From ab3691ade60f77e538263ca3b574fa0499e4c674 Mon Sep 17 00:00:00 2001
From: BodgeMaster <>
Date: Thu, 20 Feb 2020 19:40:20 +0100
Subject: [PATCH] implemented password verification

---
 threadr/login/redirect.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/threadr/login/redirect.php b/threadr/login/redirect.php
index c59d58b..f545d17 100644
--- a/threadr/login/redirect.php
+++ b/threadr/login/redirect.php
@@ -5,12 +5,21 @@ $password = $_POST['password'];
 
 
 $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
-$statement = $pdo->prepare('SELECT id, name, authentication_algorithm, authentication_string FROM users WHERE name = :username;');
+$statement = $pdo->prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;');
 $result = $statement->execute(array('username' => $username));
 if ($result) {
   //existing user name
-  print_r($statement->fetch());
+  $dbentry = $statement->fetch();
+  //chechk for correct password
+  if ($dbentry['authentication_string'] == hash($dbentry['authentication_algorithm'], $password . $dbentry['authentication_salt'])) {
+    //password correct
+    echo 1;
+  } else {
+    //password inorrect
+    echo 0;
+  }
 } else {
   //wrong user name
+  echo 0;
 }
 ?>