2
I created a login form with the following code:
Login.html:
<form action="login.php" method="post">
<input type="hidden" name="id" value=''>
Usuário<input type="text" name="usuario" id="usuario" >
Senha<input type="password" name="senha" id="senha">
<input type="submit" name="entrar" id="entrar" value="Entrar">
</form>
The php code:
Login.php:
<?php
//inclui arquivo com conexao ao banco
include_once('db.php');
$usuario = mysql_real_escape_string($_POST['usuario']);
$senha = md5(mysql_real_escape_string(($_POST['senha'])));
$entrar = $_POST['entrar'];
if ($_POST['entrar']) {
$sql = "SELECT * FROM login WHERE usuario='$usuario' AND senha='$senha'" or die("erro ao selecionar");
$acao_sql = $mysqli->query($sql);
if ($acao_sql=mysqli_num_rows($sql)>=0){
setcookie("usuario",$usuario);
header("Location:painel.php");
}else{
echo"<script language='javascript' type='text/javascript'>alert('Login e/ou senha incorretos');window.location.href='login.html';</script>";
die();
}
}
?>
The problem is that any password and user I put in, it enters the system (panel.php).
http://answall.com/questions/13386/login-em-php-com-niveis-de-permissao?rq=1 I made a very similar example but, serves as a basis!
– user6026
Just as a recommendation: do not use MD5 because it is more than proven that it is not very safe these days - use another hashing method like bcrypt or at least SHA512 with 12 characters. You can always improve this with an additional field in the database, known as SALT, which is generated in a unique way and does not repeat, increased attack difficulty.
– Mário Rodrigues
@walrus I will research on this, thank you for the tip!
– GustavoCave