From 03d9c20cf74bb08d65ac1e6ada2fd030b3054ee8 Mon Sep 17 00:00:00 2001 From: Hui Lan Date: Sun, 11 Dec 2022 18:46:43 +0800 Subject: [PATCH] Use a better variable salt (to replace append_password) --- Script.php | 4 ++-- get_mysql_credentials.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Script.php b/Script.php index 54c068b..bf8f6bd 100644 --- a/Script.php +++ b/Script.php @@ -279,12 +279,12 @@ if (!empty($_POST["frm_createlecturrer"])) { $_SESSION["info_Admin_Users"]="Email address : ".$email." is already in use."; header("Location: Admin.php"); } - $password_hash = password_hash("$password-$append_password", PASSWORD_DEFAULT); + $password_hash = password_hash("$password-$salt", PASSWORD_DEFAULT); $sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`) VALUES " . "('$email','$password_hash','$fullname','$type')"; if ($con->query($sql) === TRUE) { - $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password-$append_password as password."; + $_SESSION["info_Admin_Users"] = $type . " user created successfully. Use email " . $email . " as account name and $password-$salt as password."; header("Location: Admin.php"); } else { echo "Error: " . $sql . "
" . $con->error; diff --git a/get_mysql_credentials.php b/get_mysql_credentials.php index d7f707d..71e875d 100644 --- a/get_mysql_credentials.php +++ b/get_mysql_credentials.php @@ -3,5 +3,5 @@ $csv = array_map('str_getcsv', file('./../../lrr_submission/KeepItSafe.txt')); $mysql_username = $csv[0][0]; $mysql_password = $csv[0][1]; //append password for Lecturer and TA -$append_password = "Lrr@2022" ; +$salt = "Lrr@2022" ; ?>