Code 1 for login.php

From MyWiki
Revision as of 11:50, 11 November 2018 by George2 (Talk | contribs)

Jump to: navigation, search 
?php
require_once "pdo.php";
 
// p' OR '1' = '1
 
if ( isset($_POST['who']) && isset($_POST['password'])  ) {
    $e = htmlentities($_POST['who']);
    $p = htmlentities($_POST['password']);
     $pp = password_hash($p, PASSWORD_DEFAULT);
 
    $sql = "SELECT email FROM users WHERE email = :em ";
    $stmt = $pdo->prepare($sql);
    $stmt->execute(array(
                        ':em' => $_POST['who']));
    $row = $stmt->fetch(PDO::FETCH_ASSOC);
#print_r($row);
echo "\n";
 
$EMAIL_ADDRESS = $row['email'];
    $ssql = "SELECT password FROM users WHERE email = :em";
    $sstmt = $pdo->prepare($ssql);
    $sstmt->execute(array(
                        ':em' => $_POST['who']));
    $rrow = $sstmt->fetch(PDO::FETCH_ASSOC);
#    print_r($rrow);
echo "<br>";
$HASHED_PW = $rrow['password'];
if ( $isValid = password_verify($p, $HASHED_PW)) {
            error_log("Login success ".$_POST['who']);
            header("Location: autos.php?email=".urlencode($_POST['who']));
            return;
##echo "<head><title>George Thompson</title></head>";
##echo "ddddddddddddddddddddddddd";

}
else {
    echo "<p>LOGIN FAIL</p>";
    if (strpos($_POST['who'], '@') == false ) { echo "who needs @";}
    error_log("Login fail ".$_POST['who']." ");
     }
 
;
##echo "<head><title>George Thompson</title></head>";
##echo "aaaaaaaaaaaaaaaaaaaaaa";
}
?>
Retrieved from "https://wiki.twig.es/index.php?title=Code_1_for_login.php&oldid=4219"