I created a simple log-in form in php to access an archive with user and password (encrypted in MD5 without hash or salt).
I then decided to insert a filter in the archive page (to filter only results of a specific date).
When I run the filter the page no longer finds the user and password pair and redirects me to the login page.
The file is Archivio.php
Code without filter:
<?php
$utente = $_POST["Utente"];
$password = $_POST["Password"];
$password = md5($password);
$id=
$sql=mysqli_query($mysqli, "select * from Utenti_Archivio where Utente='".$utente."' and Password='".$password."'");
if (mysqli_num_rows($sql) == 1){
}
else{
header( "Location: Login.html" );
die;
}
$querySQL = mysqli_query($mysqli, "select Nome,Cognome,Ospitante,Sede,`Ora entrata`,`Ora uscita`,Giorno from `Archivio`");
?>
Code with filter:
<div class="filtro">
<form method="POST">
<div class="textfiltro">
Filtra per giorno:
</div>
<div class="field">
<input type="text" name="data" id="data">
</div>
<div>
<button class="filtrobutton">FILTRA</button>
</div>
</form>
</div>
<?php
$utente = $_POST["Utente"];
$password = $_POST["Password"];
$password = md5($password);
$id=
$sql=mysqli_query($mysqli, "select * from Utenti_Archivio where Utente='".$utente."' and Password='".$password."'");
if (mysqli_num_rows($sql) == 1){
}
else{
header( "Location: Login.html" );
die;
}
$data = $_POST["data"];
if (!empty($data)) {
$querySQL = mysqli_query($mysqli, "SELECT Nome,Cognome,Ospitante,Sede,`Ora entrata`,`Ora uscita`,Giorno FROM `Archivio` WHERE Giorno = '$data'");
} else {
$querySQL = mysqli_query($mysqli, "SELECT Nome,Cognome,Ospitante,Sede,`Ora entrata`,`Ora uscita`,Giorno FROM `Archivio`");
}
?>
Login html file
<body>
<div class="login-form">
<form id="host" action="Archivio.php" method="post">
<div class="field">
<input type="text" name="Utente" placeholder="Utente" required>
</div>
<div class="field">
<input type="password" name="Password" placeholder="Password" required>
</div>
<button type="submit">ENTRA</button>
</form>
<button onclick="document.location='Home.html'">INDIETRO</button>
<button onclick="location.reload()">RIPRISTINA</button>
</div>
</body>
Can you help me?
I have tried moving the credential verification query after the filter and using the get method for the filter but it does not solve the problem.