prepare('SELECT * FROM users WHERE username = ? LIMIT 1');
$st->execute([$username]);
$user = $st->fetch(PDO::FETCH_ASSOC);
$ok = false;
if ($user) {
// Foretræk moderne kolonne 'password' (password_hash())
if (!empty($user['password']) && password_verify($password, $user['password'])) {
$ok = true;
}
// Legacy fallback: 'password_hash' (egen hash fra gammel version)
if (!$ok && !empty($user['password_hash'])) {
// Forventet format: enten salt$sha256(salt+pw) eller ren sha256
$ph = $user['password_hash'];
if (strpos($ph, '$') !== false) {
[$salt, $hash] = explode('$', $ph, 2);
$ok = (hash('sha256', $salt . $password) === $hash);
} else {
$ok = (hash('sha256', $password) === $ph);
}
}
}
if ($ok) {
$_SESSION['user'] = [
'id' => $user['id'],
'username' => $user['username'],
'role' => $user['role'] ?: 'user',
];
header('Location: index.php');
exit;
} else {
$error = 'Forkert brugernavn eller adgangskode.';
}
} else {
$error = 'Udfyld begge felter.';
}
}
?>
Login – Twitch PHP Bot