27

If($password = $password2) {
//login
}

Keep in mind that password is the salted and hashed input and password2 is the Salter and hashed pw in the database...

Who needs passwords am I right?

Comments
  • 10
    Is it me or that's an assignation
  • 4
    @lostpirate it is, in php a single "=" means assign, "==" not case sensitive and not type sensitive, and "===" means exactly the same.
    So instead of checking, it was just telling the server that the input is now whatever was in the db...
  • 1
    If it makes you feel better, my notorious PM started coding. We did something that makes him really happy-> pair programming, but that time he was coding. He did that mistake an if statement with assignation inside.
    I made him aware of that and remember in the future as for newers is not easy to spot.

    Next day he spent two hours finding an error. Was exactly that
  • 13
    You get a login. You get a login. Everyone gets a login.
  • 0
  • 0
    That's gold Jerry!
  • 0
    @FMashiro `==` is not case insensitive.
  • 0
    @taylan my bad, I thought it was
Add Comment