Code 1 for login.php

From MyWiki
Revision as of 11:49, 11 November 2018 by George2 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

< source lang="php">

?php require_once "pdo.php";

// p' OR '1' = '1

if ( isset($_POST['who']) && isset($_POST['password']) ) { 

   $e = htmlentities($_POST['who']);
   $p = htmlentities($_POST['password']);
    $pp = password_hash($p, PASSWORD_DEFAULT);

   $sql = "SELECT email FROM users WHERE email = :em ";
   $stmt = $pdo->prepare($sql);
   $stmt->execute(array(
                       ':em' => $_POST['who']));
   $row = $stmt->fetch(PDO::FETCH_ASSOC);
  1. print_r($row);

echo "\n";

$EMAIL_ADDRESS = $row['email']; 

   $ssql = "SELECT password FROM users WHERE email = :em";
   $sstmt = $pdo->prepare($ssql);
   $sstmt->execute(array(
                       ':em' => $_POST['who']));
   $rrow = $sstmt->fetch(PDO::FETCH_ASSOC);
  1. print_r($rrow);

echo "
"; $HASHED_PW = $rrow['password']; if ( $isValid = password_verify($p, $HASHED_PW)) { 

           error_log("Login success ".$_POST['who']);
           header("Location: autos.php?email=".urlencode($_POST['who']));
           return;
    1. echo "<head><title>George Thompson</title></head>";
    2. echo "ddddddddddddddddddddddddd";

} else {

echo "

LOGIN FAIL

"; 
   if (strpos($_POST['who'], '@') == false ) { echo "who needs @";}
   error_log("Login fail ".$_POST['who']." ");
    }
    1. echo "<head><title>George Thompson</title></head>";
    2. echo "aaaaaaaaaaaaaaaaaaaaaa";

} ?>


</source>

Retrieved from "https://wiki.twig.es/index.php?title=Code_1_for_login.php&oldid=4218"