Last active
October 17, 2016 21:52
-
-
Save Ferrmolina/b90507d9532459c7ad6050a6688c6c8a to your computer and use it in GitHub Desktop.
Comparar passwords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * En base al usuario, y la contraseña que el usuario envía, buscar el nombre de usuario en la base de datos, | |
| * devolver el hash almacenado y guardarlo en una variable. Con el hash almacenado, usar crypt() para generar hash. | |
| * Si ambos hash (con hash_equals) son iguales, devuelve true, si no, false. | |
| * @param string: $initialPassword | Password provided by user | |
| * @param string: $username | Username provided by user | |
| * @return string | |
| */ | |
| private function comparePassword($initialPassword, $username) { | |
| $mysqli = $this->db->conexion(); | |
| $sql = $mysqli->prepare("SELECT username, password FROM usuarios WHERE username = ?"); | |
| $sql->bind_param("s", $username); | |
| $sql->bind_result($username, $hashInDatabase); | |
| $sql->execute(); | |
| while ($sql->fetch()) { | |
| $hashAComprobar = crypt($initialPassword, $hashInDatabase); | |
| $passwordHashingResult = hash_equals($hashInDatabase, $hashAComprobar); | |
| $mysqli->close(); | |
| return ($passwordHashingResult) ? self::MESSAGE_LOGIN_SUCCESS : self::MESSAGE_LOGIN_ERROR; | |
| } | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment