I have a problem with a login form, below the current codes.
I'm using the method via POST, which is that it is not sending the post in MD5 for comparison in the DB.
In the database the password is already registered in MD5, but when sending the data by this form for it to finish the login it does not convert the password.
Does anyone know where the error is?
form login
<form id="1" name="1" action="pass.php" method="post">
<div class="login">
<input placeholder="Usuário" type="text" id="username" size="25" name="name" /><br>
<input placeholder="Senha" id="pass" type="password" size="25" name="pass" /><br>
<input type="submit" name="_2" value="Login" />
<input type="hidden" name="ed_type" value="" />
<input type="hidden" name="redirect" value="<? echo $redirect;?>" />
</div>
</form>
pass.php
<?php
session_start();
$usuario_admin = isset($_SESSION['1x11']) ? $_SESSION['1x11'] : '';
include("conf.inc.php");
include("conectar.php");
$query = "select * from admin where username='" . $_POST["name"] . "' and pass=MD5('" . $_POST["pass"] . "')";
$result = mysql_query($query, $db);
$row = mysql_fetch_array($result);
$total = mysql_num_rows($result);
$name = $_POST['name'];
$pass = $_POST['pass'];
$ADMIN_USERNAME = $row["username"];
$ADMIN_PASSWORD = $row["pass"];
if ($total > 0) {
if ($name == $ADMIN_USERNAME && $pass == $ADMIN_PASSWORD) {
if ($usuario_admin != '')
$_SESSION['1x11'] = "";
$_SESSION["1x11"] = $name;
$_SESSION['logedin'] = true;
$_SESSION["type"] = $row["type"];
$_SESSION["usrname"] = $name;
$_SESSION["logid"] = $row["id"];
header("Location:index2.php");
}
} else {
header("Location:index.php?id=1");
}
?>
Post information submitted using TAMPER DATA:
Host=dominio.com
User-Agent=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding=gzip, deflate
Referer=http://dominio.com/admin/index.php?id=1
Cookie=PHPSESSID=1d5d5r8hlp6hnebv9pa115d8r
Connection=keep-alive
Upgrade-Insecure-Requests=1
Content-Type=application/x-www-form-urlencoded
Content-Length=59
POSTDATA=name=admin&pass=admin&_2=Login&ed_type=&redirect=
NEW ERROR:
Notice: date_default_timezone_set() [function.date-default-timezone-set]: Timezone ID '-03:00' is invalid in /home/user/public_html/admin/adm.config.inc.php on line 15
Notice: date_default_timezone_set() [function.date-default-timezone-set]: Timezone ID '-03:00' is invalid in /home/user/public_html/admin/conf.inc.php on line 3
Notice: Undefined variable: timezone_set in /home/user/public_html/admin/conectar.php on line 9
Notice: Use of undefined constant hora - assumed 'hora' in /home/user/public_html/admin/conectar.php on line 14
connect.php
<?php
include_once("conf.inc.php");
$db=mysql_connect($DBSERVER, $USERNAME, $PASSWORD);
if (!$db) die('Não foi possivel conectar: ' . mysql_error());
mysql_select_db($DATABASENAME,$db);
if ($timezone_set=="")$timezone_set="America/Sao_Paulo";
$sql = mysql_query("Set @@global.timezone = '".$timezone_set."';");
$sql = mysql_query("Select Now() as hora");
$dados=mysql_fetch_array($sql);
$Hora_Servidor_MySQL = date('Y/m/d H:i:s',strtotime($dados[hora]));
?>