Logon password comparison questions

The database storage field is md5 (password), and the form receiving and processing password is md5 (password + suffix). do the two statements return true logic values? Why did I try it last night? the returned account password is incorrect, but the ajax return value is OK. if all the input is not correct, ajax returns null. If the password stored in the password... database is md5 (password) and the password for receiving the form is md5 (password + suffix), are the returned logical values true? Why did I try it last night? the returned account password is incorrect, but the ajax return value is OK. if all the input is not correct, ajax returns null. If the password does not match, why does ajax return OK? Why is the returned Password incorrect? Where is the problem?
1. IndexController. class. php:

  Display ();} public function checkUserName () {if (! IS_AJAX) {$ data = array ('errmsg '=> 'illegal access method');} $ userName = I ('username', '', 'htmlspecialchars '); $ userPass = I ('userpass', '', 'htmlspecialchars'); $ userInfo = D (" Stuser ")-> getUserInfo ($ userName ); if ($ userInfo ['userpass']! = HandleMd5Pass ($ userPass) {// echo $ userInfo ['userpass']."
"; // Echo handleMd5Pass ($ userPass); echo" incorrect user name or password "; // var_dump (handleMd5Pass ($ userPass);} if ($ userInfo) {// $ userInfo-> where (array ('id' => $ userInfo ['id'])-> save ($ errMsg); session ('userid ', $ userInfo ['id']); $ data = array ('info' => 'OK', 'callback' => U ('/stfjzd-13/index. php/Home/Index/index');} $ this-> ajaxReturn ($ data );}}

2. StuserModel. class. php

  DB = M ("Stuser");} // retrieve user data in the database, find () to retrieve one-> Index public function getUserInfo ($ userName) {// $ res = $ this-> DB-> field ('username', 'userpass')-> where ('username = "'. $ userName. '"')-> find (); $ userInfo = $ this-> DB-> where ('username = "'. $ userName. '"')-> find (); echo $ this-> DB-> getLastSql (); return $ userInfo ;}}?>

3. Login. js

$ ('. Search_sub '). click (function (event) {event. preventDefault (); var userName = $ ("# username "). val (); var userPass =$ ("# userpass "). val (); if (userPass = "" | userName = "") {alert ("login name and password cannot be blank "); $ ("# username "). focus (); return false;} else {var url = "/stfjzd-13/index. php/Home/Index/checkUserName "; // var url =" {U ('/stfjzd-13/index. php/Home/Index/checkUserName ')} "; $. post (url, {username: userName, userpass: userPass}, function (msg) {if (msg. errMsg = "OK") {window. location. href = msg. callback;} else {alert (msg. errMsg) ;}}, "JSON ")}})

Reply content:

The database storage field is md5 (password), and the form receiving and processing password is md5 (password + suffix). do the two statements return true logic values? Why did I try it last night? the returned account password is incorrect, but the ajax return value is OK. if all the input is not correct, ajax returns null. If the password does not match, why does ajax return OK? Why is the returned Password incorrect? Where is the problem?
1. IndexController. class. php:

  Display ();} public function checkUserName () {if (! IS_AJAX) {$ data = array ('errmsg '=> 'illegal access method');} $ userName = I ('username', '', 'htmlspecialchars '); $ userPass = I ('userpass', '', 'htmlspecialchars'); $ userInfo = D (" Stuser ")-> getUserInfo ($ userName ); if ($ userInfo ['userpass']! = HandleMd5Pass ($ userPass) {// echo $ userInfo ['userpass']."
"; // Echo handleMd5Pass ($ userPass); echo" incorrect user name or password "; // var_dump (handleMd5Pass ($ userPass);} if ($ userInfo) {// $ userInfo-> where (array ('id' => $ userInfo ['id'])-> save ($ errMsg); session ('userid ', $ userInfo ['id']); $ data = array ('info' => 'OK', 'callback' => U ('/stfjzd-13/index. php/Home/Index/index');} $ this-> ajaxReturn ($ data );}}

2. StuserModel. class. php

  DB = M ("Stuser");} // retrieve user data in the database, find () to retrieve one-> Index public function getUserInfo ($ userName) {// $ res = $ this-> DB-> field ('username', 'userpass')-> where ('username = "'. $ userName. '"')-> find (); $ userInfo = $ this-> DB-> where ('username = "'. $ userName. '"')-> find (); echo $ this-> DB-> getLastSql (); return $ userInfo ;}}?>

3. Login. js

$ ('. Search_sub '). click (function (event) {event. preventDefault (); var userName = $ ("# username "). val (); var userPass =$ ("# userpass "). val (); if (userPass = "" | userName = "") {alert ("login name and password cannot be blank "); $ ("# username "). focus (); return false;} else {var url = "/stfjzd-13/index. php/Home/Index/checkUserName "; // var url =" {U ('/stfjzd-13/index. php/Home/Index/checkUserName ')} "; $. post (url, {username: userName, userpass: userPass}, function (msg) {if (msg. errMsg = "OK") {window. location. href = msg. callback;} else {alert (msg. errMsg) ;}}, "JSON ")}})

If ($ userInfo ['userpass']! = HandleMd5Pass ($ userPass) {// only the error is returned, but not to the front-end. Echo "incorrect user name or password"; // var_dump (handleMd5Pass ($ userPass);} if ($ userInfo) {// your code runs here, user name pair, so userInfo is found, so OK is returned. If the password is correct, it should be returned to the front-end when the password verification is incorrect. the session ('userid', $ userInfo ['id']) will not be run in the future. $ data = array ('info' => 'OK', 'callback' => U ('/stfjzd-13/index. php/Home/Index/index');} $ this-> ajaxReturn ($ data );

In comments

Echo "incorrect user name or password ";

Here return