CODEWITHSUNDEEP
phpif-statementmd5
Mark
Mark

Reputation: 622

PHP MD5 not working in if statement

I'm having problems comparing a submitted password and one thats called from the database. Both equal the same output but when compared in an if statement they apparently don't equal each other

    <?php
    session_start();
include("../functions.php");
connect();

$userPinLogin = $_REQUEST['pinLogin'];
$userEmailLogin = $_REQUEST['emailLogin'];
$i = session_id();
$findPin = md5($userPinLogin);


$checkUserDetails =  mysql_query("SELECT * FROM agentLogins WHERE email = '$userEmailLogin' AND pin = '$findPin' ")
or die(mysql_error());
while($checkUserDetailsResults = mysql_fetch_array($checkUserDetails))
{
    $testUserPin = $checkUserDetailsResults['pin']; 
    $userLinkId = $checkUserDetailsResults['linkId'];   
    $testUserEmail = $checkUserDetailsResults['email']; 
}


if (empty($testUserPin))
{

header ("Location: http://www.propertyclouduk.co.uk/agentPortal/index.php?er=pass");

}

if ($findPin == $testUserPin)
{
    echo "all match";


}

else
{
    echo "none match";
}


?>

both findPin & testUserPin = ad0234829205b9033196ba818f7a872b but in the if statement the statement comes up false saying they don't match

Upvotes: 1

Views: 225

Answers (2)

dogiordano
dogiordano

Reputation: 714

I think the problem is the loop goes on untill checkUserDetailsResults is null.

At that point, your check will obviously fail.

If you are certain that the couple (email,pin) is unique in that table, you don't need a loop because you will have only one result, so you can test it like so:

$result =  mysql_query("SELECT * FROM agentLogins WHERE email = '$userEmailLogin' AND pin = '$findPin' ")
or die(mysql_error());
$row = mysql_fetch_array($result);
// mysql_fetch_array will return null if no row is found
if($row){
  // We got a match, the check here will succeed
  $testUserPin = $row['pin'];
  $userLinkId = $row['linkId'];
  $testUserEmail = $row['email'];

  if ($findPin == $testUserPin){
    echo "all match";
  }else{
    echo "none match";
  }
}else{
  // No match found, redirect
  header ("Location: http://www.propertyclouduk.co.uk/agentPortal/index.php?er=pass");
  die;
}

Upvotes: 0

Dev Man
Dev Man

Reputation: 2137

you should not use md5 for hashing passwords as it has been cracked,use bcrypt instead its much safer

usage of BCRYPT

on register page---

$pass = "the users password";
$secure_pass = password_hash($pass, PASSWORD_BCRYPT);;//the secured hashed pass

on the login page ----

$pass_by_user="the password entered by the user in the login page";
$pass_in_db= "the users password retrieved from the mysql table using the email or other non sensitive data";
$correct_pass= password_verify($pass_by_user, $pass_in_db);//comparison of the password in the database and the entered password

Upvotes: 2

Related Questions