Wrong login and password with php

Asked

Viewed 979 times

1

Good afternoon, I am creating a simple login and password system but I came across some strange error, when I put the email and password and try to enter it accuses me that the password is wrong, and I check in the bank the information is right, I don’t know why but here are two images for you to understand...

the first image is the bank information...

inserir a descrição da imagem aqui

The second picture and what’s happening as I try to get inside...

inserir a descrição da imagem aqui

My code php: 

<?php 
include("conexao.php");

if(isset($_POST['email']) && strlen($_POST['email']) > 0){

    if(!isset($_SESSION))
        session_start();

    $_SESSION['email'] = $mysqli -> escape_string($_POST['email']);
    $_SESSION['senha'] = md5(md5($_POST['senha']));


    $sql_code = "SELECT senha, codigo FROM usuario WHERE email = '$_SESSION[email]'";
    $sql_query = $mysqli -> query($sql_code) or die ($mysqli -> error);
    $dado = $sql_query->fetch_assoc();
    $total = $sql_query-> num_rows;


    if($total == 0){
        $erro[] = "Este email não pertence a nenhum usuário.";
    }
    else{
        if($dado['senha'] == $_SESSION['senha']){

            $_SESSION['usuario'] = $dado['codigo'];

        } else{

            $erro[] = "Senha incorreta.";
        }

    }

    if(count($erro) == 0 || !isset($erro)){
        echo "<script>alert('Login efetuado com sucesso... Seja bem vindo'); location.href='sucesso.php';</script>";
    }

}


?>



<html>
<head></head>
<body>
<?php if(count($erro) > 0)
        foreach($erro as $msg){
            echo "<p>$msg</p>";
        }


    ?>

    <form method="POST" action="">
    <input value="" type="text" placeholder="email" name="email">
    <input type="password" name="senha">

        <input type="submit" value="Entrar">



    </form>


    </body>

</html>

Someone could help me, I’m studying this part of php and with database....

php mysql

1 answer

3


This gives that "the password is wrong" because you in the BD have 1234 in "Plain-text" and then you will compare with a hash (md5(md5($_POST['senha']))) , that is, the password you have stored in the database is different from the hashed password you are comparing it to, 1234 != md5(md5(1234())...

That being said, what you should do is also insert the hash in the BD so that the comparison, if the correct password, is the same. Instead of storing in BD as "1234" you should insert it as hash as well md5(md5(1234));, so that when you compare with the password entered in the login the two are equal and the login is successful.

NOTE: yesterday I answered a question that had to do with MD5, although this theme is not relevant to this question you should know this: MD5 passwords encryption?

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.