alphamoment Posted March 6, 2014 Share Posted March 6, 2014 Hello, I'm triny got make a Login script for my website but it's not reading the passwords correctly.A sample of the register.php $Pass = mysql_real_escape_string($_POST['password'], $Link); $Pass = StrToLower(Trim($Pass)); $Salt = "0x" . md5($Login.$Pass); MySQL_Query("call adduser('{$Login}', {$Salt}, And here's my login.php <?php session_start(); require("common.php"); $submitted_name = ''; function hash_pass($passwd){ $salt="0x."; return md5($passwd.$salt); } if(!empty($_POST)) { $query = " SELECT id, name, passwd FROM users WHERE name = :name "; $query_params = array( ':name' => $_POST['name'] ); try { $stmt = $db->prepare($query); $result = $stmt->execute($query_params); } catch(PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } $login_ok = false; $row = $stmt->fetch(); if($row) { $check_passwd == md5($passwd . $salt); for($round = 0; $round < 65536; $round++) if($check_passwd = md5($salt['passwd'])) { $login_ok = true; } } if($login_ok) { unset($row['passwd']); $_SESSION['user'] = $row; header("Location: usercp.php"); die("Redirecting to: usercp.php"); } else { print("Login Failed."); $submitted_name = htmlentities($_POST['name'], ENT_QUOTES, 'UTF-8'); } } ?> When I login, I can use any password.However, if I change; $check_passwd == md5($passwd . $salt); to; $check_passwd === md5($passwd . $salt); It says "Login Failed" even with the correct information..I'm kinda noobie with PHP, any help is appreciated, thankyou! Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/ Share on other sites More sharing options...
jairathnem Posted March 6, 2014 Share Posted March 6, 2014 (edited) == (double equals) is equals operator i.e it matches both and returns true or false(Boolean). =(single equal) - this is assignment i.e you assign values to something. like to a variable,array..etc. you have misplaced both in your code. Edited March 6, 2014 by jairathnem Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/#findComment-1471614 Share on other sites More sharing options...
alphamoment Posted March 6, 2014 Author Share Posted March 6, 2014 I've changed both accordingly and tested. Still the same issue Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/#findComment-1471617 Share on other sites More sharing options...
jairathnem Posted March 6, 2014 Share Posted March 6, 2014 if($check_passwd == md5($salt['passwd'])) in your code $salt is never assigned a value with key 'passwd'. It will never validate. Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/#findComment-1471622 Share on other sites More sharing options...
alphamoment Posted March 6, 2014 Author Share Posted March 6, 2014 $salt = $name.$passwd; $salt = md5($salt); $salt = "0x".$salt; I added this to the code, but still same problem Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/#findComment-1471624 Share on other sites More sharing options...
jairathnem Posted March 6, 2014 Share Posted March 6, 2014 I'd suggest you learn the basics first. The above 3 lines donot add a key of 'passwd'. Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/#findComment-1471628 Share on other sites More sharing options...
Ch0cu3r Posted March 6, 2014 Share Posted March 6, 2014 (edited) This code here for checking the password has a few major problems $check_passwd == md5($passwd . $salt); for($round = 0; $round < 65536; $round++) f($check_passwd = md5($salt['passwd'])) { $login_ok = true; } 1) First $passwd and $salt are not defined, When assigning a value to a variable you use thr assignment operator = not the comparison operator == 2) Why the for loop? 3) md5($salt['passwd']) should be $row['passwd'] The is the variable that holds the users hashed password stored in your database, which is returned by your query . And you should use the comparison operator ( == ) when checking values match Edited March 6, 2014 by Ch0cu3r Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/#findComment-1471633 Share on other sites More sharing options...
alphamoment Posted March 6, 2014 Author Share Posted March 6, 2014 Sorry.. I said I'm kinda noobie that's why I'm seeking help, it's for my friends website and he knows no more than I do. i'm trying to help also but my intelligence in PHP isn't good at all. Anyway thank you for the replies, I'll see if I can figure it out! Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/#findComment-1471636 Share on other sites More sharing options...
Solution alphamoment Posted March 7, 2014 Author Solution Share Posted March 7, 2014 I managed to fix the problem, thank you! Quote Link to comment https://forums.phpfreaks.com/topic/286751-not-reading-passwords-correctly/#findComment-1471719 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.