问题
I have a form in which I am taking username and password from user,
and I am converting the password to md5. Then I insert it into database. In user login form, I take the password and convert it to md5. Then I compare both passwords. It matches in some condition but fails if password = p@$$w0rd.
What is the issue ? And what is the solution for this issue?
From my form to database password of p@$$w0rd to md5 is b7463760284fd06773ac2a48e29b0acf and from login form it is e22bb24ca616331cb92a48b712034bc3
Code from registration form
$password = trim($_POST['password']);
$dpassword = md5($password);
And from login form
$passwd = md5($password);
$sql = mysql_query("select * from create_dealer where (dealer_email='$user' && password='$passwd')");
回答1:
The problem is with quotes.
echo md5('p@$$w0rd');// echoes b7463760284fd06773ac2a48e29b0acf
echo md5("p@$$w0rd");// echoes e22bb24ca616331cb92a48b712034bc3
When you use double quotes, $w0rd is considers as an undefined variable and replaced with an empty string.
echo md5("p@$");// echoes e22bb24ca616331cb92a48b712034bc3
回答2:
If you're using the same method to hash both inputs, then most likely you get some whitespaces or some characters escaped within one of them, make sure the inputs are EXACTLY same before hashing them.
You may also just remove the md5 call for test and see if plain text passwords match, I bet not. It might be just your SQL that returns the wrong row...
来源:https://stackoverflow.com/questions/33253075/convert-to-md5-is-wrong-in-php