-
Notifications
You must be signed in to change notification settings - Fork 0
/
authenticate.php
46 lines (41 loc) · 1.36 KB
/
authenticate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<?php
header('Content-type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST');
header('Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With');
$data = json_decode(file_get_contents('php://input'), true);
$username = $data["username"];
$password = $data["password"];
// Check against database
$sql_server = "ssh.rellis.dev";
$sql_username = "ironsight";
$sql_password = "ironsight";
$dbname = "ironsight";
// Create connection
$conn = new mysqli($sql_server, $sql_username, $sql_password, $dbname);
// Check connection
if ($conn->connect_error) {
die('{"status": "no_connection"}');
}
// Table is users in ironsight database
$sql = "SELECT password FROM ironsight.users WHERE user_name = '$username'";
$result = $conn->query($sql);
// If user exists, check password
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
// if ($row["password"] == $password) {
// echo '{"status": "success"}';
// }
// Check against SHA-512 hash, 4096 iterations
if (password_verify($password, $row["password"])) {
echo '{"status": "success"}';
}
else {
echo '{"status": "wrong_password"}';
}
}
}
else {
echo '{"status": "user_not_found"}';
}