Not reading passwords correctly

[alphamoment]

Hello, I'm triny got make a Login script for my website but it's not reading the passwords correctly.

A sample of the register.php
 

$Pass = mysql_real_escape_string($_POST['password'], $Link);
$Pass = StrToLower(Trim($Pass));


$Salt = "0x" . md5($Login.$Pass);
MySQL_Query("call adduser('{$Login}', {$Salt},

And here's my login.php

<?php
   session_start();
    require("common.php");
    $submitted_name = '';
    function hash_pass($passwd){
    $salt="0x."; 
    return md5($passwd.$salt);
    }

    if(!empty($_POST))
    {
        $query = "
            SELECT
                id,
                name,
                passwd
            FROM users
            WHERE
                name = :name
        ";
        
        $query_params = array(
            ':name' => $_POST['name']
        );
        try
        {
            $stmt = $db->prepare($query);
            $result = $stmt->execute($query_params);
        }
        catch(PDOException $ex)
        {
            die("Failed to run query: " . $ex->getMessage());
        }

        $login_ok = false;
        $row = $stmt->fetch();
        if($row)
        {
            $check_passwd == md5($passwd . $salt);
            for($round = 0; $round < 65536; $round++)

            if($check_passwd = md5($salt['passwd']))
            {
                $login_ok = true;
            }
        }
        if($login_ok)
        {
            unset($row['passwd']);
            $_SESSION['user'] = $row;
            header("Location: usercp.php");
            die("Redirecting to: usercp.php");
        }
        else
        {
            print("Login Failed.");
            $submitted_name = htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8');
        }
    }
    
?>

When I login, I can use any password.

However, if I change;

$check_passwd == md5($passwd . $salt);

to;

$check_passwd === md5($passwd . $salt);

It says "Login Failed" even with the correct information..

I'm kinda noobie with PHP, any help is appreciated, thankyou!

[jairathnem]

== (double equals) is equals operator i.e it matches both and returns true or false(Boolean).

=(single equal) - this is assignment i.e you assign values to something. like to a  variable,array..etc.

 

you have misplaced both in your code.

Edited March 6, 2014 by jairathnem

[alphamoment]

I've changed both accordingly and tested. Still the same issue

[jairathnem]

if($check_passwd == md5($salt['passwd'])) 

 

in your code $salt is never assigned a value with key 'passwd'. It will never validate.

[alphamoment]

$salt = $name.$passwd;
$salt = md5($salt);
$salt = "0x".$salt;

I added this to the code, but still same problem

[jairathnem]

I'd suggest you learn the basics first.

The above 3 lines donot add a key of 'passwd'.

[Ch0cu3r]

This code here for checking the password has a few major problems

$check_passwd == md5($passwd . $salt);
for($round = 0; $round < 65536; $round++)

f($check_passwd = md5($salt['passwd']))
{
     $login_ok = true;
}

1) First $passwd and $salt are not defined, When assigning a value to a variable you use thr assignment operator  =  not the comparison operator  ==

2) Why the for loop?

3) md5($salt['passwd'])  should be  $row['passwd']   The is the variable that holds the users hashed password stored in your database, which is returned by your query . And you should use the comparison operator ( == ) when checking values match

Edited March 6, 2014 by Ch0cu3r

[alphamoment]

Sorry.. I said I'm kinda noobie that's why I'm seeking help, it's for my friends website and he knows no more than I do. i'm trying to help also but my intelligence in PHP isn't good at all. Anyway thank you for the replies, I'll see if I can figure it out!

[alphamoment]

I managed to fix the problem, thank you!