0
I want to create a panel with a secure login environment, using PDO as a validation.
To explain, I am using the IPB forum database, basically I want to take advantage of the same forum user and create an environment for the registered member in my forum access new functions, and here goes the code:
database php.
// HOST MYSQL - FORUM IPB
$host_ipb="127.0.0.1";
$db_ipb="forum";
$user_ipb="root";
$userpass_ipb="root";
try {
$con_ipb = new PDO("mysql:host=$host_ipb;dbname=$db_ipb",$user_ipb,$userpass_ipb,array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
functions.php
Function login($con_ipb, $email, $password){
/* Verificando o members_pass_salt do email solicitado */
$dados_email=array(':email'=>$email);
$p_query_email = $con_ipb->prepare("SELECT * FROM ipb_core_members WHERE email=:email");
$p_query_email->execute($dados_email);
$usuario_email = $p_query_email->fetchAll(PDO::FETCH_OBJ);
foreach ($usuario_email as $usuario_email2) {
$members_pass_salt = $usuario_email2->members_pass_salt;
}
/* Conversão da senha para members_pass_hash do IPB */
$members_pass_hash = crypt( $senha, '$2a$13$' . $members_pass_salt );
/* Fazendo checagem de email e senha(members_pass_hash) e autorizando a sessão */
$dados_user_pass=array(':email'=>$email,':members_pass_hash'=>$members_pass_hash);
$p_query_verifica = $con_ipb->prepare("SELECT * FROM ipb_core_members WHERE email=:email and members_pass_hash=:members_pass_hash");
$p_query_verifica->execute($dados_user_pass);
$email_senha = $p_query_verifica->fetch(PDO::FETCH_OBJ);
$error_data = false;
if ($email_senha) {
ini_set('default_charset','UTF-8');
$_SESSION["email_senha"]=$email_senha;
$_SESSION['email'] = $email;
header("Location:dashboard.html");
}else{
header("Location:error.html");
}}
check.php
require_once('configs/functions.php');
$email = $_POST['email'];
$senha = $_POST['senha'];
echo login($con_ipb, $email, $senha).PHP_EOL;
It is functional, error free. My question is whether it is safe to use in a safe environment with no possibility of SQL Injection.
Thank you!
Possible duplicate of https://answall.com/questions/3864
– Costamilam
Where would this possible duplicate be?
– Marcelo Cordeiro
I believe @Guilhermecostamilam didn’t mean duplicate but give you a post that talks about preventing sql Injection
– user60252
@Leocaracciolo understand, only that I’m still really learning about php programming with Pdo, and I can’t see problems, even if I read the links he sent. I need a look from another more experienced programmer.
– Marcelo Cordeiro
You have already read this https://secure.php.net/manual/en/security.database.sql-injection.php#security.database.avoiding
– user60252