Hi, i've not been around or using PHP Runner for a while due to other projects but I've just updated to 9.6, looks great.
I wanted to know how to swap out the MD5 encryption for the newer PHP functions, password_hash and password_verify, so i could connect to a Laravel application.
Ideally I wanted to do it in the events so i don't have to mess with the installation.
I used the events template for this but you can just swap out the evusers for your own user table name.
Update the evusers table from the default 50 chars to 100.
I then entered this into the AfterSuccessfulRegistration event which encrypts the password.
$password = password_hash( $userdata['Password'], PASSWORD_DEFAULT );
$sql = "UPDATE evusers SET password = '".$password."' WHERE Email='".$userdata['Email']."' AND Username='".$userdata['Username']."'";
CustomQuery($sql);
I was thinking about intercepting the BeforeLogin event but then I need to stop the control returning to the other login functions and bypass them so that wouldn't work.
Then I was looking at the AfterUnsuccessfulLogin event, check the login, log them in and then use header:location to redirect the user to the landing page.
global $conn;
$strSQLExists = "SELECT * FROM evusers WHERE Username='".$username."'";
$rsExists = db_query($strSQLExists,$conn);
$data=db_fetch_array($rsExists);
if($data)
{
// check the password
if (password_verify( $password, $data['Password'] )) {
// 'Password is valid against the hash so log them in';
$_SESSION['UserID'] = $data['Username'];
$_SESSION['UserName'] = $data['Username'];
$_SESSION['GroupID'] = $data['Username'];
$_SESSION['AccessLevel'] = 'user'
$_SESSION['fromFacebook'] = '';
$_SESSION['OwnerID'] = $data['ID'];
$_SESSION['_evcategories_OwnerID'] = $data['ID'];
$_SESSION['_evtellfriend_OwnerID'] = $data['ID'];
$_SESSION['_evusers_OwnerID'] = $data['ID'];
$_SESSION['_evevents_OwnerID'] = $data['ID'];
//********** Redirect to another page ************
header("location:menu.php");
exit;
} else {
$message = 'Invalid Password against the hash.';
}
}
else
{
// if doesn't exist then let it fail
$message = 'Invalid Record.';
}
Any use to anyone or any ideas to improve it?