<?php function hash_equals($str1, $str2) { if (strlen($str1) != strlen($str2)) { return false; } else { $res = $str1 ^ $str2; $ret = 0; for ($i = strlen($res) - 1; $i >= 0; $i--) { $ret |= ord($res[$i]); } return !$ret; } } include_once "autoloader.php"; $login = $_POST['login']; $mot_de_passe = $_POST['password']; $pdo_singleton = new PDOSingleton(); $request = $pdo_singleton->get_connexion()->query('SELECT password FROM users WHERE login="******"'); if ($request !== false) { $result = $request->fetch(); $request->closeCursor(); if (hash_equals($result["password"], crypt($mot_de_passe, $result["password"]))) { session_start(); $_SESSION["login"] = $login; header('Location: ./admin/admin.php'); } } echo "Bad login"; //header("location: index.php");