This repository has been archived by the owner on May 28, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
checkpw.php
59 lines (57 loc) · 1.6 KB
/
checkpw.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<html>
<head>
</head>
<body>
<?php
if (isset($_GET['username']) !== True){
$errormsg = "'username' variable is missing. Unable to perform password check.";
header("Location: apierr.php?emg=" . bin2hex($errormsg)."&es=".bin2hex(basename(__FILE__)));
die();
}
if (isset($_GET['pw']) !== True){
$errormsg = "'pw' variable is missing. Unable to perform password check.";
header("Location: apierr.php?emg=" . bin2hex($errormsg)."&es=".bin2hex(basename(__FILE__)));
die();
}
$db = "auths.db";
if ($_GET["username"] == "" || $_GET["pw"]==""){
echo "1.False";
return False;
}
if(strpos(file_get_contents($db),strtolower($_GET["username"])) !== false) {
$search = strtolower($_GET["username"]);
$line_number = false;
if ($handle = fopen($db, "r")) {
$count = 0;
while (($line = fgets($handle, 4096)) !== FALSE and !$line_number) {
$count++;
$line_number = (strpos($line, $search) !== FALSE) ? $count : $line_number;
}
fclose($handle);
$lines = file($db);
//echo $lines[$line_number - 1]; //Database login data , username:pw_in_md5:last_login_ip
$dbline = $lines[$line_number - 1];
$dbcontent = explode(":",$dbline);
$options = ['cost' => 12,];
$hasedmd5pw = $dbcontent[1];
$encodedpw = bin2hex(hash("sha256",strtolower($hasedmd5pw)));
$llip = $dbcontent[2];
}else{
echo "DataBase Error";
return Null;
}
if ($_GET["pw"] == $encodedpw){
echo "True";
}else{
echo '2.False';
//echo $encodedpw;
echo strtolower($hasedmd5pw);
return False;
}
} else{
echo '3.False';
return False;
}
?>
</body>
</html>