Database to work after a few hours

2

Hello, in this registration system, I get the information entered and I play it in a database.

    include("connection.php");
require("blowfish.php");

$login = $_POST['login_cadastro'];
$senha = $_POST['senha_cadastro'];
$confirmarsenha = $_POST['confirmarsenha_cadastro'];
$email = $_POST['email_cadastro'];

if($senha != $confirmarsenha)
{   
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
          <script type='text/javascript'>alert('As senhas estão diferentes')</script>";
}
else
{
    $mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
    $stmt = $mysqli->prepare("SELECT * FROM usuarios WHERE login = ? OR email = ?");
    $stmt->bind_param('ss', $login, $email);
    $stmt->execute();

    while($linha = mysqli_fetch_array($sqlpegar))
    {   
        $login_db = $linha['login'];
        $email_db = $linha['email'];
    }

    if($login_db == $login)
    {
        echo "  <meta http-equiv='refresh' content='0'>
                <script type='text/javascript'>alert('Esse usuario já existe')</script>";
    }
    if($email_db == $email)
    {
        echo "  <meta http-equiv='refresh' content='0'>
                <script type='text/javascript'>alert('Esse email já esta sendo usado')</script>";
    }
    else
    {   
        $senha = hash_password($senha);
        $mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
        $stmt = $mysqli->prepare("INSERT INTO usuarios(login, senha, email) VALUES (?, ?, ?)");
        $stmt->bind_param('sss', $login, $senha, $email);
        $stmt->execute();

        header("location: index.php");  
    }
}
mysqli_close($coneccao);
return false;

And as you can see I do not allow emails or logins alike.

After registering, the login works perfectly.

<?
include "connection.php";
require "blowfish.php";

$login = $_POST['login_entrar'];
$senha = $_POST['senha_entrar'];

$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
$stmt = $mysqli->prepare("SELECT * FROM usuarios WHERE login = ?");
$stmt->bind_param('s', $login);
$stmt->execute();

while($linha = mysqli_fetch_array($sql))
{
    $senha_db = $linha['senha'];
    $login_db = $linha['login'];
}

$cont = mysqli_num_rows($sql);

if($login_db != $login || $login == "")
{       
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
    <script type='text/javascript'>alert('Este usuario não existe')</script>";      
}
else
{
    if(verifica_hash($senha, $senha_db))
    {
        session_start();
        $_SESSION['login_usuario'] = $login;

        header("location: index.php");         
    }
    else{   
        echo "<meta http-equiv='refresh' content='0; url=index.php'>
            <script type='text/javascript'>alert('Senha incorreta')</script>";  
    }
}
mysqli_close($coneccao);

? >

But after a few hours if I try to login, it says that the user does not exist, but in the database the user is there and I can create a new account with the same name that I created a few hours ago.

Note: The site is hosted in a VPS.

    
asked by anonymous 17.05.2015 / 03:16

1 answer

5

Your logic is wrong.

while($linha = mysqli_fetch_array($sqlpegar))
{   
    $login_db = $linha['login'];
    $email_db = $linha['email'];
}

In this section you end up with only the data of the last record, so only the last registered person can log in and in checking for existence the comparison also only happens with the last registered user name.

Well after updating the question and discussion the final code should look similar to this.

include("connection.php");
require("blowfish.php");

$login = $_POST['login_cadastro'];
$senha = $_POST['senha_cadastro'];
$confirmarsenha = $_POST['confirmarsenha_cadastro'];
$email = $_POST['email_cadastro'];

$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');

if($senha != $confirmarsenha)
{   
    echo "<meta http-equiv='refresh' content='0; url=index.php'>
          <script type='text/javascript'>alert('As senhas estão diferentes')</script>";
}
else
{
    $stmt = $mysqli->prepare("SELECT login, email FROM usuarios WHERE login = ? OR email = ?");
    $stmt->bind_param('ss', $login, $email);
    $stmt->execute();

    $stmt->bind_result($login_db, $email_db);
    if($stmt->fetch())
    {   
        if($login_db == $login)
        {
            echo "  <meta http-equiv='refresh' content='0'>
                    <script type='text/javascript'>alert('Esse usuario já existe')</script>";
        }
        else if($email_db == $email)
        {
            echo "  <meta http-equiv='refresh' content='0'>
                    <script type='text/javascript'>alert('Esse email já esta sendo usado')</script>";
        }
    }
    else
    {   
        $senha = hash_password($senha);
        $stmt = $mysqli->prepare("INSERT INTO usuarios(login, senha, email) VALUES (?, ?, ?)");
        $stmt->bind_param('sss', $login, $senha, $email);
        $stmt->execute();

        header("location: index.php");  
    }
}

return false;

and

include "connection.php";
require "blowfish.php";

$login = $_POST['login_entrar'];
$senha = $_POST['senha_entrar'];

$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
$stmt = $mysqli->prepare("SELECT login, senha FROM usuarios WHERE login = ?");
$stmt->bind_param('s', $login);
$stmt->execute();

$stmt->bind_param('ss', $login_db, $senha_db);
if($stmt->fetch())
{
    if($login == "")
    {       
        echo "<meta http-equiv='refresh' content='0; url=index.php'>
        <script type='text/javascript'>alert('Este usuario não informado')</script>";      
    }
    else
    {
        if(verifica_hash($senha, $senha_db))
        {
            session_start();
            $_SESSION['login_usuario'] = $login;

            header("location: index.php");         
        }
        else
        {   
            echo "<meta http-equiv='refresh' content='0; url=index.php'>
                <script type='text/javascript'>alert('Senha incorreta')</script>";  
        }
    }
}
    
17.05.2015 / 04:17