Errors when logging in

Question

Errors when logging in

Navigation

#1 by (2 votes)

0

I am having many problems and I do not know how to solve it. I tell you about the problems that are emerging.

The login fails random users, that is, one day it works or another one does not and so ... strange. users that I have changed the pass directly in the database without going through the registry. My user always works, but the one of the others .... no.I do not understand it, I am going to leave my code, in case you see some type of failure. I have to say that this is already in a published website. Obviously I changed the data when doing the database to the database.

<?php session_start();
    if (isset ($_SESSION['usuario'])){
    header('Location: ../php/home.php');
}

$errores = '';
if ($_SERVER['REQUEST_METHOD'] =='POST') {
    $email = filter_var(strtolower($_POST['email']), FILTER_SANITIZE_STRING);
    $password = $_POST['password'];
    $password = hash('sha512', $password);
    try {
        $conexion = new PDO('mysql:host=localhost;dbname=base_de_datos', 'root', ' ') ;
        // la conexión a la base de datos se hace bien.
     } catch (PDOException $e) {
         echo "Error". $e->getMessage();;
     }

     $statement = $conexion->prepare ('SELECT * FROM usuarios WHERE email = :email AND pass = :password');

 $statement->execute(array(
     ':email'=> $email,
     ':password'=>$password
     ));

     $resultado = $statement->fetch();
     if ($resultado !==false) {
         $_SESSION ['usuario'] = $email;
         header('Location: ../php/home.php');
     }else {
         $errores= '<li style="color:red;"> Tu e-mail o contraseña no son correctos</li>';
     }
}
?>

<form class="text-center formulario" style="color: #757575;" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" method="POST" name="login">
<!-- Email -->
<div class="md-form">
<input type="email" id="materialLoginFormEmail" class="form-control" name="email">
<label for="materialLoginFormEmail">E-mail</label>
</div>
<!-- Password -->
<div class="md-form">
<input type="password" id="materialLoginFormPassword" class="form-control" name="password">
<label for="materialLoginFormPassword">Contaseña</label>
</div>
<div class="d-flex justify-content-around">
<div>
<!-- Forgot password -->
<a href=""></a>
</div>
</div>
<!-- Sign in button -->
<div class="text-center mt-4">
<button class="btn btn-warning btn-lg  mt-4" onclick="login.submit()">Login</button>
</div>
<br>
<br>
<?php if(!empty($errores)):?>
       <div class="error">
                     <ul>
                         <?php echo $errores;?>
                     </ul>
                 </div>
                 <?php endif;?>
                 <br>
                 <br>
<!-- Register -->
<p>¿No eres miembro?
<a href="php/registro.php">Registrate</a>
</p>
            </div>
        </div>
       </form>

php

asked by 19.08.2018 в 15:01

source

1 answer

How to use the radio button c # What is the correct syntax of input and label in a fomurlario?

score 2 · Answer 1

Your code is fine, the only error I see is when making the log, since you are encrypting the password at the time of sending it to ask your database. I think it is important to clarify that when you encrypt a password, you add something called SALT (salt) which is COMPLETELY RANDOM every time you encrypt, therefore if you encrypt this password when you send to request the data, it is a 99% probably not the same as the one stored in your database. You can use the password_verify($passIngresadaPorUsuario,$passEncriptadaEnBaseDeDatos); method

I enclose a code that can help you:

<?php 
    session_start();
    if (isset ($_SESSION['usuario'])){
    header('Location: ../php/home.php');
}

$errores = '';
if ($_SERVER['REQUEST_METHOD'] =='POST') {
    $email = filter_var(strtolower($_POST['email']), FILTER_SANITIZE_STRING);
    $password = $_POST['password'];

    try {
        $conexion = new PDO('mysql:host=localhost;dbname=base_de_datos', 'root', ' ') ;
       // la conexión a la base de datos se hace bien.
     } catch (PDOException $e) {
        echo "Error". $e->getMessage();;
     }   

     $queryPass = $conexion->prepare("SELECT pass FROM usuarios WHERE email = :email");

     $queryPass->execute([
         ':email' => $email
     ]);

     $passBBDD = $queryPass->fetchAll(PDO::FETCH_ASSOC);

     if(password_verify($password, $passBBDD['pass'])){
          $_SESSION ['usuario'] = $email;
          header('Location: ../php/home.php');
     }else {

          $errores= '<li style="color:red;"> Tu e-mail o contraseña no son correctos</li>';
     }
}
?>