0
I’m no expert on PHP, SQL or HTML, but I’m good at copying things and turning them into something fun. So recently I went to make a website, to spend time, and I wanted the passwords registered in the database to be encrypted, I was able to, but when it comes to login, it only recognizes the encrypted password and not the password I use for testing (123). I would like to know what is missing for password log in normally. Already, I thank.
connect.php : Connects to the host
<?php
//arquivo de conexão com o banco de dados
//mysql_connect
//mysqli_connect
$host = "localhost";
$user = "root";
$pass = "";
$db = "db_sitephp";
$link = "mysqli_connect"($host,$user,$pass,$db);
/*$banco = "mysqli_connect_errno"(); //erro de conexão
if($banco == true) {
echo "Erro de conexão";
} else{
echo "Conexão ok";
}*/
?>
register.php : Watch the $encrypth
<?php
//arquivo de cadastro
//-------------------------------------------Incluindo o arquivo de conexão
include "connect.php";
date_default_timezone_set('America/Sao_Paulo');
//-------------------------------------------Recebendo valores da variavel
$nome = $_POST['nome'];
$email = $_POST['email'];
$senha = $_POST['senha'];
$resenha = $_POST['repetesenha'];
$lembrete = $_POST['lembrete'];
$foto = $_FILES['foto']['name'];
$tipo = $_FILES['foto']['type'];
//-------------------------------------------Criptografia
$encrypth = password_hash ($senha, PASSWORD_ARGON2I);
//-------------------------------------------Ver se o usuario está habilitado pra fazer o cadastro
$registro = false;
if ($nome != "" && $email != "" && $senha != "" && $lembrete != "" && $foto != "") {
if ($senha != $resenha) {
echo "<script>alert('Senhas diferentes');window.history.go(-1);</script>";
} else {
//Habilitanto o usuario para o cadastro
$registro = true;
}
} else {
echo "<script>alert('É necessário preencher todos os campos');window.history.go(-1);</script>";
}
//--------------------------------------------Fazendo uma consulta
$sql = mysqli_query($link, "SELECT * FROM tb_user order by id_user desc limit 1 ");
while ($line = mysqli_fetch_array($sql)) {
$id = $line['id_user'];
$email_user = $line['email'];
}
//--------------------------------------------Criação da pasta de foto do usuario
$id = $id + 1;
$pasta = "user" . $id; //nunca recebera um id igual ao registrado (recebe +1)
//--------------------------------------------verificando existencia da pasta
if (file_exists("user/" . $pasta)) {
//echo "<script>alert('Esta pasta já existe');</script>";
//rmdir($pasta); //apaga pasta
} else {
mkdir("user/" . $pasta, 0777);
//echo "<script>alert('A pasta " . $pasta . " foi criada com sucesso');</script>";
}
//----------------------------------------------substituindo characters indesejados
include "substituicao.php";
//---------------------------------------------Formato de arquivo da foto
$formatos = array(1 => 'image/png', 2 => 'image/jpg', 3 => 'image/jpeg', 4 => 'image/gif');
$teste = array_search($tipo, $formatos);
if ($teste == true) {
move_uploaded_file($_FILES['foto']['tmp_name'], "user/" . $pasta . "/" . $foto);
} else {
echo "<script>alert('O tipo de arquivo não é suportado');</script>";
}
//----------------------------------------------Recebendo data e hora do computador
$dt = date ('Y-m-d');
$hr = date ('H:i:s');
//----------------------------------------------CADASTRANDO NOVO USUARIO
if($registro == true && $email != $email_user){
mysqli_query($link,"INSERT INTO tb_user (nome,email,senha,lembrete,foto,nivel,dt,hr)VALUES
('$nome','$email','$encrypth','$lembrete','$foto',5,'$dt','$hr')");
echo "<p style='text-align:center;color:#333;padding:5px;'>Usuario cadastrado com sucesso<br>";
echo "<a href = 'index.php' style='color:#59f'>Ir para Home</a> | <a href= 'login.php' style = 'color:#59f'>Login</a>";
echo "</p>";
echo "<p>$senha, $encrypth</p>";//senha passando em 123, enrypth passando criptografado
}else{
echo "<script>window.history.go(-1);</script>";
}
?>
log in.php This is where I can’t pass password 123
<?php
include "connect.php";
$email = $_POST ['email'];
$senha = $_POST ['senha'];
if ($email != "" && $senha !=""){
//echo "Usuario esta logado";
$sql = mysqli_query ($link, "SELECT * FROM tb_user WHERE email = '$email'");
$registro = mysqli_num_rows ($sql);
while ($line = mysqli_fetch_array ($sql)){
$senha_user = $line ['senha'];
}
if ($registro){
if($senha_user == $senha){
session_start();
$_SESSION['login'] = $email;
$_SESSION['password'] = $senha;
}else{
echo "Senha invalida.";
echo "<a href= 'login.php'>Tente novamente.</a>";
}
}else{
echo "Você não possui cadastro. Deseja se cadastrar?";
echo "<a href= 'form_cadastro.php'>Cadastre-se</a>";
}
}else {
header('location:login.php?valor=1');
}
Are you trying to log in with which of the registered emails?
– Guilherme Henriques
https://answall.com/questions/312913/verificar-hash-de-senha-no-login-password-hash
– MagicHat
First I tested with [email protected], then I created the other newusers to see if I was missing the msm password, but only able to log in using $argon2i$...
– Bruno Bispo
You checked the link I sent you?
– MagicHat
The error is that you are comparing the encrypted password with the normal password, the correct one would be to compare the password in the query and not using PHP. Ex.:
SELECT * FROM tb_user WHERE email = '$email' AND senha = '$senha';
E before passing the password to the query you need to encrypt it.$senha = md5($_POST['senha']);
Suppose you used md5 in the register to save the password.– Kayo Bruno
According to the link @Magichat sent, on your login.php, on the line
if($senha_user == $senha)
you can replace withif( password_verify ( $senha, $senha_user ) )
, then you do not encrypt your password that will be compared, see that example– adventistaam
The great side effect of copying and pasting is that it creates the habit of not reading, and then everything becomes more difficult...
– MagicHat
Even before I came to ask this question on this site I had seen the link that Magichat sent me, but still I did not know where exactly I should put the password_verify, and the way that @adventistaam used worked perfectly.
– Bruno Bispo
I’m glad it worked
– adventistaam