Problem PHP,as incluit md5 in this script

[Ryen 44]

Hi forum!

 

 

Im have one problem to script my website.

 

the problem that tells me incorrect password to login that the script is not configured to read MD5

 

<?php 

include("config.inc.php"); //incluye el archivo de conexion con la base de datos

if(!isset($_SESSION)){
 session_start();
}

$user=$_POST['txt']; //trae los datos del input "txt"
$pass=$_POST['pw']; //trae los datos del input "pw"

/*consulta a la base de datos, solo traemos todos los datos 
donde el usuario sea el que escribieron en el form de ingreso,
esto es porque mi registro no admite 2 usuarios iguales, calculo que el tuyo tampoco*/
$consulta="SELECT * FROM account WHERE login='".$user."'"; 
$result=mysqli_query($con,$consulta) or die (mysql_error());
$fila=mysqli_fetch_array($result);

/*Si el resultado de la consulta da 0, le enviamos un alert de javascript avisando que
el usuario no existe*/

if(!$fila[0]){
 echo '<script language=javascript>
   alert("Usuario incorrecto")
   window.location="../index.php"
  </script>';
}

/*Si encuentra al usuario, pasamos a comprobar si la contraseña es la correcta*/
else{
$userpassword = 'PASSWORD('_$pass_')';
if($userpassword !=$fila['password']){
      echo '<script language=javascript>
       alert("Contraseu00F1a incorrecta")
       window.location="../index.php"
      </script>';
     }
     /*Sino, definimos las variables de sesion y redirigimos al usuario a la pagina que queremos.. en tu caso, el panel de control*/
     else{
      $_SESSION['id'] = $fila['id'];
      $_SESSION['login'] = $fila['login'];
      echo '<script language=javascript>
       alert("Has iniciado sesion correctamente")
       window.location="../index.php"
      </script>';
     }
    }
    ?>

 

PICTURE MY WEB

King regards

Edited August 19, 2022 by Metin2 Dev
Core X - External 2 Internal

[metin2team 747]

change this:

$consulta="SELECT * FROM account WHERE login='".$user."'"; 

to

$consulta="SELECT * FROM account WHERE login='".$user."' AND password=PASSWROD('".$pass."')"; 

it will work.

 

you shouldn't tell a visitor if the password is wrong or the username is wrong that will make someone tries until he hacks into an account.

 

you can just say

 

the username and password didn't match!

 

also always keep in mind filtering all of your inputs.

 

good luck.

[Sean 11]

change this:

$consulta="SELECT * FROM account WHERE login='".$user."'"; 

to

$consulta="SELECT * FROM account WHERE login='".$user."' AND password=PASSWROD('".$pass."')"; 

it will work.

 

you shouldn't tell a visitor if the password is wrong or the username is wrong that will make someone tries until he hacks into an account.

 

you can just say

 

the username and password didn't match!

 

also always keep in mind filtering all of your inputs.

 

good luck.

Correct.

$consulta="SELECT * FROM account WHERE login='".$user."' AND password=PASSWROD('".$pass."')"; 

to

$consulta="SELECT * FROM account WHERE login='".$user."' AND password=PASSWORD('".$pass."')"; 

example:

$consulta = "SELECT * FROM account WHERE login='".$user."' AND password=PASSWORD('".$pass."')"; 
$result=mysqli_query($con,$consulta) or die (mysql_error());
$fila=mysqli_fetch_array($result);

if($fila > 0) {
	echo 'succesful';
} else {
	echo 'failure';
}

kind regards.