Created
February 5, 2020 02:14
-
-
Save flackend/14a8b60043a89ee8651a5d766196e6d6 to your computer and use it in GitHub Desktop.
Parts of this are pseudo code. The bit that's in focus is the idea of checking first if the form-supplied password, when md5 hashed, matches the user's password in the database.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| try { | |
| $user = get_user_from_database($emailFromLoginForm); // pseudo | |
| if ($user->password === md5($plainTextPasswordFromLoginForm)) { | |
| // We've identified that the password in the database is a md5 hash, so | |
| // we'll salt and hash the plain-text password and save it | |
| $saltedPassword = password_hash($plainTextPasswordFromLoginForm, PASSWORD_DEFAULT); | |
| $user->password = $saltedPassword; // pseudo | |
| $user->save(); // pseudo | |
| } | |
| if (!password_verify($password, $user->password)) { | |
| throw new LoginException('Invalid password.'); | |
| } | |
| return true; | |
| } catch (LoginException $e) { | |
| log('debug', $e->getMessage()); | |
| return false; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment