checking login with php -

-

i'm making api simple forum ,, trying check login php

on control page : checklogin.php

<?php   error_reporting(e_all); ini_set('display_errors', 1);  if(!isset($_post['username']) or (!isset($_post['password']))) {         die('type username & password'); } require_once('usersapi.php');   if(empty($_post['username']) || empty($_post['password'])){         tinyf_db_close();         die('bad user info'); } $user = tinyf_users_get_by_name($_post['username']);  if(!$user) {         die('bad user'); } //check connection if mysqli couldn't fetch  $pass = md5(mysqli_real_escape_string($tf_handle, strip_tags($_post['password']))); tinyf_db_close(); // if(strcmp('n','n')) 0 , if(0) doesn't work :d if(strcmp($pass,$user->password !== 0)){         die('bad__user'); }   die('success'); ?>

the result ===> bad__user

i expected result success

i think function strcmp isn't working

the syntax php's strcmp() follows:

strcmp ( string $str1 , string $str2 )
returns < 0 if str1 less str2; > 0 if str1 greater str2, , 0 if equal.

the parenthesis in code misplaced:

strcmp($pass,$user->password !== 0)

rather comparing 2 values, comparing $pass boolean value indicates whether $user->password !== 0. given fact each of variables set string of "1", equivalent strcmp("1",false) returns int(1), causes if statement return true, , outputs die('bad__user').

in order compare 2 values, syntax be:

if ( strcmp($pass,$user->password) !== 0 ) {     die('bad__user'); }

here's demonstration.

this being said, believe commenters above have advised consider more secure password hashing/validation techniques.


Comments

Post a Comment

Popular posts from this blog

Android : Making Listview full screen -

-
<linearlayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent" android:layout_height="match_parent" android:orientation="vertical" tools:context=".mainactivity"> <edittext android:layout_margintop="5dp" android:layout_width="match_parent" android:layout_height="50dp" android:background="@drawable/location_edittext" android:id="@+id/locationeditext" android:textsize="15sp" android:textcolor="#999" android:paddingleft="15dp" /> <com.example.ravi_gupta.slider.viewpagercustomduration android:layout_width="wrap_content" android:layout_height="0dp" android:id="@+id/viewpager" android:scrollbarstyle="outsideoverlay" android:layout_weight="0.5...
Read more

javascript - Parse JSON from the body of the POST -

-
i'm using cameratag.com record video on website. service can send json response server can save data database. don't know how proceed here: the documentation states please note json repsonse passed in body of post , not form parameters. here example of how parse response in ruby: data = json.parse(request.raw_post) video_uuid = data["uuid"] but don't know how data on javascript. i'm not experienced in js please bare me :) post sample: { "uuid": "00012710-4b65-0131-ffe6-22000a499ea4", "camera_uuid": "98373a20-79ee-0130-3e42-1231390fcc11", "created_at": "2013-12-20t05:25:02.000z", "percent_complete": 100, "short_code": "kktb4q", "metadata": { }, "state": "published", "recorded_from": "http://singwho.com", "publish_type": null, "formats": [ { "name...
Read more

javascript - How to Hide Date Menu from Datepicker in yii2 -

-
basically in datetimepicker widget date choose first time, how can hide date option widget , filter according time. tried not working want hide remove button [ 'attribute'=>'time', 'label'=>'time', 'format'=>'raw', 'value'=>function($data){ return date('h:i:s',strtotime($data->time)); }, 'filter'=> datetimepicker::widget([ 'model' => $searchmodel, 'attribute' => 'time', 'clientoptions' => [ 'autoclose' => true, 'format' => 'hh:ii', 'showon' =...
Read more