Gossamer Forum
Quote Reply
PHP: md5
This thread is similar to the following GT thread:

http://www.gossamer-threads.com/...i?post=199088#199088

I've searched PHPBuilder, MySQL, PHP.net, and Google, but can't seem to find the solution. I've read quite a few threads on using md5 and how to check input parameters against table columns.

However, I can't seem to get it to work.

I've done the following:

1) Updated some user records using md5($this->password)

2) Edited the login check codes to look like the following:
Code:
$this->password = md5($_POST['password']);
if ($myrow[password] = $this->password) {

I've added some de-bugging code and here is an example of what is outputted in the login script:

Password incorrect. fe08e3124c:fe08e3124cd2adcdde3109fb3ecf9a04

Notice that the first set of bold codes:

fe08e3124c is the password in the database and the second string of codes with the first part of it bolded shows that the md5 is rendering the inputted password field, however, it is adding a bunch of miscallenous characters at the end.

Yes, I've thought of using crypt, yet since I am trying to tie PHPBB2 into my central login logic, I am using similar codes in PHPBB2 (which uses md5 to "encrypt" passwords).

Any ideas or suggestions?

Thanks in advance.

EDIT: Note: I tried using trim as well, like:

Code:
md5(trim($_POST['password']))

but didn't make a difference.
========================================
Buh Bye!

Cheers,
Me

Last edited by:

Stealth: Sep 20, 2003, 11:37 AM
Quote Reply
Re: [Stealth] PHP: md5 In reply to
Very odd...seems to be working now...

I think the problem was that I had == rather than = in the following codes:

WORKS
Code:
if ($myrow["password"] = $this->password) {

DIDN'T WORK
Code:
if ($myrow["password"] == $this->password) {
========================================
Buh Bye!

Cheers,
Me
Quote Reply
Re: [Stealth] PHP: md5 In reply to
That's not working. it's successful everytime.

You're now doing an assignment, not a comparison. With the =, the if will always evaulate to true (you're saying "if this variable gets the value of this variable")

--mark
Quote Reply
Re: [Stealth] PHP: md5 In reply to
Looks like your database needs to be updated to allow 32 character password lengths. As Mark mentioned using "==" IS the correct operator to be using.

Adrian
Quote Reply
Re: [brewt] PHP: md5 In reply to
Mark and Adrian,

Yes, you're both correct...I neglected to look in the column properties of the password column before posting. I changed the length to 32 and also changed the operator back to == and the script works perfectly.

Thanks.
========================================
Buh Bye!

Cheers,
Me