3
In the database is already encrypted with md5, when I try to log in using:
email: [email protected] |
senha: 123456
**ACESSO NEGADO**
and
email: [email protected] |
senha: criptografada md5
**ACESSO LIBERADO**
Follows the code
<?php include('conecta.php');
mysql_select_db(guara423_gestao) or die('Erro conexão com o banco');
session_start();
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<script>
function loginsuccessfuly(){
setTimeout("window.location='index.php'", 1000);
}
function loginfailed(){
setTimeout("window.location='login.php'", 1000);
}
</script>
</html>
<?php
$email = $_POST['email'];
$senha = $_POST['senha'];
$scodif = md5($senha);
$sql = mysql_query("SELECT * FROM user WHERE email = '$email' and senha = '$scodif'");
$row = mysql_num_rows($sql);
if ($row > 0){
$_SESSION['email']=$_POST['email'];
$_SESSION['senha']=$_POST["senha"];
echo "Logado com Sucesso. Redirecionando...";
echo "<script>loginsuccessfuly()</script>";
}else{
echo "Nome de usuário ou senha inválidos.";
echo "<script>loginfailed()</script>";
}
?>
What is the doubt in the code? You are already checking if there is the user with email and password with md5...
– Guilherme Lopes
There seems to be no error in the comparison. Maybe the problem is when saving to the session variable:
$_SESSION['senha']=$_POST["senha"];. Would not be$_SESSION['senha']=$scodif? Anyway, it’s not clear what or where the real difficulty is.– Daniel Omine
When you registered the user you would not have by chance made the MD5 twice? For if it accepts
md5(senha), then what’s saved in the comic book ismd5(md5(senha)). P.S. Do not use MD5 to protect passwords, see that other question for more details.– mgibsonbr
Here is the suggestion to rethink your password protection, because the MD5 only gives a silly hiding in it. MD5 (even more salt free) is not password protection, and it is currently very easy to reverse the MD5 in most cases.
– Bacco