How to create an insecure authorization?

D

Denis Demin2019-10-16 11:25:37

PHP

Denis Demin, 2019-10-16 11:25:37

Hello, the idea is simple, but it doesn't work for me. So, there is authorization, registration. everything works great.
but there was a need (do not ask why) to authorize users using a password already entered in the database.
Can you tell me what needs to be corrected? Here is the code:

<?php 
  require 'db.php';
  $data = $_POST;
  if ( isset($data['do_login']) )
  {
    // echo password_hash($data['password'], PASSWORD_DEFAULT);
    $login = $data['login'];
    $user_pass = md5($data['password']);
    
    $user = $DBH->query("SELECT * FROM МОЯ БАЗА ДАННЫХ WHERE login = '$login' AND password = '$user_pass'");
    $user->execute();
    $row = $user->fetch();
    if (isset($row['id']))
    {
      //логин существует
        //если пароль совпадает, то нужно авторизовать пользователя
        $_SESSION['login'] = $row['login'];
        $_SESSION['password'] = $row['password'];
        switch ($row['status']) {
          case 'superadmin':
            $redirect = 'index.php';
          break;
          case 'admin':
            $redirect = 'admin.php';
          break;
          case 'head':
            $redirect = 'head_department.php';
          break;
          case 'user':
            $redirect = 'index.php';
          break;
          case 'tabel':
            $redirect = 'head_department.php';
          break;
        }
        header('Location: /'.$redirect);
    }else
    {
      $errors[] = 'Логин или пароль введены неверно';
    }
    
    if ( ! empty($errors) )
    {
      //выводим ошибки авторизации
      echo '<div id="errors" style="color:red;">' .array_shift($errors). '</div><hr>';
    }

  }

?>