以下登录sript不允许我使用三重检查凭据登录。经过全面测试后,问题范围缩小到哈希发布密码和来自用户表的哈希密码的比较。当回应变量时它们是相同的。我错过了什么?
Removing password fro mthe pdo select fetch the user.
Echoing the password from the fetched user (fetched as above bullet) and the posted password shows they are in fact the same
BUT still when putting the two passwords in a if-statement posted==fetched it does not approve
if(!empty($_POST['email']) && !empty($_POST['password'])){
$givenEmail = strip_tags($_POST['email']);
$givenPassword = md5($_POST['password']);
//query : standard
$STH = $DBH->prepare('SELECT * from user where email = :email && password = :password');
$STH -> bindParam(':email', $givenEmail);
$STH -> bindParam(':password', $givenPassword);
try{
$STH->execute();
$successFetchUserData=true;
}catch (PDOException $e){
echo '<div class="is_error">Något gick fel, vänligen pröva igen om en liten stund.</div>';
//echo "Fel: " . $e->getMessage();
}
if(!empty($successFetchUserData)){
$userFoundByEmail=$STH->rowCount();
if($userFoundByEmail>0){
$ns = rand(10e16, 10e20);
$randomString = base_convert($ns, 10, 36);
$STH = $DBH->prepare("INSERT INTO security (ip,token) VALUES (:ip,:token)");
$STH->bindParam(':ip', $_SERVER['REMOTE_ADDR']);
$STH->bindParam(':token', $randomString);
try{
$STH->execute();
$sucessSecurity=true;
}catch (PDOException $e){
echo '<div class="is_error">Något gick fel, vänligen pröva igen om en liten stund.</div>';
//echo "Fel: " . $e->getMessage();
}
if(!empty($sucessSecurity)){
$_SESSION['token'] = $randomString;
$loginGood = true;
}
}
}
}