malango
/
LRR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Script.php: login backward compatibility 

Make sure the really old, legitimate users could still login.

Note that these users' passwords were first encrypted by SHA512 then stored in column HashPassword.

In recent updates, we totally disuse HashPassword.  The hashed password (using Php's built-in function password_hash) is stored in column Password instead.

- Group: Ashly Tafadzwa Dhani, Samantha Rusike

2020-03-18
Bug460-Malango
Hui Lan 2020-03-18 22:07:13 +08:00
parent 41aa01579c
commit 1aec051398
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Script.php
View File

@ -10,7 +10,7 @@
session_start();
date_default_timezone_set('Asia/Shanghai');
// CONNeCTION
$con=mysqli_connect("localhost","Ashly","Teecloudy","lrr");
$con=mysqli_connect("localhost","Teecloudy","5q7Ol2e!#!","lrr");
// Check connection
if (mysqli_connect_errno())
{
@ -123,9 +123,10 @@ if (!empty($_POST["frm_signup_1"])) {
return;
}
//applying password_hash()
$sha512=hash('sha512', $password);
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES "
. "('$email','$password_hash','$fullname','Student','$student_id','$passport')";
$sql= "INSERT INTO `users_table`(`Email`, `Password`, `HashPassword`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES "
. "('$email','$password_hash','$sha512','$fullname','Student','$student_id','$passport')";
if ($con->query($sql) === TRUE) {
header("Location: Courses.php");
@ -157,7 +158,8 @@ header("Location: index.php");
{
while($row = mysqli_fetch_assoc($result)) {
// verify the hashed password and unhashed password
if(password_verify($password, $row["Password"]) or $password == $row["Password"]){
$sha512pass = hash('sha512', $password);
if(password_verify($password, $row["Password"]) or $sha512pass == $row["HashPassword"] or $password == $row["Password"]){
$_SESSION['user_id']=$row['User_ID'];
$_SESSION['user_email']=$row['Email'];
$_SESSION['user_student_id']=$row['Student_ID'];