mirror of
https://github.com/AuthMe/AuthMeReloaded.git
synced 2024-11-22 10:15:18 +01:00
#533 Add integration sample for BCrypt
This commit is contained in:
parent
05e79e6356
commit
5795b9d8fd
86
samples/website_integration/bcrypt/form.php
Normal file
86
samples/website_integration/bcrypt/form.php
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
<!--
|
||||||
|
This is a demo page for AuthMe website integration with BCrypt.
|
||||||
|
See integration.php for the PHP code you need.
|
||||||
|
-->
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<title>AuthMe Integration Sample</title>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<?php
|
||||||
|
error_reporting(E_ALL);
|
||||||
|
|
||||||
|
$action = get_from_post_or_empty('action');
|
||||||
|
$user = get_from_post_or_empty('username');
|
||||||
|
$pass = get_from_post_or_empty('password');
|
||||||
|
|
||||||
|
$was_successful = false;
|
||||||
|
if ($action && $user && $pass) {
|
||||||
|
require_once('integration.php');
|
||||||
|
if ($action === 'Log in') {
|
||||||
|
$was_successful = process_login($user, $pass);
|
||||||
|
} else if ($action === 'Register') {
|
||||||
|
$was_successful = process_register($user, $pass);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$was_successful) {
|
||||||
|
echo '<h1>Login sample</h1>
|
||||||
|
This is a demo form for AuthMe website integration. Enter your AuthMe login details
|
||||||
|
into the following form to test it.
|
||||||
|
<form method="post">
|
||||||
|
<table>
|
||||||
|
<tr><td>Name</td><td><input type="text" value="' . htmlspecialchars($user) . '" name="username" /></td></tr>
|
||||||
|
<tr><td>Pass</td><td><input type="password" value="' . htmlspecialchars($pass) . '" name="password" /></td></tr>
|
||||||
|
<tr>
|
||||||
|
<td><input type="submit" name="action" value="Log in" /></td>
|
||||||
|
<td><input type="submit" name="action" value="Register" /></td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</form>';
|
||||||
|
}
|
||||||
|
|
||||||
|
function get_from_post_or_empty($index_name) {
|
||||||
|
return trim(
|
||||||
|
filter_input(INPUT_POST, $index_name, FILTER_UNSAFE_RAW, FILTER_REQUIRE_SCALAR | FILTER_FLAG_STRIP_LOW)
|
||||||
|
?: '');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// Login logic
|
||||||
|
function process_login($user, $pass) {
|
||||||
|
if (authme_check_password($user, $pass)) {
|
||||||
|
printf('<h1>Hello, %s!</h1>', htmlspecialchars($user));
|
||||||
|
echo 'Successful login. Nice to have you back!'
|
||||||
|
. '<br /><a href="form.php">Back to form</a>';
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
echo '<h1>Error</h1> Invalid username or password.';
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Register logic
|
||||||
|
function process_register($user, $pass) {
|
||||||
|
if (authme_has_user($user)) {
|
||||||
|
echo '<h1>Error</h1> This user already exists.';
|
||||||
|
} else {
|
||||||
|
// Note that we don't validate the password or username at all in this demo...
|
||||||
|
$register_success = authme_register($user, $pass);
|
||||||
|
if ($register_success) {
|
||||||
|
printf('<h1>Welcome, %s!</h1>Thanks for registering', htmlspecialchars($user));
|
||||||
|
echo '<br /><a href="form.php">Back to form</a>';
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
echo '<h1>Error</h1>Unfortunately, there was an error during the registration.';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
107
samples/website_integration/bcrypt/integration.php
Normal file
107
samples/website_integration/bcrypt/integration.php
Normal file
@ -0,0 +1,107 @@
|
|||||||
|
<?php
|
||||||
|
/*****************************************************************************
|
||||||
|
* AuthMe website integration logic for BCrypt *
|
||||||
|
* -------------------------------- *
|
||||||
|
* Check with authme_check_password() whether the received username and *
|
||||||
|
* password match the AuthMe MySQL database. Don't forget to adjust the *
|
||||||
|
* database info in authme_get_hash(). *
|
||||||
|
* *
|
||||||
|
* Source: https://github.com/AuthMe-Team/AuthMeReloaded/ *
|
||||||
|
*****************************************************************************/
|
||||||
|
|
||||||
|
/** The name of the authme MySQL table. */
|
||||||
|
define('AUTHME_TABLE', 'authme');
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Entry point function to check supplied credentials against the AuthMe database.
|
||||||
|
*
|
||||||
|
* @param string $username the username
|
||||||
|
* @param string $password the password
|
||||||
|
* @return bool true iff the data is correct, false otherwise
|
||||||
|
*/
|
||||||
|
function authme_check_password($username, $password) {
|
||||||
|
if (is_scalar($username) && is_scalar($password)) {
|
||||||
|
$hash = authme_get_hash($username);
|
||||||
|
if ($hash) {
|
||||||
|
return password_verify($password, $hash);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a connection to the database.
|
||||||
|
*
|
||||||
|
* @return mysqli|null the mysqli object or null upon error
|
||||||
|
*/
|
||||||
|
function authme_get_mysqli() {
|
||||||
|
$mysqli = new mysqli('localhost', 'root', '', 'authme');
|
||||||
|
if (mysqli_connect_error()) {
|
||||||
|
printf('Could not connect to AuthMe database. Errno: %d, error: "%s"',
|
||||||
|
mysqli_connect_errno(), mysqli_connect_error());
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return $mysqli;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retrieves the hash associated with the given user from the database.
|
||||||
|
*
|
||||||
|
* @param string $username the username whose hash should be retrieved
|
||||||
|
* @return string|null the hash, or null if unavailable (e.g. username doesn't exist)
|
||||||
|
*/
|
||||||
|
function authme_get_hash($username) {
|
||||||
|
// Add here your database host, username, password and database name
|
||||||
|
$mysqli = authme_get_mysqli();
|
||||||
|
if ($mysqli !== null) {
|
||||||
|
$stmt = $mysqli->prepare('SELECT password FROM ' . AUTHME_TABLE . ' WHERE username = ?');
|
||||||
|
$stmt->bind_param('s', $username);
|
||||||
|
$stmt->execute();
|
||||||
|
$stmt->bind_result($password);
|
||||||
|
if ($stmt->fetch()) {
|
||||||
|
return $password;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns whether the user exists in the database or not.
|
||||||
|
*
|
||||||
|
* @param string $username the username to check
|
||||||
|
* @return bool true if the user exists; false otherwise
|
||||||
|
*/
|
||||||
|
function authme_has_user($username) {
|
||||||
|
$mysqli = authme_get_mysqli();
|
||||||
|
if ($mysqli !== null) {
|
||||||
|
$stmt = $mysqli->prepare('SELECT 1 FROM ' . AUTHME_TABLE . ' WHERE username = ?');
|
||||||
|
$stmt->bind_param('s', $username);
|
||||||
|
$stmt->execute();
|
||||||
|
return $stmt->fetch();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Defensive default to true; we actually don't know
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Registers a player with the given username.
|
||||||
|
*
|
||||||
|
* @param string $username the username to register
|
||||||
|
* @param string $password the password to associate to the user
|
||||||
|
* @return bool whether or not the registration was successful
|
||||||
|
*/
|
||||||
|
function authme_register($username, $password) {
|
||||||
|
$mysqli = authme_get_mysqli();
|
||||||
|
if ($mysqli !== null) {
|
||||||
|
$hash = password_hash($password, PASSWORD_BCRYPT);
|
||||||
|
$stmt = $mysqli->prepare('INSERT INTO ' . AUTHME_TABLE . ' (username, realname, password, ip) '
|
||||||
|
. 'VALUES (?, ?, ?, ?)');
|
||||||
|
$username_low = strtolower($username);
|
||||||
|
$stmt->bind_param('ssss', $username, $username_low, $hash, $_SERVER['REMOTE_ADDR']);
|
||||||
|
return $stmt->execute();
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
@ -1,5 +1,5 @@
|
|||||||
<!--
|
<!--
|
||||||
This is a demo page for AuthMe website integration.
|
This is a demo page for AuthMe website integration with SHA256.
|
||||||
See integration.php for the PHP code you need.
|
See integration.php for the PHP code you need.
|
||||||
-->
|
-->
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
@ -36,7 +36,7 @@ into the following form to test it.
|
|||||||
<table>
|
<table>
|
||||||
<tr><td>Name</td><td><input type="text" value="' . htmlspecialchars($user) . '" name="username" /></td></tr>
|
<tr><td>Name</td><td><input type="text" value="' . htmlspecialchars($user) . '" name="username" /></td></tr>
|
||||||
<tr><td>Pass</td><td><input type="password" value="' . htmlspecialchars($pass) . '" name="password" /></td></tr>
|
<tr><td>Pass</td><td><input type="password" value="' . htmlspecialchars($pass) . '" name="password" /></td></tr>
|
||||||
<tr><td colspan="2"><input type="submit" value=" Log in " />
|
<tr><td colspan="2"><input type="submit" value=" Log in " /></td></tr>
|
||||||
</table>
|
</table>
|
||||||
</form>';
|
</form>';
|
||||||
}
|
}
|
@ -1,6 +1,6 @@
|
|||||||
<?php
|
<?php
|
||||||
/*****************************************************************************
|
/*****************************************************************************
|
||||||
* AuthMe website integration logic *
|
* AuthMe website integration logic for SHA256 *
|
||||||
* -------------------------------- *
|
* -------------------------------- *
|
||||||
* Check with authme_check_password() whether the received username and *
|
* Check with authme_check_password() whether the received username and *
|
||||||
* password match the AuthMe MySQL database. Don't forget to adjust the *
|
* password match the AuthMe MySQL database. Don't forget to adjust the *
|
Loading…
Reference in New Issue
Block a user