Registering password 123 with MYSQL encryption, but only login with the password generated by the encryption

Question

Registering password 123 with MYSQL encryption, but only login with the password generated by the encryption

Asked 4 years, 7 months ago

Viewed 261 times

0

I’m no expert on PHP, SQL or HTML, but I’m good at copying things and turning them into something fun. So recently I went to make a website, to spend time, and I wanted the passwords registered in the database to be encrypted, I was able to, but when it comes to login, it only recognizes the encrypted password and not the password I use for testing (123). I would like to know what is missing for password log in normally. Already, I thank.

connect.php : Connects to the host

<?php
//arquivo de conexão com o banco de dados
//mysql_connect
//mysqli_connect
$host = "localhost";
$user = "root";
$pass = "";
$db = "db_sitephp";

$link = "mysqli_connect"($host,$user,$pass,$db);
/*$banco = "mysqli_connect_errno"(); //erro de conexão
if($banco == true) {
    echo "Erro de conexão";
}   else{
    echo "Conexão ok";
}*/


?>

register.php : Watch the $encrypth

<?php
//arquivo de cadastro

//-------------------------------------------Incluindo o arquivo de conexão
include "connect.php";
date_default_timezone_set('America/Sao_Paulo');

//-------------------------------------------Recebendo valores da variavel
$nome = $_POST['nome'];
$email = $_POST['email'];
$senha = $_POST['senha'];
$resenha = $_POST['repetesenha'];
$lembrete = $_POST['lembrete'];
$foto = $_FILES['foto']['name'];
$tipo = $_FILES['foto']['type'];


//-------------------------------------------Criptografia
$encrypth = password_hash ($senha, PASSWORD_ARGON2I);

//-------------------------------------------Ver se o usuario está habilitado pra fazer o cadastro
$registro = false;
if ($nome != "" && $email != "" && $senha != "" && $lembrete != "" && $foto != "") {

    if ($senha != $resenha) {
        echo "<script>alert('Senhas diferentes');window.history.go(-1);</script>";
    } else {
            //Habilitanto o usuario para o cadastro
        $registro = true;
    }
} else {
    echo "<script>alert('É necessário preencher todos os campos');window.history.go(-1);</script>";
}


//--------------------------------------------Fazendo uma consulta
$sql = mysqli_query($link, "SELECT * FROM tb_user order by id_user desc limit 1 ");
while ($line = mysqli_fetch_array($sql)) {
    $id = $line['id_user'];
    $email_user = $line['email']; 
}


//--------------------------------------------Criação da pasta de foto do usuario
$id = $id + 1;
$pasta = "user" . $id; //nunca recebera um id igual ao registrado (recebe +1)


//--------------------------------------------verificando existencia da pasta 
if (file_exists("user/" . $pasta)) {
    //echo "<script>alert('Esta pasta já existe');</script>";
    //rmdir($pasta); //apaga pasta
} else {
    mkdir("user/" . $pasta, 0777);
    //echo "<script>alert('A pasta " . $pasta . " foi criada com sucesso');</script>";
}

//----------------------------------------------substituindo characters indesejados
include "substituicao.php";

//---------------------------------------------Formato de arquivo da foto
$formatos = array(1 => 'image/png', 2 => 'image/jpg', 3 => 'image/jpeg', 4 => 'image/gif');
$teste = array_search($tipo, $formatos);
if ($teste == true) {
    move_uploaded_file($_FILES['foto']['tmp_name'], "user/" . $pasta . "/" . $foto);
} else {
    echo "<script>alert('O tipo de arquivo não é suportado');</script>";
}

//----------------------------------------------Recebendo data e hora do computador
$dt = date ('Y-m-d');
$hr = date ('H:i:s');

//----------------------------------------------CADASTRANDO NOVO USUARIO
if($registro == true && $email != $email_user){ 
    mysqli_query($link,"INSERT INTO  tb_user (nome,email,senha,lembrete,foto,nivel,dt,hr)VALUES 
    ('$nome','$email','$encrypth','$lembrete','$foto',5,'$dt','$hr')");
    echo "<p style='text-align:center;color:#333;padding:5px;'>Usuario cadastrado com sucesso<br>";
    echo "<a href = 'index.php' style='color:#59f'>Ir para Home</a> | <a href= 'login.php' style = 'color:#59f'>Login</a>";
    echo "</p>";
    echo "<p>$senha, $encrypth</p>";//senha passando em 123, enrypth passando criptografado
}else{
    echo "<script>window.history.go(-1);</script>";
}
?>

log in.php This is where I can’t pass password 123

<?php
include "connect.php";
$email = $_POST ['email'];
$senha = $_POST ['senha'];
if ($email != "" && $senha !=""){
    //echo "Usuario esta logado";
    $sql = mysqli_query ($link, "SELECT * FROM tb_user WHERE email = '$email'");
    $registro = mysqli_num_rows ($sql);
    while ($line = mysqli_fetch_array ($sql)){
        $senha_user = $line ['senha'];
    }
    if ($registro){
        if($senha_user == $senha){
            session_start();
            $_SESSION['login'] = $email;
            $_SESSION['password'] = $senha;





        }else{
            echo "Senha invalida.";
            echo "<a href= 'login.php'>Tente novamente.</a>";
        }
    }else{
        echo "Você não possui cadastro. Deseja se cadastrar?";
        echo "<a href= 'form_cadastro.php'>Cadastre-se</a>";
    }

}else {
    header('location:login.php?valor=1');
}

3 Newuser log in with encrypted password

Are you trying to log in with which of the registered emails?

– Guilherme Henriques

2019/11/22 at 01:48
https://answall.com/questions/312913/verificar-hash-de-senha-no-login-password-hash

– MagicHat

2019/11/22 at 01:56
First I tested with [email protected], then I created the other newusers to see if I was missing the msm password, but only able to log in using $argon2i$...

– Bruno Bispo

2019/11/22 at 02:55
You checked the link I sent you?

– MagicHat

2019/11/22 at 03:49
The error is that you are comparing the encrypted password with the normal password, the correct one would be to compare the password in the query and not using PHP. Ex.: SELECT * FROM tb_user WHERE email = '$email' AND senha = '$senha'; E before passing the password to the query you need to encrypt it. $senha = md5($_POST['senha']); Suppose you used md5 in the register to save the password.

– Kayo Bruno

2019/11/22 at 11:20
According to the link @Magichat sent, on your login.php, on the line if($senha_user == $senha) you can replace with if( password_verify ( $senha, $senha_user ) ), then you do not encrypt your password that will be compared, see that example

– adventistaam

2019/11/22 at 11:28
The great side effect of copying and pasting is that it creates the habit of not reading, and then everything becomes more difficult...

– MagicHat

2019/11/22 at 12:08
Even before I came to ask this question on this site I had seen the link that Magichat sent me, but still I did not know where exactly I should put the password_verify, and the way that @adventistaam used worked perfectly.

– Bruno Bispo

2019/11/22 at 13:24
I’m glad it worked

– adventistaam

2019/11/22 at 14:04

Show 4 more comments

1 answer

Browser other questions tagged php html mysql hash

You are not signed in. Login or sign up in order to post.

by adventistaam • **3,354** points · Answer 1 · 2019-11-22T14:08:19+00:00

According to the link that @Magichat sent in the comments.

On your.php login, on the line

if($senha_user == $senha)

You can replace it with

if( password_verify ( $senha, $senha_user ) )

In this case you don’t encrypt your $senha that will be compared.

Behold that example