Jump to content

Not reading passwords correctly


alphamoment

Recommended Posts

Hello, I'm triny got make a Login script for my website but it's not reading the passwords correctly.

A sample of the register.php
 

$Pass = mysql_real_escape_string($_POST['password'], $Link);
$Pass = StrToLower(Trim($Pass));


$Salt = "0x" . md5($Login.$Pass);
MySQL_Query("call adduser('{$Login}', {$Salt},

And here's my login.php

<?php
   session_start();
    require("common.php");
    $submitted_name = '';
    function hash_pass($passwd){
    $salt="0x."; 
    return md5($passwd.$salt);
    }

    if(!empty($_POST))
    {
        $query = "
            SELECT
                id,
                name,
                passwd
            FROM users
            WHERE
                name = :name
        ";
        
        $query_params = array(
            ':name' => $_POST['name']
        );
        try
        {
            $stmt = $db->prepare($query);
            $result = $stmt->execute($query_params);
        }
        catch(PDOException $ex)
        {
            die("Failed to run query: " . $ex->getMessage());
        }

        $login_ok = false;
        $row = $stmt->fetch();
        if($row)
        {
            $check_passwd == md5($passwd . $salt);
            for($round = 0; $round < 65536; $round++)

            if($check_passwd = md5($salt['passwd']))
            {
                $login_ok = true;
            }
        }
        if($login_ok)
        {
            unset($row['passwd']);
            $_SESSION['user'] = $row;
            header("Location: usercp.php");
            die("Redirecting to: usercp.php");
        }
        else
        {
            print("Login Failed.");
            $submitted_name = htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8');
        }
    }
    
?>

When I login, I can use any password.

However, if I change;

$check_passwd == md5($passwd . $salt);

to;

$check_passwd === md5($passwd . $salt);

It says "Login Failed" even with the correct information..

I'm kinda noobie with PHP, any help is appreciated, thankyou! :)

Link to comment
https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/
Share on other sites

This code here for checking the password has a few major problems

$check_passwd == md5($passwd . $salt);
for($round = 0; $round < 65536; $round++)

f($check_passwd = md5($salt['passwd']))
{
     $login_ok = true;
}

1) First $passwd and $salt are not defined, When assigning a value to a variable you use thr assignment operator  =  not the comparison operator  ==

2) Why the for loop?

3) md5($salt['passwd'])  should be  $row['passwd']   The is the variable that holds the users hashed password stored in your database, which is returned by your query . And you should use the comparison operator ( == ) when checking values match

Sorry.. I said I'm kinda noobie that's why I'm seeking help, it's for my friends website and he knows no more than I do. i'm trying to help also but my intelligence in PHP isn't good at all. Anyway thank you for the replies, I'll see if I can figure it out!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.