if-statement: Hot to pass $_SESSION to my not secure log in to my hash login PHP

i have a little problem i have two login first it s not secure login build to md5('$password') second login with hash algoritm password i post both . I want pass the variable about the $_SESSION but i can't to build it . I post what i want to not secure login

I want this

if(is_array($row) && !empty($row))
{
 $validuser = $row['email'];
 $_SESSION['name_session'] = $validuser;
 $_SESSION['nome'] = $row['nome'];
 $_SESSION['id'] = $row['id'];
}

and this

if(isset($_SESSION['name_session']))
{
echo "CODE";
header('Location: FOLDER/FILE.php');
}

Post not secure login

<?php include'header.php'; ?>
<?php session_start(); ?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<link rel="icon" href="../../../../favicon.ico">

<title>Signin Template for Bootstrap</title>

</head>

<div class="container">
<div class="row">
<div class="col-md-3"></div>
<div style="text-align: center;" class="col-md-6">
<?php
include("connessione.php");
if(isset($_POST['submit']))
{
$email = mysqli_real_escape_string($connessione, $_POST['email']);
$password = mysqli_real_escape_string($connessione, $_POST['password']);

if(
$email == "" ||
$password == "")
{
    echo "CAMPI VUOTI.";
    echo "<br/>";
    echo "<a href='User/index.php'>Go back</a>";
} else {

$result = mysqli_query($connessione, "SELECT * FROM utenti WHERE email='$email' AND
password=md5('$password')")
 or die("Could not execute the select query.");

$row = mysqli_fetch_assoc($result);
if(is_array($row) && !empty($row))
{
      $validuser = $row['email'];
      $_SESSION['sessione_valida'] = $validuser;
      $_SESSION['nome'] = $row['nome'];
      $_SESSION['id'] = $row['id'];
} else

{
      echo "EMAIL O PASSWORD ERRATI.";
      echo "<br/>";
      echo "<a href='accesso.php'>Go back</a>";
}

if(isset($_SESSION['sessione_valida']))
{
  echo "<div style='text-align:center;' class='col-md-12'>
<h3>Accesso effettuato correttamente</h3>
</div>
<div style='text-align:center;' class='col-md-12'>
<a href='User/index.php'><input class='btn btn-primary btn-lg btn-block' type='submit' name='submit' value='Accedi'></a>
</div>";
  header('Location: User/index.php');
} }
} else {
?>
<form name="form1" method="post" class="form-signin">
<img class="mb-4" src="https://getbootstrap.com/assets/brand/bootstrap-solid.svg" alt="" width="72" height="72">
<h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<div class="checkbox mb-3">

      </div>
<input class="btn btn-primary btn-lg btn-block" type="submit" name="submit" value="Accedi">
      <p class="mt-5 mb-3 text-muted">&copy; 2017-2018</p>
    </form>
    <?php
} ?>
</div>
<div class="col-md-3"></div>
</div>
</div>
</html>

And i want implement two if in my new hash algoritm password

<?php include'header.php'; ?>
<?php session_start(); ?>
<?php
$msg = "";

if (isset($_POST['submit'])) {
include 'connessione.php';

$email = $connessione->real_escape_string($_POST['email']);
$password = $connessione->real_escape_string($_POST['password']);

$sql = $connessione->query("SELECT id, password FROM titolare_azienda WHERE email='$email'");

if ($sql->num_rows > 0) {
$data = $sql->fetch_array();

if (password_verify($password, $data['password'])) {
$msg = "You have been logged IN! <a href='User/index.php'>vai</a>";
}

else
$msg = "Please check your inputs!";

} else
$msg = "Please check your inputs!";

}

?>

<?php if ($msg != "") echo $msg . "<br><br>"; ?>

<form method="post" action="accesso.php">
<input class="form-control" name="email" type="email" placeholder="Email..."><br>
<input class="form-control" minlength="5" name="password" type="password" placeholder="Password..."><br>
<input class="btn btn-primary" name="submit" type="submit" value="Log In"><br>
</form>

if-statement

samedi 14 avril 2018

Hot to pass $_SESSION to my not secure log in to my hash login PHP

Aucun commentaire:

Enregistrer un commentaire