This question already has an answer here:
I'm not a php programmer, so I only know what I have looked up online about the md5 tag.
I am checking to see if passwords match in a php page. I send the password in the php url and retrieve it with this code:
$u_pswd = md5(trim(strip_tags($_REQUEST['pswd'])));
Then I run a query to get the user's password so I can check if they are the same:
$usql = "SELECT user_password FROM ft_users WHERE user_email = '".$u_mail."'";
$ures = mssql_query($usql);
$urow = mssql_fetch_array($ures);
if ($urow['user_password'] = $u_pswd) {
// passwords match
} else {
// passwords do not match
}
My problem is that it says the passwords match every time. For example, if the current password is PASSWORD and I send it a password INCORRECT, the output is:
$_pswd = 64a4e8faed1a1aa0bf8bf0fc84938d25
$urow['user_password'] = 64a4e8faed1a1aa0bf8bf0fc84938d25
Could someone help me out in solving why it is saying the passwords are the same when they are not?
</div>
Do not use "=" for comparison. "=" will assign a value and any expression "$var = $value" will be evaluated to true. Use "==" instead.
if ($urow['user_password'] == $u_pswd) { ... }
= is for assigning , in your code you are assigning $u_pswd value to $urow['user_password']
you need to compare those values are equal or not by using == to get required result
$usql = "SELECT user_password FROM ft_users WHERE user_email = '".$u_mail."'";
$ures = mssql_query($usql);
$urow = mssql_fetch_array($ures);
if ($urow['user_password'] == $u_pswd) {
}
else
{
}
Hope it helps.