<?php
//you probably should create an include file with this pdo object creation so you don't need to put this code in every file
$db_host = "localhost";
$db_user = "myuser";
$db_password = "mydbpass";
$database_name = "mydbtable";
//our pdo object
$pdo = new PDO("mysql:host=".$db_host.";dbname=".$database_name, $db_user, $db_password);
//no need to sanitze their inputs since we're using prepared statements
$username = $some_post_variable_with_username;
$password = $some_post_variable_with_password;
$q = "SELECT * FROM users WHERE username = :name";
$query = $pdo->prepare($q);
$query->execute( array( 'name'=>$username) );
if ($query->rowCount() == 0) //no user found, create...
{
$password_hash = password_hash($password, PASSWORD_BCRYPT);
$q = "INSERT INTO users(username, password) VALUES name,:pass)";
$query = $pdo->prepare($q);
$query->execute( array( 'name'=>$username, 'pass'=>$password_hash) ); //ALWAYS store the hash, not the plaintext!!
}
else
{
//user exists. throw some error here
}
?>
<?php
//you probably should create an include file with this pdo object creation so you don't need to put this code in every file
$db_host = "localhost";
$db_user = "myuser";
$db_password = "mydbpass";
$database_name = "mydbtable";
//our pdo object
$pdo = new PDO("mysql:host=".$db_host.";dbname=".$database_name, $db_user, $db_password);
//no need to sanitze their inputs since we're using prepared statements
$username = $some_post_variable_with_username;
$password = $some_post_variable_with_password;
$q = "SELECT * FROM users WHERE username = :name";
$query = $pdo->prepare($q);
$query->execute( array( 'name'=>$username) );
if ($query->rowCount() > 0) //found a user with the name
{
$pass_hash = $query->fetch()['password']; //the hash from the db
if (password_verify($password, $pass_hash)) //checks if they match
{
//they match!! =D
}
else
{
//no match, throw some error or use some login limit to prevent bruteforce
}
}
else
{
//user doesn't exist, throw some error
}
?>
<?php
//you probably should create an include file with this pdo object creation so you don't need to put this code in every file
$db_host = "localhost";
$db_user = "myuser";
$db_password = "mydbpass";
$database_name = "mydbtable";
//our pdo object
$pdo = new PDO("mysql:host=".$db_host.";dbname=".$database_name, $db_user, $db_password);
//no need to sanitze their inputs since we're using prepared statements
$username = $some_post_variable_with_username;
$password = $some_post_variable_with_password;
$q = "SELECT * FROM users WHERE username = :name";
$query = $pdo->prepare($q);
$query->execute( array( 'name'=>$username) );
if ($query->rowCount() == 0) //no user found, create...
{
$password_hash = password_hash($password, PASSWORD_BCRYPT);
$q = "INSERT INTO users(username, password) VALUES name,:pass)";
$query = $pdo->prepare($q);
$query->execute( array( 'name'=>$username, 'pass'=>$password_hash) ); //ALWAYS store the hash, not the plaintext!!
}
else
{
//user exists. throw some error here
}
?>
<?php
//you probably should create an include file with this pdo object creation so you don't need to put this code in every file
$db_host = "localhost";
$db_user = "myuser";
$db_password = "mydbpass";
$database_name = "mydbtable";
//our pdo object
$pdo = new PDO("mysql:host=".$db_host.";dbname=".$database_name, $db_user, $db_password);
//no need to sanitze their inputs since we're using prepared statements
$username = $some_post_variable_with_username;
$password = $some_post_variable_with_password;
$q = "SELECT * FROM users WHERE username = :name";
$query = $pdo->prepare($q);
$query->execute( array( 'name'=>$username) );
if ($query->rowCount() > 0) //found a user with the name
{
$pass_hash = $query->fetch()['password']; //the hash from the db
if (password_verify($password, $pass_hash)) //checks if they match
{
//they match!! =D
}
else
{
//no match, throw some error or use some login limit to prevent bruteforce
}
}
else
{
//user doesn't exist, throw some error
}
?>
Copyright © 2024, NextGenUpdate.
All Rights Reserved.