The login sript below does not let me log in with triple checked credentials. After thorough testing the problem is narrowed to the comparison of hashed posted password and hashed password from user-table. When echoing the vars they are the same. What have I missed?
Removing password fro mthe pdo select fetch the user.
Echoing the password from the fetched user (fetched as above bullet) and the posted password shows they are in fact the same
BUT still when putting the two passwords in a if-statement posted==fetched it does not approve
if(!empty($_POST['email']) && !empty($_POST['password'])){
$givenEmail = strip_tags($_POST['email']);
$givenPassword = md5($_POST['password']);
//query : standard
$STH = $DBH->prepare('SELECT * from user where email = :email && password = :password');
$STH -> bindParam(':email', $givenEmail);
$STH -> bindParam(':password', $givenPassword);
try{
$STH->execute();
$successFetchUserData=true;
}catch (PDOException $e){
echo '<div class="is_error">Något gick fel, vänligen pröva igen om en liten stund.</div>';
//echo "Fel: " . $e->getMessage();
}
if(!empty($successFetchUserData)){
$userFoundByEmail=$STH->rowCount();
if($userFoundByEmail>0){
$ns = rand(10e16, 10e20);
$randomString = base_convert($ns, 10, 36);
$STH = $DBH->prepare("INSERT INTO security (ip,token) VALUES (:ip,:token)");
$STH->bindParam(':ip', $_SERVER['REMOTE_ADDR']);
$STH->bindParam(':token', $randomString);
try{
$STH->execute();
$sucessSecurity=true;
}catch (PDOException $e){
echo '<div class="is_error">Något gick fel, vänligen pröva igen om en liten stund.</div>';
//echo "Fel: " . $e->getMessage();
}
if(!empty($sucessSecurity)){
$_SESSION['token'] = $randomString;
$loginGood = true;
}
}
}
}