Re: [PHP] md5() with rand() || Strange results, need help....

[CF High]

It doesn't appear to be cookie settings either, nor auto-fill in.

I do not have auto-complete running; when I log in under an affected users
account, the stored md5($plain_password) does not match the submitted
md5($plain_password).

Could it be perhaps that md5() works differently with integers vs. a text
string?

God knows at this point,

--Noah

Travis Low [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Besides checking the browser cookie settings, have one of the affected
users
 turn off the auto-fill form feature, then tell the browser to forget all
saved
 form information.  Let us know what happens.

 cheers,

 Travis

 CF High wrote:
  Re: the browser track, it looks like all adversely affected users; i.e.
  those who can no longer log in, have a browser of I.E. 6.0.
 
  I know that in many cases I.E. 6.0 has session and cookie vars disabled
by
  default.
 
  Is it possible, a long, long shot, that rand() behaves differently in
I.E.
  6.0 -- I know PHP is server side, but I'm looking for any clues
 
  --Noah
 
 
  John W. Holmes [EMAIL PROTECTED] wrote in message
  news:[EMAIL PROTECTED]
 
 CF High wrote:
 
 
 If anyone has any clues as to what might be happening; i.e. why the
 
  md5'd
 
 submitted plain text password does not match the stored md5'd password,
 please, please let me know.
 
 md5() results in a 32 character string. What kind of field are you
 storing it in?
 
 --
 ---John Holmes...
 
 Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
 
 php|architect: The Magazine for PHP Professionals – www.phparch.com
 
 

 --
 Travis Low
 mailto:[EMAIL PROTECTED]
 http://www.dawnstar.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] md5() with rand() || Strange results, need help....

[CF High]

Hey all.

I'm running an online sport report that is member protected; i.e. users need
to login to gain site access.

When a new user signs up, I set their username to their email address 
generate a temporary password for them using rand()  md5():

$username = strip_illegals($_POST['email']);
$plain_pass = rand();
$password = md5($plain_pass);

I then insert their login info into our member's table.

Unexpectedly, when users attempt to login no matching record is found.

Their login submits two post fields (username  password):

$username = trim(strtolower($_POST['username']));
$password = trim(strtolower($_POST['password'));
$password = md5($password);

The username matches, but the password does not -- I've echoed the md5'd
submitted password  maddenlingly, it doesn't match.

I've had no problem using md5() before and am completely dumbfounded as to
why this is not working.

If anyone has any clues as to what might be happening; i.e. why the md5'd
submitted plain text password does not match the stored md5'd password,
please, please let me know.

The email complaints are piling up and I'm getting nowhere.

--Noah



--

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

[Curt Zirzow]

* Thus wrote CF High ([EMAIL PROTECTED]):
 
 $username = strip_illegals($_POST['email']);
 $plain_pass = rand();
 $password = md5($plain_pass);
 
 I then insert their login info into our member's table.
 
 Unexpectedly, when users attempt to login no matching record is found.

Are you sending them the $plain_pass or $password?

 Their login submits two post fields (username  password):
 
 $username = trim(strtolower($_POST['username']));
 $password = trim(strtolower($_POST['password'));
 $password = md5($password);
 
 The username matches, but the password does not -- I've echoed the md5'd
 submitted password  maddenlingly, it doesn't match.

Other wise I'm reading this to say your system is evaluating

  md5('foo') != md5('foo')

as being true.


Curt
-- 
I used to think I was indecisive, but now I'm not so sure.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

[CF High]

Their receiving the $plain_pass

$plain_pass is md5'd on login submit, so we should get md5($plain_pass ) =
db stored md5'd($plain_pass ).

Makes no sense at all.

Got a couple hundred emails in my inbox from users not able to login -- I'm
basically screwed ;--(

--Noah



Curt Zirzow [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 * Thus wrote CF High ([EMAIL PROTECTED]):
 
  $username = strip_illegals($_POST['email']);
  $plain_pass = rand();
  $password = md5($plain_pass);
 
  I then insert their login info into our member's table.
 
  Unexpectedly, when users attempt to login no matching record is found.

 Are you sending them the $plain_pass or $password?

  Their login submits two post fields (username  password):
 
  $username = trim(strtolower($_POST['username']));
  $password = trim(strtolower($_POST['password'));
  $password = md5($password);
 
  The username matches, but the password does not -- I've echoed the md5'd
  submitted password  maddenlingly, it doesn't match.

 Other wise I'm reading this to say your system is evaluating

   md5('foo') != md5('foo')

 as being true.


 Curt
 --
 I used to think I was indecisive, but now I'm not so sure.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

[John W. Holmes]

CF High wrote:

If anyone has any clues as to what might be happening; i.e. why the md5'd
submitted plain text password does not match the stored md5'd password,
please, please let me know.
md5() results in a 32 character string. What kind of field are you 
storing it in?

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals  www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

[CF High]

password field is char (32)

Strange that the usernames are all properly set to the submitted email
address, but the password is not properly updated.

Correct me if I'm wrong here, but

$plain_pass = rand(); /* plain pass should be a random # */
md5($plain_pass); /* plain pass is a random # here and not another call to
rand() */

I went ahead and created a test user account for myself -- no problem at
all.  Received the login email, and logged in fine with the generated test
user username  password.

Perhaps it's a browser issue -- I am completely clueless at this point 
these hockey fanatics are filling up my admin inbox.

--Noah


John W. Holmes [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 CF High wrote:

  If anyone has any clues as to what might be happening; i.e. why the
md5'd
  submitted plain text password does not match the stored md5'd password,
  please, please let me know.

 md5() results in a 32 character string. What kind of field are you
 storing it in?

 --
 ---John Holmes...

 Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

 php|architect: The Magazine for PHP Professionals – www.phparch.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

[CF High]

Re: the browser track, it looks like all adversely affected users; i.e.
those who can no longer log in, have a browser of I.E. 6.0.

I know that in many cases I.E. 6.0 has session and cookie vars disabled by
default.

Is it possible, a long, long shot, that rand() behaves differently in I.E.
6.0 -- I know PHP is server side, but I'm looking for any clues

--Noah


John W. Holmes [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 CF High wrote:

  If anyone has any clues as to what might be happening; i.e. why the
md5'd
  submitted plain text password does not match the stored md5'd password,
  please, please let me know.

 md5() results in a 32 character string. What kind of field are you
 storing it in?

 --
 ---John Holmes...

 Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

 php|architect: The Magazine for PHP Professionals – www.phparch.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

[Travis Low]

Besides checking the browser cookie settings, have one of the affected users 
turn off the auto-fill form feature, then tell the browser to forget all saved 
form information.  Let us know what happens.

cheers,

Travis

CF High wrote:
Re: the browser track, it looks like all adversely affected users; i.e.
those who can no longer log in, have a browser of I.E. 6.0.
I know that in many cases I.E. 6.0 has session and cookie vars disabled by
default.
Is it possible, a long, long shot, that rand() behaves differently in I.E.
6.0 -- I know PHP is server side, but I'm looking for any clues
--Noah

John W. Holmes [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
CF High wrote:


If anyone has any clues as to what might be happening; i.e. why the
md5'd

submitted plain text password does not match the stored md5'd password,
please, please let me know.
md5() results in a 32 character string. What kind of field are you
storing it in?
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals  www.phparch.com


--
Travis Low
mailto:[EMAIL PROTECTED]
http://www.dawnstar.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php