This question already has an answer here:
I want to haveh my passwords in the right way from my login form. So far I have not succeeded. Since he then sees the hash as the password in the database and does not grab the normal password. Can anyone help me with this?
This is my code:
<?php
session_start();
if (isset($_POST['login'])) {
if (isset($_POST['username']) && isset($_POST['password'])) {
include_once("../include/dbcon.php");
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $conn->prepare("SELECT * FROM personeelsgegevens WHERE Personeelsnummer = :Personeelsnummer AND Voucher = :Voucher");
$stmt->bindParam(":Personeelsnummer", $username);
$stmt->bindParam(":Voucher", $password);
$stmt->execute();
if ($stmt->rowCount() == 1){
if($r = $stmt->fetch(PDO::FETCH_ASSOC)){
echo "<script>alert('Succesvol ingelogd'); window.location='../php/activiteiten.php'</script>";
$_SESSION["id"] = $r['Personeelsnummer'];
$_SESSION["rol"] = "personeel";
exit();
}
}else {
$stmt = $conn->prepare("SELECT * FROM users WHERE user_name = :user_name AND password = :password");
$stmt->bindParam(":user_name", $username);
$stmt->bindParam(":password", $password);
$stmt->execute();
if ($stmt->rowCount() == 1){
if($r = $stmt->fetch(PDO::FETCH_ASSOC)){
echo "<script>alert('Succesvol ingelogd als admin'); window.location='../php/admin.php'</script>";
$_SESSION["id"] = $r['gebruikersID'];
$_SESSION["rol"] = "admin";
exit();
}
} else {
echo "<script>alert('Niet juist ingelogd check je gebruikersnaam en/of wachtwoord'); window.location='../php/inloggen.php'</script>";
exit();
}
}
}else {
echo "<script>alert('Niet juist ingelogd check je gebruikersnaam en/of wachtwoord'); window.location='../php/inloggen.php'</script>";
exit();
}
}else {
echo "<script>alert('Niet juist ingelogd check je gebruikersnaam en/of wachtwoord'); window.location='../php/inloggen.php'</script>";
exit();
}
?>
</div>