PHCalculator - Open Source

Messages
901
Reaction score
2,532
Points
790
Location
Netherlands
Code:
session_start();
    $saltmd5 = '_ddc';
   
    if(isset($_POST['password']))
    {
        require_once("db_conn.php");
        $encrypt_password = MD5($_POST['password'] . $saltmd5);
       
        $query = "SELECT * FROM admin WHERE password='$encrypt_password'";
       
        $result = $mysqli->query($query);
       
        $row_count = $result->num_rows;
        if ($row_count > 0) {
            $_SESSION['session_access'] = true;
            header("Location: ./admin.php");
        }
        mysqli_close($mysqli);
    }

Just a little tip for in the future, use password_hash and password_verify instead of MD5... one rainbow table and your passwords are out there. Also your code is a tad prone to SQL injections, use PDO instead of mysqli for cleaner and safer MySql usage.
 
Messages
2,614
Reaction score
4,226
Points
845
calling the injection god @Henkspenk

9e80a51837.png

some slogan about not having alzheimers and not forgiving here
 
Top