Re: [PHP] md5() with rand() || Strange results, need help....
It doesn't appear to be cookie settings either, nor auto-fill in. I do not have auto-complete running; when I log in under an affected users account, the stored md5($plain_password) does not match the submitted md5($plain_password). Could it be perhaps that md5() works differently with integers vs. a text string? God knows at this point, --Noah Travis Low [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Besides checking the browser cookie settings, have one of the affected users turn off the auto-fill form feature, then tell the browser to forget all saved form information. Let us know what happens. cheers, Travis CF High wrote: Re: the browser track, it looks like all adversely affected users; i.e. those who can no longer log in, have a browser of I.E. 6.0. I know that in many cases I.E. 6.0 has session and cookie vars disabled by default. Is it possible, a long, long shot, that rand() behaves differently in I.E. 6.0 -- I know PHP is server side, but I'm looking for any clues --Noah John W. Holmes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] CF High wrote: If anyone has any clues as to what might be happening; i.e. why the md5'd submitted plain text password does not match the stored md5'd password, please, please let me know. md5() results in a 32 character string. What kind of field are you storing it in? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- Travis Low mailto:[EMAIL PROTECTED] http://www.dawnstar.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] md5() with rand() || Strange results, need help....
Hey all. I'm running an online sport report that is member protected; i.e. users need to login to gain site access. When a new user signs up, I set their username to their email address generate a temporary password for them using rand() md5(): $username = strip_illegals($_POST['email']); $plain_pass = rand(); $password = md5($plain_pass); I then insert their login info into our member's table. Unexpectedly, when users attempt to login no matching record is found. Their login submits two post fields (username password): $username = trim(strtolower($_POST['username'])); $password = trim(strtolower($_POST['password')); $password = md5($password); The username matches, but the password does not -- I've echoed the md5'd submitted password maddenlingly, it doesn't match. I've had no problem using md5() before and am completely dumbfounded as to why this is not working. If anyone has any clues as to what might be happening; i.e. why the md5'd submitted plain text password does not match the stored md5'd password, please, please let me know. The email complaints are piling up and I'm getting nowhere. --Noah -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() with rand() || Strange results, need help....
* Thus wrote CF High ([EMAIL PROTECTED]): $username = strip_illegals($_POST['email']); $plain_pass = rand(); $password = md5($plain_pass); I then insert their login info into our member's table. Unexpectedly, when users attempt to login no matching record is found. Are you sending them the $plain_pass or $password? Their login submits two post fields (username password): $username = trim(strtolower($_POST['username'])); $password = trim(strtolower($_POST['password')); $password = md5($password); The username matches, but the password does not -- I've echoed the md5'd submitted password maddenlingly, it doesn't match. Other wise I'm reading this to say your system is evaluating md5('foo') != md5('foo') as being true. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() with rand() || Strange results, need help....
Their receiving the $plain_pass $plain_pass is md5'd on login submit, so we should get md5($plain_pass ) = db stored md5'd($plain_pass ). Makes no sense at all. Got a couple hundred emails in my inbox from users not able to login -- I'm basically screwed ;--( --Noah Curt Zirzow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] * Thus wrote CF High ([EMAIL PROTECTED]): $username = strip_illegals($_POST['email']); $plain_pass = rand(); $password = md5($plain_pass); I then insert their login info into our member's table. Unexpectedly, when users attempt to login no matching record is found. Are you sending them the $plain_pass or $password? Their login submits two post fields (username password): $username = trim(strtolower($_POST['username'])); $password = trim(strtolower($_POST['password')); $password = md5($password); The username matches, but the password does not -- I've echoed the md5'd submitted password maddenlingly, it doesn't match. Other wise I'm reading this to say your system is evaluating md5('foo') != md5('foo') as being true. Curt -- I used to think I was indecisive, but now I'm not so sure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() with rand() || Strange results, need help....
CF High wrote: If anyone has any clues as to what might be happening; i.e. why the md5'd submitted plain text password does not match the stored md5'd password, please, please let me know. md5() results in a 32 character string. What kind of field are you storing it in? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() with rand() || Strange results, need help....
password field is char (32) Strange that the usernames are all properly set to the submitted email address, but the password is not properly updated. Correct me if I'm wrong here, but $plain_pass = rand(); /* plain pass should be a random # */ md5($plain_pass); /* plain pass is a random # here and not another call to rand() */ I went ahead and created a test user account for myself -- no problem at all. Received the login email, and logged in fine with the generated test user username password. Perhaps it's a browser issue -- I am completely clueless at this point these hockey fanatics are filling up my admin inbox. --Noah John W. Holmes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] CF High wrote: If anyone has any clues as to what might be happening; i.e. why the md5'd submitted plain text password does not match the stored md5'd password, please, please let me know. md5() results in a 32 character string. What kind of field are you storing it in? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() with rand() || Strange results, need help....
Re: the browser track, it looks like all adversely affected users; i.e. those who can no longer log in, have a browser of I.E. 6.0. I know that in many cases I.E. 6.0 has session and cookie vars disabled by default. Is it possible, a long, long shot, that rand() behaves differently in I.E. 6.0 -- I know PHP is server side, but I'm looking for any clues --Noah John W. Holmes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] CF High wrote: If anyone has any clues as to what might be happening; i.e. why the md5'd submitted plain text password does not match the stored md5'd password, please, please let me know. md5() results in a 32 character string. What kind of field are you storing it in? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] md5() with rand() || Strange results, need help....
Besides checking the browser cookie settings, have one of the affected users turn off the auto-fill form feature, then tell the browser to forget all saved form information. Let us know what happens. cheers, Travis CF High wrote: Re: the browser track, it looks like all adversely affected users; i.e. those who can no longer log in, have a browser of I.E. 6.0. I know that in many cases I.E. 6.0 has session and cookie vars disabled by default. Is it possible, a long, long shot, that rand() behaves differently in I.E. 6.0 -- I know PHP is server side, but I'm looking for any clues --Noah John W. Holmes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] CF High wrote: If anyone has any clues as to what might be happening; i.e. why the md5'd submitted plain text password does not match the stored md5'd password, please, please let me know. md5() results in a 32 character string. What kind of field are you storing it in? -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- Travis Low mailto:[EMAIL PROTECTED] http://www.dawnstar.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php