1
I’m setting up a login system. But I can’t validate the password entered.
When I try this way it accuses wrong login/password. But I’ve made sure, the login and password are correct:
<?php
require_once 'init.php';
// resgata dados digitados no formulario
$email = isset($_POST['email']) ? $_POST['email']: '';
$senha = isset($_POST['senha']) ? $_POST['senha']: '';
// Verifica se os campos do form nao estao vazios
if(empty($email) || empty($senha)){
echo "<script language='javascript' type='text/javascript'>alert('Infome Email e senha.');window.location.href='../login.php';</script>";
exit;
}
// Comando no banco de dados
$pdo = db_connect(); // Abre conexão com o banco
$sql = "SELECT id, nome FROM usuarios WHERE email = :email AND senha = :senha";
// Cria query
$stmt = $pdo->prepare($sql); // Prepare da query
$stmt->bindValue(':email', $email);
$stmt->bindValue(':senha', $senha);
// Atribui valor do campo email no valor email da query
$stmt->execute(); // Execute na query
$arr = $stmt->fetchAll(PDO::FETCH_ASSOC); // Cria array associativo
if(count($arr) <= 0) { // Verifica se a busca trouxe retorno
echo "<script language='javascript' type='text/javascript'>alert('Login e/ou senha inválido!');window.location.href='../login.php';</script>";
exit;
}
// Pega o primeiro usuario
$user = $arr[0];
// Inicia a sessão
session_start();
// Definir os dados persistindo entre paginas
$_SESSION['logged_in'] = true;
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_name'] = $user['nome'];
header('Location: ../index.php');
When I give var_dump($arr);
it returns me an empty array, so it does not log in.
Someone could help me?
Grateful!
======= DEBUG =======
Current code: http://pastebin.com/QPa2555i
Email: [email protected] | Password: 123456
Right user, wrong password: Result: accuses wrong password
Right user, right password: Result: wrong password also
Wrong user, right password: Result: accuses user not found
Wrong user, wrong password: Result: accuses user not found either
With correct user and password, using var_dump($password) and var_dump($arr[0]['password'])
Now with the line if (!password_verify($senha, $arr[0]['senha'])) {
before was without the !
The password is not converted in the comic book right?
– Lucas Mota
The password in the bank is encrypted, I used password_hash to encrypt
– Gabriel
This is the case we have to solve then:
usuário certo, senha certa: Result: acusa senha errada também
– Not The Real Hemingway