[英]PHP MD5 not working in if statement
I'm having problems comparing a submitted password and one thats called from the database. 我在比较提交的密码和从数据库调用的密码时遇到问题。 Both equal the same output but when compared in an if statement they apparently don't equal each other 两者等于相同的输出,但是在if语句中进行比较时,它们显然彼此不相等
<?php
session_start();
include("../functions.php");
connect();
$userPinLogin = $_REQUEST['pinLogin'];
$userEmailLogin = $_REQUEST['emailLogin'];
$i = session_id();
$findPin = md5($userPinLogin);
$checkUserDetails = mysql_query("SELECT * FROM agentLogins WHERE email = '$userEmailLogin' AND pin = '$findPin' ")
or die(mysql_error());
while($checkUserDetailsResults = mysql_fetch_array($checkUserDetails))
{
$testUserPin = $checkUserDetailsResults['pin'];
$userLinkId = $checkUserDetailsResults['linkId'];
$testUserEmail = $checkUserDetailsResults['email'];
}
if (empty($testUserPin))
{
header ("Location: http://www.propertyclouduk.co.uk/agentPortal/index.php?er=pass");
}
if ($findPin == $testUserPin)
{
echo "all match";
}
else
{
echo "none match";
}
?>
both findPin & testUserPin = ad0234829205b9033196ba818f7a872b but in the if statement the statement comes up false saying they don't match 都是findPin和testUserPin = ad0234829205b9033196ba818f7a872b,但在if语句中,该语句出现错误,表示它们不匹配
you should not use md5 for hashing passwords as it has been cracked,use bcrypt instead its much safer 您不应该使用md5来散列密码,因为它已经被破解了,而使用bcrypt则更安全
usage of BCRYPT BCRYPT的用法
on register page--- 在注册页面上-
$pass = "the users password";
$secure_pass = password_hash($pass, PASSWORD_BCRYPT);;//the secured hashed pass
on the login page ---- 在登录页面上----
$pass_by_user="the password entered by the user in the login page";
$pass_in_db= "the users password retrieved from the mysql table using the email or other non sensitive data";
$correct_pass= password_verify($pass_by_user, $pass_in_db);//comparison of the password in the database and the entered password
I think the problem is the loop goes on untill checkUserDetailsResults
is null
. 我认为问题是循环一直进行到checkUserDetailsResults
为null
checkUserDetailsResults
。
At that point, your check will obviously fail. 到那时,您的检查显然将失败。
If you are certain that the couple (email,pin)
is unique in that table, you don't need a loop because you will have only one result, so you can test it like so: 如果确定该对(email,pin)
在该表中是唯一的,则不需要循环,因为您只会得到一个结果,因此可以像这样测试它:
$result = mysql_query("SELECT * FROM agentLogins WHERE email = '$userEmailLogin' AND pin = '$findPin' ")
or die(mysql_error());
$row = mysql_fetch_array($result);
// mysql_fetch_array will return null if no row is found
if($row){
// We got a match, the check here will succeed
$testUserPin = $row['pin'];
$userLinkId = $row['linkId'];
$testUserEmail = $row['email'];
if ($findPin == $testUserPin){
echo "all match";
}else{
echo "none match";
}
}else{
// No match found, redirect
header ("Location: http://www.propertyclouduk.co.uk/agentPortal/index.php?er=pass");
die;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.