I'm writing a login form, and it converts the given password to an MD5 hash with md5($password)
, then matches it to an already-hashed record in my database. I know for sure that the database record is correct in this case. However, it doesn't log me in and claims the password is incorrect.
Here's my code:
$password = mysql_real_escape_string($_POST["password"]);
...more code...
$passwordQuery = mysql_fetch_row(mysql_query(("SELECT password FROM users WHERE email = '$userEmail'")));
...some code...
elseif(md5($password) != $passwordQuery)
{
$_SESSION["noPass"] = "That password is incorrect.";
}
...more code after...
I tried pulling just the value of md5($password) and that matched up when I visually compared it. However, I can't get the comparison to work i开发者_开发技巧n PHP. Perhaps it is because the MySQL record is stored as text, and the MD5 is something else?
$passwordQuery contains and array with the hash, and not just the hash.
Instead of
elseif(md5($password) != $passwordQuery)
try
elseif(md5($password) != $passwordQuery[0])
It looks to me like you're comparing a string (the result from $_POST) with an array (the result of mysql_fetch_row). You'll probably want something like:
if (md5($password) != $passwordQuery['password') {
....
}
精彩评论