Jump to content

Not reading passwords correctly


Go to solution Solved by alphamoment,

Recommended Posts

Hello, I'm triny got make a Login script for my website but it's not reading the passwords correctly.

A sample of the register.php
 

$Pass = mysql_real_escape_string($_POST['password'], $Link);
$Pass = StrToLower(Trim($Pass));


$Salt = "0x" . md5($Login.$Pass);
MySQL_Query("call adduser('{$Login}', {$Salt},

And here's my login.php

<?php
   session_start();
    require("common.php");
    $submitted_name = '';
    function hash_pass($passwd){
    $salt="0x."; 
    return md5($passwd.$salt);
    }

    if(!empty($_POST))
    {
        $query = "
            SELECT
                id,
                name,
                passwd
            FROM users
            WHERE
                name = :name
        ";
        
        $query_params = array(
            ':name' => $_POST['name']
        );
        try
        {
            $stmt = $db->prepare($query);
            $result = $stmt->execute($query_params);
        }
        catch(PDOException $ex)
        {
            die("Failed to run query: " . $ex->getMessage());
        }

        $login_ok = false;
        $row = $stmt->fetch();
        if($row)
        {
            $check_passwd == md5($passwd . $salt);
            for($round = 0; $round < 65536; $round++)

            if($check_passwd = md5($salt['passwd']))
            {
                $login_ok = true;
            }
        }
        if($login_ok)
        {
            unset($row['passwd']);
            $_SESSION['user'] = $row;
            header("Location: usercp.php");
            die("Redirecting to: usercp.php");
        }
        else
        {
            print("Login Failed.");
            $submitted_name = htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8');
        }
    }
    
?>

When I login, I can use any password.

However, if I change;

$check_passwd == md5($passwd . $salt);

to;

$check_passwd === md5($passwd . $salt);

It says "Login Failed" even with the correct information..

I'm kinda noobie with PHP, any help is appreciated, thankyou! :)

Link to comment
https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/
Share on other sites

== (double equals) is equals operator i.e it matches both and returns true or false(Boolean).

=(single equal) - this is assignment i.e you assign values to something. like to a  variable,array..etc.

 

you have misplaced both in your code.

Edited by jairathnem

This code here for checking the password has a few major problems

$check_passwd == md5($passwd . $salt);
for($round = 0; $round < 65536; $round++)

f($check_passwd = md5($salt['passwd']))
{
     $login_ok = true;
}

1) First $passwd and $salt are not defined, When assigning a value to a variable you use thr assignment operator  =  not the comparison operator  ==

2) Why the for loop?

3) md5($salt['passwd'])  should be  $row['passwd']   The is the variable that holds the users hashed password stored in your database, which is returned by your query . And you should use the comparison operator ( == ) when checking values match

Edited by Ch0cu3r

Sorry.. I said I'm kinda noobie that's why I'm seeking help, it's for my friends website and he knows no more than I do. i'm trying to help also but my intelligence in PHP isn't good at all. Anyway thank you for the replies, I'll see if I can figure it out!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.