-2

Hello i have a script for login and i'm using SHA512 for encryping pass. The thing is my script somehow doesnt fetch info with database table and i dont know why. My script returns "error_msg". Here is my code

<?php

session_start();
include ('engine/core/dbconfig.php');   
$password=$_POST['password'];
$username=$_POST['username'];

if ($password='' or $username='') {
    echo 'mandatory';
} else {
    $stmt = $dbh->prepare("SELECT * FROM Admin_Local where Username=:username and Password=:hashed"); 
    $stmt->bindParam(':username', $username);
    $stmt->bindParam(':hashed', $hash);
    $hash = hash('sha512', $password);
    $stmt->execute();

    if ($row = $stmt->fetch()) {
        $_SESSION['admin_local']=$row['ID_Admin'];
        echo''.$_SESSION['admin_local'].'';
    } else {
        echo 'error_msg';
    }
}
Crouching Kitten
  • 1,135
  • 12
  • 23
user3058067
  • 307
  • 6
  • 18
  • Unfortunately, questions like "please tell me what's wrong with my code" are offtopic on this site. You have to learn to program first. – Your Common Sense Jun 04 '14 at 11:57
  • I think you misunderstood `SHA512` encrypted password only on checking time – Ranjith Jun 04 '14 at 11:59
  • I dont get why you're so harsh your common sense. That error_msg is not supposed to recive error msg from sql, it's for ajax data return.My question was why it doesnt set the session since username and password are the same with database values – user3058067 Jun 04 '14 at 12:10

1 Answers1

2

The line below is always false and assigns an empty line to the username and password. Change this line:

if ($password='' or $username='')

to 

 if ($password=='' or $username=='')

Also, you should use something like password_hash for hashing your passwords.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
undone
  • 7,857
  • 4
  • 44
  • 69