How to validate md5 password with database? [closed]

2

In the database it is already encrypted with md5 , when I try to log in using:

email: [email protected] |
senha: 123456 
**ACESSO NEGADO**

and

email: [email protected] |
senha: criptografada md5
**ACESSO LIBERADO**

Follow the code

<?php include('conecta.php');
mysql_select_db(guara423_gestao) or die('Erro conexão com o banco');
session_start();
?>

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<script>
    function loginsuccessfuly(){
        setTimeout("window.location='index.php'", 1000);
    }
    function loginfailed(){
        setTimeout("window.location='login.php'", 1000);
    }
</script>

</html>
<?php
$email = $_POST['email'];
$senha = $_POST['senha'];
$scodif = md5($senha);

$sql = mysql_query("SELECT * FROM user WHERE email = '$email' and senha = '$scodif'");
$row = mysql_num_rows($sql);

if ($row > 0){
    $_SESSION['email']=$_POST['email'];
    $_SESSION['senha']=$_POST["senha"];
    echo "Logado com Sucesso. Redirecionando...";
    echo "<script>loginsuccessfuly()</script>";
}else{
    echo "Nome de usuário ou senha inválidos.";
    echo "<script>loginfailed()</script>";
}
?>
    
asked by anonymous 22.01.2016 / 03:16

1 answer

1

In the inclusion I would already perform the encryption, as wordpress already does. MySQL already has the function and therefore its inclusion could be:

"INSERT INTO user (email,senha) values (:email, MD5(:senha))"

In the test you could use the function directly:

"SELECT email,senha FROM user WHERE email = :email and senha = MD5(:senha)"
    
22.01.2016 / 12:30