I get the password from the forms page and encrypt it in md5
$pass = md5($_POST['password']); Then I get the encrypted password from MySQL
$vpass = $row['password']; Then I compare them
if($row['password'] != $pass) {die ('ошибка пароля');} But for some reason, if the condition is correct, it still gives an error (I looked at how it works, it turns out that I get this from the database: e10adc3949ba59abbe56e057, and from $ pass I get this: e10adc3949ba59abbe56e057f20f883e.
Why?
Supplemented.
<?php if ($_POST['password'] == ''){die ('error pass');} if ($_POST['mail'] == ''){die ('error mail');} if ($_POST['url'] == '') {die ('error url');} $url = $_POST['url']; $pass = $_POST['password']; $mail = $_POST['mail']; $dblocation = "localhost"; $dbname = "lol"; $dbuser = "lol"; $dbpasswd = "0000"; $link = mysql_connect($dblocation, $dbuser, $dbpasswd); //if ($_GET['id'] == '') die('error'); if ( !$link ) die ("Невозможно подключение к MySQL"); mysql_select_db ( $dbname ) or die ("Невозможно открыть $dbname"); $res=mysql_query("SELECT * FROM `cards` WHERE url = '".$url."'"); while($row=mysql_fetch_array($res)){ $vurl= $row['url']; $vmail = $row['mail']; $vpass = $row['password'];} if ($vurl == '') {die ('Введён несуществующей адрес');} else { if($vmail != $mail) {die ('ошибка почты');} if($row['password'] != md5($pass)) {die ('ошибка пароля');} } session_start(); $_SESSION['mail'] = $mail; $_SESSION['pass'] = $pass; mysql_close ( $link ); ?> Supplemented.
$insert = "INSERT INTO cards (name, password) VALUES('".$url."','".md5($password)."')"; mysql_query ($insert); PS cut it a little
