سؤال
I have this following if-case, but I can't get it to work properly.
I have a database that stores md5 encrypted passwords as varchar.
I let the user enter his/her password and username in a form and send it to php the normal way.
https://stackoverflow.com/questions/21371907
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$nickName = $_POST['User'];
$pass = $_POST['Pass'];
[...]
$value = mysql_fetch_array($result);
//i assume strcmp returning 0
if(!(strcmp($value,md5($pass)))) {
echo "Willkommen, " . $nickName;
} else {
echo "Passwoerter stimmen nicht ueberein!";
}
Let me add the fact I also tried out various statements like
if(strcmp($value,md5($pass)) == 0) and $value == md5($pass).
My clue is I have to cast the from $value returned value somehow. Maybe something like a parseInt (afaik md5 is Integer) to change the value I got from the database to int.
المحلول
mysql_fetch_array, does what it says fetches an array, you are trying to do a string compare on an array you probably want something like $value['password']
if(!(strcmp($value['password'],md5($pass))))
{
echo "Willkommen, " . $nickName;
}
else
{
echo "Passwoerter stimmen nicht ueberein!";
}
and of course think about using mysqli as mysql is deprecated
نصائح أخرى
I am having a tough time understanding what you want to do and I'm afraid I can't add a comment so ill try and help as much as I can.
Basically I thino you are trying to perform some sort of authentication??? If so what you should do is query the database by the username for example:
$var = mysql_fetch_array(mysql_query("select userid, userpass from users where username = " . mysql_real_escape_string($_POST["User"]));
Then you can check their pass input with what's in the database:
if (md5($_POST["Pass"]) == $var["userpass"])
{
//go ahead and continue on
}
else
{
//they must have messed up so don't pass go
}
I hope this is what you wish to do and sorry if I got it comppetely wrong!!!
