Bob Hutchinson wrote:
> On Sunday 30 Apr 2006 18:49, Robin Bowes wrote:
>> functions.php
>> =============
>> Removed MD5 function from query in authenticate_user function
>
> are you sure about this one? The plaintext password needs to be converted to
> md5 in order to compare with the one in the db, unless you are storing
> passwords in plaintext....
>
> in index.php, line 144
> $auth = authenticate_user($_REQUEST['email'], $_REQUEST['password']);
>
> in functions.php, line 38
> Password='".md5($password)."' and
>
The Passwords are stored md5-encrypted in the DB. I can verify what they
are by using the following query and comparing it to the contents of the
password field in the DB:
select md5('password');
I also turned on query logging and could see that md5($password) was
different to the password value stored in the DB.
I removed the md5( .. ) from the SQL in the authenticate user function
and it works.
So, somewhere, somehow, $password is getting md5-encrypted before the
call to authenticate_user.
R.
