Difference between revisions of "Code 1 for login.php"

From MyWiki
Jump to: navigation, search
(Created page with "< source lang="php"> ?php require_once "pdo.php"; // p' OR '1' = '1 if ( isset($_POST['who']) && isset($_POST['password']) ) { $e = htmlentities($_POST['who']); $p...")
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
< source lang="php">
+
<source lang="php">
 
+
?php
+
require_once "pdo.php";
+
 
+
// p' OR '1' = '1
+
 
+
if ( isset($_POST['who']) && isset($_POST['password'])  ) {
+
    $e = htmlentities($_POST['who']);
+
    $p = htmlentities($_POST['password']);
+
    $pp = password_hash($p, PASSWORD_DEFAULT);
+
 
+
    $sql = "SELECT email FROM users WHERE email = :em ";
+
    $stmt = $pdo->prepare($sql);
+
 
     $stmt->execute(array(
 
     $stmt->execute(array(
 
                         ':em' => $_POST['who']));
 
                         ':em' => $_POST['who']));
Line 47: Line 34:
 
}
 
}
 
?>
 
?>
 +
<html>
 +
<head><title>George Thompson</title></head>
 +
<p>Please Log In</p>
 +
<form method="post">
 +
<p>Email:
 +
<input type="text" size="40" name="who"></p>
 +
<p>Password:
 +
<input type="text" size="40" name="password"></p>
 +
<p><input type="submit" value="Login"/>
 +
</form>
 +
<p>
 +
</html>
 +
  
  
 
</source>
 
</source>

Latest revision as of 11:51, 11 November 2018

    $stmt->execute(array(
                        ':em' => $_POST['who']));
    $row = $stmt->fetch(PDO::FETCH_ASSOC);
#print_r($row);
echo "\n";
 
$EMAIL_ADDRESS = $row['email'];
    $ssql = "SELECT password FROM users WHERE email = :em";
    $sstmt = $pdo->prepare($ssql);
    $sstmt->execute(array(
                        ':em' => $_POST['who']));
    $rrow = $sstmt->fetch(PDO::FETCH_ASSOC);
#    print_r($rrow);
echo "<br>";
$HASHED_PW = $rrow['password'];
if ( $isValid = password_verify($p, $HASHED_PW)) {
            error_log("Login success ".$_POST['who']);
            header("Location: autos.php?email=".urlencode($_POST['who']));
            return;
##echo "<head><title>George Thompson</title></head>";
##echo "ddddddddddddddddddddddddd";

}
else {
    echo "<p>LOGIN FAIL</p>";
    if (strpos($_POST['who'], '@') == false ) { echo "who needs @";}
    error_log("Login fail ".$_POST['who']." ");
     }
 
;
##echo "<head><title>George Thompson</title></head>";
##echo "aaaaaaaaaaaaaaaaaaaaaa";
}
?>
<html>
<head><title>George Thompson</title></head>
<p>Please Log In</p>
<form method="post">
<p>Email:
<input type="text" size="40" name="who"></p>
<p>Password:
<input type="text" size="40" name="password"></p>
<p><input type="submit" value="Login"/>
</form>
<p>
</html>
Retrieved from "https://wiki.twig.es/index.php?title=Code_1_for_login.php&oldid=4221"