Script.php: login backward compatibility

Make sure the really old, legitimate users could still login.

Note that these users' passwords were first encrypted by SHA512 then stored in column HashPassword.

In recent updates, we totally disuse HashPassword.  The hashed password (using Php's built-in function password_hash) is stored in column Password instead.

- Group: Ashly Tafadzwa Dhani, Samantha Rusike

2020-03-18
ProjectHomePage
Hui Lan 2020-03-18 22:07:13 +08:00
parent 41aa01579c
commit 1aec051398
1 changed files with 6 additions and 4 deletions

View File

@ -10,7 +10,7 @@
session_start(); session_start();
date_default_timezone_set('Asia/Shanghai'); date_default_timezone_set('Asia/Shanghai');
// CONNeCTION // CONNeCTION
$con=mysqli_connect("localhost","Ashly","Teecloudy","lrr"); $con=mysqli_connect("localhost","Teecloudy","5q7Ol2e!#!","lrr");
// Check connection // Check connection
if (mysqli_connect_errno()) if (mysqli_connect_errno())
{ {
@ -123,9 +123,10 @@ if (!empty($_POST["frm_signup_1"])) {
return; return;
} }
//applying password_hash() //applying password_hash()
$sha512=hash('sha512', $password);
$password_hash = password_hash($password, PASSWORD_DEFAULT); $password_hash = password_hash($password, PASSWORD_DEFAULT);
$sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES " $sql= "INSERT INTO `users_table`(`Email`, `Password`, `HashPassword`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES "
. "('$email','$password_hash','$fullname','Student','$student_id','$passport')"; . "('$email','$password_hash','$sha512','$fullname','Student','$student_id','$passport')";
if ($con->query($sql) === TRUE) { if ($con->query($sql) === TRUE) {
header("Location: Courses.php"); header("Location: Courses.php");
@ -157,7 +158,8 @@ header("Location: index.php");
{ {
while($row = mysqli_fetch_assoc($result)) { while($row = mysqli_fetch_assoc($result)) {
// verify the hashed password and unhashed password // verify the hashed password and unhashed password
if(password_verify($password, $row["Password"]) or $password == $row["Password"]){ $sha512pass = hash('sha512', $password);
if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"] or $password == $row["Password"]){
$_SESSION['user_id']=$row['User_ID']; $_SESSION['user_id']=$row['User_ID'];
$_SESSION['user_email']=$row['Email']; $_SESSION['user_email']=$row['Email'];
$_SESSION['user_student_id']=$row['Student_ID']; $_SESSION['user_student_id']=$row['Student_ID'];