Segurança em verificar e validar usuário com PHP PDO

3 de março de 2021 0 Por sudoroot

database.php

// HOST MYSQL - FORUM IPB
$host_ipb="127.0.0.1";
$db_ipb="forum";
$user_ipb="root";
$userpass_ipb="root";
try {
$con_ipb = new PDO("mysql:host=$host_ipb;dbname=$db_ipb",$user_ipb,$userpass_ipb,array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}

functions.php

function login($con_ipb, $email, $senha){

/* Verificando o members_pass_salt do email solicitado */
$dados_email=array(':email'=>$email);
$p_query_email = $con_ipb->prepare("SELECT * FROM ipb_core_members WHERE email=:email");
$p_query_email->execute($dados_email);
$usuario_email = $p_query_email->fetchAll(PDO::FETCH_OBJ);

foreach ($usuario_email as $usuario_email2) {
$members_pass_salt = $usuario_email2->members_pass_salt;
}

/* Conversão da senha para members_pass_hash do IPB */
$members_pass_hash = crypt( $senha, '$2a$13$' . $members_pass_salt );

/* Fazendo checagem de email e senha(members_pass_hash) e autorizando a sessão */
$dados_user_pass=array(':email'=>$email,':members_pass_hash'=>$members_pass_hash);
$p_query_verifica = $con_ipb->prepare("SELECT * FROM ipb_core_members WHERE email=:email and members_pass_hash=:members_pass_hash");
$p_query_verifica->execute($dados_user_pass);
$email_senha = $p_query_verifica->fetch(PDO::FETCH_OBJ);
$error_data = false;
if ($email_senha) {
ini_set('default_charset','UTF-8');
$_SESSION["email_senha"]=$email_senha;
$_SESSION['email'] = $email;
header("Location:dashboard.html");
}else{
header("Location:error.html");
}}

verificar.php

require_once('configs/functions.php');
$email = $_POST['email'];
$senha = $_POST['senha'];
echo login($con_ipb, $email, $senha).PHP_EOL;