Comparing MD5 Hashes

[havox]

+-----------+----------------------------------+

| username | password                              |

+-----------+----------------------------------+

| user        | Hash                                    |

+-----------+----------------------------------+

 

This is what I have set up in my database(obviously I'm not going to put the real user or hash). I'm trying to md5 what the user inputs for a password and compare it to the database, but I keep getting failed login attempts.

 

<?php
error_reporting(-1);
ini_set('display_errors', 1);

$host = "localhost";  
$dbuser = "****";   
$pass = "****"; 
$databasename = "login";  

mysql_connect($host,$dbuser,$pass)or die('Could not connect: '.mysql_error());  
mysql_select_db($databasename) or die(mysql_error()); 

if (isset($_POST["user"]) && isset($_POST["pwd"])) {
$admin = mysql_query("SELECT username FROM members");
$pass = mysql_query("SELECT password FROM members");
	if ($_POST["user"] == $admin && md5($_POST["pwd"]) == $pass) {
		session_register("admin");
     		session_register("pass");
     		header('Location:https://deadnode.com/output.php'); }
else {
     	echo"<center><h1>Failed login attempt.</h1></center>"; }
}
?>

[PFMaBiSmAd]

mysql_query() returns a result resource, not the data value. I recommend reading a basic php/mysql tutorial to learn how to execute a query and fetch the data from the result resource.

 

Also, session_register(), session_is_registered(), and session_unregister() were depreciated more than 8 years ago in favor of using the $_SESSION array. There are examples of how to use the $_SESSION array in the php.net documentation under Sessions.