开发者

MD5 hash validation failing for unknown reason in PHP

问答 作者:

I'm writing a login form, and it converts the given password to an MD5 hash with md5($password), then matches it to an already-hashed record in my database. I know for sure that the database record is correct in this case. However, it doesn't log me in and claims the password is incorrect.

Here's my code:

$password = mysql_real_escape_string($_POST["password"]);
...more code...
$passwordQuery = mysql_fetch_row(mysql_query(("SELECT password FROM users WHERE email = '$userEmail'")));
...some code...
elseif(md5($password) != $passwordQuery)
{
    $_SESSION["noPass"] = "That password is incorrect.";
}
...more code after...

I tried pulling just the value of md5($password) and that matched up when I visually compared it. However, I can't get the comparison to work i开发者_开发技巧n PHP. Perhaps it is because the MySQL record is stored as text, and the MD5 is something else?

$passwordQuery contains and array with the hash, and not just the hash.

Instead of

elseif(md5($password) != $passwordQuery)

try

elseif(md5($password) != $passwordQuery[0])

It looks to me like you're comparing a string (the result from $_POST) with an array (the result of mysql_fetch_row). You'll probably want something like:

if (md5($password) != $passwordQuery['password') {
   ....
}

继续阅读:phpsqlvalidation

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9