HashPassword. The hashed password (using Php's built-in function password_hash) is stored in column Password instead. - Group: Ashly Tafadzwa Dhani, Samantha Rusike 2020-03-18 --- Script.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Script.php b/Script.php index 7f2f720..93ae150 100644 --- a/Script.php +++ b/Script.php @@ -10,7 +10,7 @@ session_start(); date_default_timezone_set('Asia/Shanghai'); // CONNeCTION -$con=mysqli_connect("localhost","Ashly","Teecloudy","lrr"); +$con=mysqli_connect("localhost","Teecloudy","5q7Ol2e!#!","lrr"); // Check connection if (mysqli_connect_errno()) { @@ -123,9 +123,10 @@ if (!empty($_POST["frm_signup_1"])) { return; } //applying password_hash() + $sha512=hash('sha512', $password); $password_hash = password_hash($password, PASSWORD_DEFAULT); - $sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES " - . "('$email','$password_hash','$fullname','Student','$student_id','$passport')"; + $sql= "INSERT INTO `users_table`(`Email`, `Password`, `HashPassword`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES " + . "('$email','$password_hash','$sha512','$fullname','Student','$student_id','$passport')"; if ($con->query($sql) === TRUE) { header("Location: Courses.php"); @@ -157,7 +158,8 @@ header("Location: index.php"); { while($row = mysqli_fetch_assoc($result)) { // verify the hashed password and unhashed password - if(password_verify($password, $row["Password"]) or $password == $row["Password"]){ + $sha512pass = hash('sha512', $password); + if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"] or $password == $row["Password"]){ $_SESSION['user_id']=$row['User_ID']; $_SESSION['user_email']=$row['Email']; $_SESSION['user_student_id']=$row['Student_ID'];