Password hashed Login

**boots** · 03-07-2017, 12:52

Mi sa che hai fatto un po' di casino con il login. Dovresti fare una cosa del genere:

Codice PHP:



if (isset($_POST['username'])){                                                                                
   ...tutti i parametri..                        
   $password = stripslashes($_POST['password']);                                        
   $password = mysqli_real_escape_string($con,$password);
   $result = mysqli_query($con, "SELECT * FROM users WHERE username='$username' ");
   $user = mysqli_fetch_assoc($con,$result);
   if(!$user){
        // Utente non trovato;
   }
   if(password_verify($password, $user['password_hash'])){
       // login ok
   }else{
       //  login errato
   }

}

**Davide Cat** · 03-07-2017, 15:14

Una cosa del genere?

Codice PHP:


$password = stripslashes($_REQUEST['password']);                                        
$password = mysqli_real_escape_string($con,$password);
//Checking is user existing in the database or not                                        
$query = "SELECT * FROM `users` WHERE username='$username' and birthdate='$birthdate' and activated='1'";                                        
$result = mysqli_query($con,$query) or die(mysql_error());                                        
$user = mysqli_fetch_assoc($result);                                        
if(password_verify($password, $user['crypt_password'])){                                      
$_SESSION['username'] = $username;                                            
$_SESSION['tentativi_login']=0;                                            
header("Location: home.php"); // Redirect user to homepage                                            
}else{                                                
$_SESSION['username'] = $username;                                                
echo $_SESSION['username'];                                                
$_SESSION['tentativi_login']= $_SESSION['tentativi_login']+1;
if ($_SESSION['tentativi_login'] <= 2) {                                                    
echo "<div class='form'><h3>Username/password is incorrect or account is not active.</h3><br/>Click here to <a href='login.php'>Login</a> to try again otherwise check your email.</div>";     
}else{                                                        
echo '
<form role="form" name ="registration" action="login.php" method="post" class="login-form">           

<div class="g-recaptcha" data-sitekey="6LelkCAUAAAAAGuitSFVJrwUAigkUpxfCqV1j5jt"></div>           

<button type="submit" class="btn" name="Signup" value="register">Retry</button>                         </form>                                                        
';                                                    
$_SESSION['tentativi_login']=0;                                                
}                                            
}         
}else{

Discussione: Password hashed Login

Strumenti discussione

Ricerca discussione

Visualizza

Hybrid View

Tag per questa discussione

Permessi di invio