I get the password from the forms page and encrypt it in md5

$pass = md5($_POST['password']); 

Then I get the encrypted password from MySQL

 $vpass = $row['password']; 

Then I compare them

 if($row['password'] != $pass) {die ('ошибка пароля');} 

But for some reason, if the condition is correct, it still gives an error (I looked at how it works, it turns out that I get this from the database: e10adc3949ba59abbe56e057, and from $ pass I get this: e10adc3949ba59abbe56e057f20f883e.



 <?php if ($_POST['password'] == ''){die ('error pass');} if ($_POST['mail'] == ''){die ('error mail');} if ($_POST['url'] == '') {die ('error url');} $url = $_POST['url']; $pass = $_POST['password']; $mail = $_POST['mail']; $dblocation = "localhost"; $dbname = "lol"; $dbuser = "lol"; $dbpasswd = "0000"; $link = mysql_connect($dblocation, $dbuser, $dbpasswd); //if ($_GET['id'] == '') die('error'); if ( !$link ) die ("Невозможно подключение к MySQL"); mysql_select_db ( $dbname ) or die ("Невозможно открыть $dbname"); $res=mysql_query("SELECT * FROM `cards` WHERE url = '".$url."'"); while($row=mysql_fetch_array($res)){ $vurl= $row['url']; $vmail = $row['mail']; $vpass = $row['password'];} if ($vurl == '') {die ('Введён несуществующей адрес');} else { if($vmail != $mail) {die ('ошибка почты');} if($row['password'] != md5($pass)) {die ('ошибка пароля');} } session_start(); $_SESSION['mail'] = $mail; $_SESSION['pass'] = $pass; mysql_close ( $link ); ?> 


 $insert = "INSERT INTO cards (name, password) VALUES('".$url."','".md5($password)."')"; mysql_query ($insert); 

PS cut it a little

  • char - The Blogmaster
  • It is interesting to look at the rest of the php code. - Roman St
  • one
    char length 32? - yozh
  • faqu (((and I forgot something about it (( - Blogger

1 answer 1

You did not confuse, that from a DB there is it: e10adc3949ba59abbe56e057, and from $ pass it: e10adc3949ba59abbe56e057f20f883e? If so, then most likely the string is truncated when inserted. This may be if the data type of the password field is not CHAR (32), but CHAR (24).

  • thank you ... everything works ... did not take this into account. - Blogaster
  • It is necessary to carefully design the database :) Successes !! - Roman St