i have a login page, but before i had it so that it would just place the passwords into the db without any sort of encryption or whatever so i decided to change my register script so that the password is entered into the db using the md5() thingy-me-bob but now in the login page
i get the password from the db using the username posted and then check it with the md5 of the password posted to see if they are the same, but even when the password is incorrect the md5 of the password and the password from the db are the same...
register code:
$regpassword = $_POST['regpassword'];
$regpassword = md5($regpassword);
mysql_query("INSERT INTO ".$membertable."
(username, password) VALUES( '$regusername', '$regpassword') ");
login code:
$pass_word = md5($_POST['pass_word']);
$pwdchk = mysql_fetch_array(mysql_query("SELECT password FROM $membertable WHERE username = '$user_name'"));
$pwdchk = $pwdchk['password'];
if ($pwdchk = $pass_word) {
// log in
} else {
// dont log in
}
i echoed the $pwdchk and $pass_word to see and they are both the same even though the entered password is incorrect
