-2
Hello, I have the following code:
<?php
session_start();
require_once('conecta.php');
$email = sha1($_POST['email']);
$senha = $_POST['senha'];
$sql = "SELECT * FROM dados WHERE email = '$email' AND senha = '$senha'";
$objDb = new db();
$link = $objDb->conecta_mysql();
$resultado = mysqli_query($link, $sql);
if ($resultado) {
$dados = mysqli_fetch_array($resultado);
if (isset($dados['email'])) {
$_SESSION['email'] = $dados["email"];
$_SESSION['nome'] = $dados["nome"];
header('Location: indexVol.php');
} else {
header('Location: entrar.php?erro=1');
}
} else {
echo 'Erro na execução da consulta, favor entrar em contato com o admin do site';
}
?>
But when I try to log in, it goes straight to header('Location: entrar.php?erro=1');
, as if the database has no registered email and password, but it does. Does anyone have any idea what might be wrong? I know the code is not safe to sql Injection, but this is just a test for me to understand.
Note: The page is hosted on locaweb.com
, I don’t know if there mysqli_fetch_array
is available for use because Xampp works normally!
Let’s debug this, before your if($result) add echo mysqli_num_rows($result); and check how many lines your query returned! Then post here.
– Rafael Salomão
@Rafaelsalomão He returns no error, I asked for one
var_dump($resultado)
and he returns onlyobject(mysqli_result)#3 (0) { }
– Arthur Oliveira
If it does not return any line it means that there are no records with the login and password entered. If you use sha1 to save the password in the table at login time you must take the entered password and convert to sha1. Though I have said I make it clear that this code of yours is insecure!
– Rafael Salomão
But there’s the record, I changed it, I took sha1 out of the code, I re-signed it, and the
var_dump($resultado)
keeps coming empty, even though the register is in the bank!– Arthur Oliveira
@Rafaelsalomão I found out what the error was, I looked at the log in the hosting directory, and I had an error on another page, because of Session. Because in Locaweb you need to change the storage location of the Session, and I had not done that on the page the user is redirected after logging in! Thank you so much for your help!
– Arthur Oliveira
Show Arthur, but take a look at the stack has many examples to mount the secure login.
– Rafael Salomão