How to validate md5 password with database?

Asked

Viewed 3,076 times

3

In the database is already encrypted with md5, when I try to log in using:

email: [email protected] |
senha: 123456 
**ACESSO NEGADO**

and

email: [email protected] |
senha: criptografada md5
**ACESSO LIBERADO**

Follows the code

<?php include('conecta.php');
mysql_select_db(guara423_gestao) or die('Erro conexão com o banco');
session_start();
?>

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<script>
    function loginsuccessfuly(){
        setTimeout("window.location='index.php'", 1000);
    }
    function loginfailed(){
        setTimeout("window.location='login.php'", 1000);
    }
</script>

</html>
<?php
$email = $_POST['email'];
$senha = $_POST['senha'];
$scodif = md5($senha);

$sql = mysql_query("SELECT * FROM user WHERE email = '$email' and senha = '$scodif'");
$row = mysql_num_rows($sql);

if ($row > 0){
    $_SESSION['email']=$_POST['email'];
    $_SESSION['senha']=$_POST["senha"];
    echo "Logado com Sucesso. Redirecionando...";
    echo "<script>loginsuccessfuly()</script>";
}else{
    echo "Nome de usuário ou senha inválidos.";
    echo "<script>loginfailed()</script>";
}
?>
  • 2

    What is the doubt in the code? You are already checking if there is the user with email and password with md5...

  • 1

    There seems to be no error in the comparison. Maybe the problem is when saving to the session variable: $_SESSION['senha']=$_POST["senha"];. Would not be $_SESSION['senha']=$scodif ? Anyway, it’s not clear what or where the real difficulty is.

  • 2

    When you registered the user you would not have by chance made the MD5 twice? For if it accepts md5(senha), then what’s saved in the comic book is md5(md5(senha)). P.S. Do not use MD5 to protect passwords, see that other question for more details.

  • 1

    Here is the suggestion to rethink your password protection, because the MD5 only gives a silly hiding in it. MD5 (even more salt free) is not password protection, and it is currently very easy to reverse the MD5 in most cases.

1 answer

1

In the inclusion I would already perform the encryption, as wordpress already does. Mysql already has the function and therefore its inclusion could be:

"INSERT INTO user (email,senha) values (:email, MD5(:senha))"

in the test you could use the function directly:

"SELECT email,senha FROM user WHERE email = :email and senha = MD5(:senha)"

Browser other questions tagged

You are not signed in. Login or sign up in order to post.