Difference between revisions of "Code 1 for login.php"
From MyWiki
(Created page with "< source lang="php"> ?php require_once "pdo.php"; // p' OR '1' = '1 if ( isset($_POST['who']) && isset($_POST['password']) ) { $e = htmlentities($_POST['who']); $p...") |
(No difference)
|
Revision as of 11:49, 11 November 2018
< source lang="php">
?php require_once "pdo.php";
// p' OR '1' = '1
if ( isset($_POST['who']) && isset($_POST['password']) ) {
$e = htmlentities($_POST['who']);
$p = htmlentities($_POST['password']);
$pp = password_hash($p, PASSWORD_DEFAULT);
$sql = "SELECT email FROM users WHERE email = :em ";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
':em' => $_POST['who']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
- print_r($row);
echo "\n";
$EMAIL_ADDRESS = $row['email'];
$ssql = "SELECT password FROM users WHERE email = :em";
$sstmt = $pdo->prepare($ssql);
$sstmt->execute(array(
':em' => $_POST['who']));
$rrow = $sstmt->fetch(PDO::FETCH_ASSOC);
- print_r($rrow);
echo "
";
$HASHED_PW = $rrow['password'];
if ( $isValid = password_verify($p, $HASHED_PW)) {
error_log("Login success ".$_POST['who']);
header("Location: autos.php?email=".urlencode($_POST['who']));
return;
- echo "<head><title>George Thompson</title></head>";
- echo "ddddddddddddddddddddddddd";
} else {
echo "LOGIN FAIL
"; if (strpos($_POST['who'], '@') == false ) { echo "who needs @";}
error_log("Login fail ".$_POST['who']." ");
}
- echo "<head><title>George Thompson</title></head>";
- echo "aaaaaaaaaaaaaaaaaaaaaa";
} ?>
</source>
