Hello, in this registration system, I get the information entered and I play it in a database.
include("connection.php");
require("blowfish.php");
$login = $_POST['login_cadastro'];
$senha = $_POST['senha_cadastro'];
$confirmarsenha = $_POST['confirmarsenha_cadastro'];
$email = $_POST['email_cadastro'];
if($senha != $confirmarsenha)
{
echo "<meta http-equiv='refresh' content='0; url=index.php'>
<script type='text/javascript'>alert('As senhas estão diferentes')</script>";
}
else
{
$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
$stmt = $mysqli->prepare("SELECT * FROM usuarios WHERE login = ? OR email = ?");
$stmt->bind_param('ss', $login, $email);
$stmt->execute();
while($linha = mysqli_fetch_array($sqlpegar))
{
$login_db = $linha['login'];
$email_db = $linha['email'];
}
if($login_db == $login)
{
echo " <meta http-equiv='refresh' content='0'>
<script type='text/javascript'>alert('Esse usuario já existe')</script>";
}
if($email_db == $email)
{
echo " <meta http-equiv='refresh' content='0'>
<script type='text/javascript'>alert('Esse email já esta sendo usado')</script>";
}
else
{
$senha = hash_password($senha);
$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
$stmt = $mysqli->prepare("INSERT INTO usuarios(login, senha, email) VALUES (?, ?, ?)");
$stmt->bind_param('sss', $login, $senha, $email);
$stmt->execute();
header("location: index.php");
}
}
mysqli_close($coneccao);
return false;
And as you can see I do not allow emails or logins alike.
After registering, the login works perfectly.
<?
include "connection.php";
require "blowfish.php";
$login = $_POST['login_entrar'];
$senha = $_POST['senha_entrar'];
$mysqli = new mysqli('localhost', 'root', 'MINHASENHA', '');
$stmt = $mysqli->prepare("SELECT * FROM usuarios WHERE login = ?");
$stmt->bind_param('s', $login);
$stmt->execute();
while($linha = mysqli_fetch_array($sql))
{
$senha_db = $linha['senha'];
$login_db = $linha['login'];
}
$cont = mysqli_num_rows($sql);
if($login_db != $login || $login == "")
{
echo "<meta http-equiv='refresh' content='0; url=index.php'>
<script type='text/javascript'>alert('Este usuario não existe')</script>";
}
else
{
if(verifica_hash($senha, $senha_db))
{
session_start();
$_SESSION['login_usuario'] = $login;
header("location: index.php");
}
else{
echo "<meta http-equiv='refresh' content='0; url=index.php'>
<script type='text/javascript'>alert('Senha incorreta')</script>";
}
}
mysqli_close($coneccao);
? >
But after a few hours if I try to login, it says that the user does not exist, but in the database the user is there and I can create a new account with the same name that I created a few hours ago.
Note: The site is hosted in a VPS.