How to match login and password during authorization in PHP and how to brute force passwords?

D

Daniil Sukhikh2018-04-04 14:06:32

PHP

Daniil Sukhikh, 2018-04-04 14:06:32

How to match username and password during authorization?
And how to do a password search as in the login, something like in_array only in password_verify.
Script for checking login and passwords:

<?php
require 'libs/bd.php';
$date = $_POST;
$errors = array();
if (isset($date['log_b'])) {

$logins = array(
  'DanchikRaw',
  'AdminGeo'
);
if (!in_array($date['login'], $logins)){
  $errors[] = 'Ошибка: Не верный логин!';
}

$hash = '$2y$10$ASQqRvHmtXpyYHy7gQ5JeukK/TtJGwmZeKfhhxWnCygvieN/1ykcW';
$passv = password_verify($date['pass'], $hash);

if ($passv != true) {
  $errors[] = 'Ошибка: Пароль не верный!';
}
if (empty($errors)) {
  if ($date['login'] == 'DanchikRaw') {
    $_SESSION['login'] = array(
    'dost' => 'admin',
    'login' => 'DanchikRaw',
    'name' => 'Даниил',
  );
  } elseif ($date['login'] == 'AdminGeo') {
    $_SESSION['login'] = array(
    'dost' => 'admin',
    'login' => 'AdminGeo',
    'name' => 'Елена',
  );
  }
  header('Location: /');
}
}
echo array_shift($errors);
?>

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

B

Boris Korobkov, 2018-04-04
@BorisKorobkov

Usually it is enough that the password does not match the login. And entries can not be checked.