[nycphp-talk] crypt() issue
Max Gribov
max at neuropunks.org
Fri Dec 16 19:28:43 EST 2005
Hello,
Strange issue, cant figure out what Im doing wrong.
I have users sign up, and then add their password into database after
running
$passwd = crypt($post['passwd1']);
$user->create($post['username'], $passwd, $post['email']);
The user class handles the creation fine, there is a crypt'ed entry in
the password field in the DB.
Then, I am trying to authenticate a user on login like so:
In index.php:
$user->login($post[username], $post[password],
$_SERVER[HTTP_USER_AGENT], 'user');
In classes file for User class:
public function login($username, $password, $user_agent, $realm) {
$this->username = $username;
$this->password = $password;
$sql = "select password from users where username='$this->username'
and admin='f'";
$db_res = $this->db->Execute($sql);
if (crypt($this->password, $db_res->fields['password']) !=
$db_res->fields['password']) {
$this->error = "Invalid username/password ";
return false;
} else {
// set session vars, redirect, etc
}
}
$post is the processed array of $_POST but its not being modified when
processed, only checked for invalid input and the program will die() if
it doesnt comply.
So basically,
crypt($post['passwd1'])
during signup creates one value, but
crypt($this->password, $db_res->fields['password'])
during authentication returns a different, although always the same, value.
I have exactly same code, in index.php and in classes file and in SQL
command in other apps, and it works without a problem.
I am starting to get lost here, I basically copy/paste all the auth
code, and it stops working.
I checked if input from $_POST is being modified anywhere, and its not.
If anyone wants to see the code in action, look at
http://www.angrycollegekid.com/index.php?a=signup, signup for an account
and then try to login, or just use crap/crap for testing.
There are debugs of what you enter, what first crypt() returns, and what
is actually stored in the DB.
(sorry for spamming with the actual domain name)
max
More information about the talk
mailing list