2020-02-19 15:50:13 +01:00
|
|
|
<?php
|
|
|
|
|
session_start();
|
|
|
|
|
$username = $_POST['username'];
|
|
|
|
|
$password = $_POST['password'];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
|
2020-02-20 19:40:20 +01:00
|
|
|
$statement = $pdo->prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;');
|
2020-02-19 15:50:13 +01:00
|
|
|
$result = $statement->execute(array('username' => $username));
|
2020-02-20 01:02:31 +01:00
|
|
|
if ($result) {
|
|
|
|
|
//existing user name
|
2020-02-20 19:40:20 +01:00
|
|
|
$dbentry = $statement->fetch();
|
|
|
|
|
//chechk for correct password
|
|
|
|
|
if ($dbentry['authentication_string'] == hash($dbentry['authentication_algorithm'], $password . $dbentry['authentication_salt'])) {
|
|
|
|
|
//password correct
|
|
|
|
|
echo 1;
|
|
|
|
|
} else {
|
|
|
|
|
//password inorrect
|
|
|
|
|
echo 0;
|
|
|
|
|
}
|
2020-02-20 01:02:31 +01:00
|
|
|
} else {
|
|
|
|
|
//wrong user name
|
2020-02-20 19:40:20 +01:00
|
|
|
echo 0;
|
2020-02-20 01:02:31 +01:00
|
|
|
}
|
2020-02-19 15:50:13 +01:00
|
|
|
?>
|
