prismatix Posted October 6, 2010 Share Posted October 6, 2010 I'm creating a small cms and I want to use the prestashop logins to access the cms I am creating. I have this piece of code. if ($_POST) { connectBD(); $email = mysql_real_escape_string($_POST["email"]); $passwd = mysql_real_escape_string($_POST["passwd"]); if ($email == "" || $passwd == ""){ $erro = "Introduza o seu nome de administrador e password!"; } else { $SQL = 'SELECT * FROM ps_employee WHERE email="' . $email . '"'; $result = mysql_query($SQL); $row = mysql_fetch_array($result); if(mysql_num_rows($result)!=0){ if (md5($passwd)==$row['passwd']){ session_start(); $_SESSION["admin"] = $email; header("Location: inicio.php"); exit; } else { $erro = "Email / Password errados!"; } } else { $erro = "Email / Password errados!"; } } } The problem is the password encryption. How can a solve this? Link to comment Share on other sites More sharing options...
rocky Posted October 7, 2010 Share Posted October 7, 2010 The problem is this line: if (md5($passwd)==$row['passwd']){ It should be: if (md5(_COOKIE_KEY_.$passwd)==$row['passwd']){ PrestaShop salts passwords with the cookie key. Once you've done that, the passwords should work. Link to comment Share on other sites More sharing options...
prismatix Posted October 7, 2010 Author Share Posted October 7, 2010 thanks! it's working! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now