Difference between revisions of "Code 1 for login.php"
From MyWiki
| Line 1: | Line 1: | ||
<source lang="php"> | <source lang="php"> | ||
| − | ?php | + | <?php |
require_once "pdo.php"; | require_once "pdo.php"; | ||
Revision as of 11:50, 11 November 2018
<?php require_once "pdo.php"; // p' OR '1' = '1 if ( isset($_POST['who']) && isset($_POST['password']) ) { $e = htmlentities($_POST['who']); $p = htmlentities($_POST['password']); $pp = password_hash($p, PASSWORD_DEFAULT); $sql = "SELECT email FROM users WHERE email = :em "; $stmt = $pdo->prepare($sql); $stmt->execute(array( ':em' => $_POST['who'])); $row = $stmt->fetch(PDO::FETCH_ASSOC); #print_r($row); echo "\n"; $EMAIL_ADDRESS = $row['email']; $ssql = "SELECT password FROM users WHERE email = :em"; $sstmt = $pdo->prepare($ssql); $sstmt->execute(array( ':em' => $_POST['who'])); $rrow = $sstmt->fetch(PDO::FETCH_ASSOC); # print_r($rrow); echo "<br>"; $HASHED_PW = $rrow['password']; if ( $isValid = password_verify($p, $HASHED_PW)) { error_log("Login success ".$_POST['who']); header("Location: autos.php?email=".urlencode($_POST['who'])); return; ##echo "<head><title>George Thompson</title></head>"; ##echo "ddddddddddddddddddddddddd"; } else { echo "<p>LOGIN FAIL</p>"; if (strpos($_POST['who'], '@') == false ) { echo "who needs @";} error_log("Login fail ".$_POST['who']." "); } ; ##echo "<head><title>George Thompson</title></head>"; ##echo "aaaaaaaaaaaaaaaaaaaaaa"; } ?>
