Login and wrong password with php


Good afternoon, I'm creating a simple login and password system but I came across some strange errors, when I put the email and the password and I try to enter it it accuses me that the password is wrong, and I check the database the information is correct , I do not know why but here are two images for you to understand ...

the first image is the bank information ...




if(isset($_POST['email']) && strlen($_POST['email']) > 0){


    $_SESSION['email'] = $mysqli -> escape_string($_POST['email']);
    $_SESSION['senha'] = md5(md5($_POST['senha']));

    $sql_code = "SELECT senha, codigo FROM usuario WHERE email = '$_SESSION[email]'";
    $sql_query = $mysqli -> query($sql_code) or die ($mysqli -> error);
    $dado = $sql_query->fetch_assoc();
    $total = $sql_query-> num_rows;

    if($total == 0){
        $erro[] = "Este email não pertence a nenhum usuário.";
        if($dado['senha'] == $_SESSION['senha']){

            $_SESSION['usuario'] = $dado['codigo'];

        } else{

            $erro[] = "Senha incorreta.";


    if(count($erro) == 0 || !isset($erro)){
        echo "<script>alert('Login efetuado com sucesso... Seja bem vindo'); location.href='sucesso.php';</script>";



<?php if(count($erro) > 0)
        foreach($erro as $msg){
            echo "<p>$msg</p>";


    <form method="POST" action="">
    <input value="" type="text" placeholder="email" name="email">
    <input type="password" name="senha">

        <input type="submit" value="Entrar">




Someone could help me, I'm studying this part of php and with database ....

asked by anonymous 24.12.2016 / 19:17

1 answer


This gives the "password is wrong" because in BD you have 1234 in "plain-text" and then you will compare it with a hash ( md5(md5($_POST['senha'])) ), ie the password you have stored in the database is different from the hash password you are comparing it to, 1234! = md5 (md5 (1234)) ...

That said, what you should do is also insert the hash in the DB so that the comparison, if the correct password, is equal. Instead of storing in DB as "1234" you should also enter it as hash also md5(md5(1234)); , so that when you compare with the password entered in the login both are equal and login is successful.

NOTE: Yesterday I answered a question that had to do with MD5, although this theme is not relevant to this issue, you might want to know this: Password Encryption in MD5?

24.12.2016 / 19:48