NYCPHP Meetup

NYPHP.org

[nycphp-talk] crypt() issue

Glenn glenn310b at mac.com
Sat Dec 17 10:31:12 EST 2005 

Hi Max,

The first line has the $post array key for password as 'passwd1'
Is that what you wanted?

Glenn

On Dec 16, 2005, at 7:28 PM, Max Gribov wrote:

> Hello,
> Strange issue, cant figure out what Im doing wrong.
>
> I have users sign up, and then add their password into database after
> running
> $passwd = crypt($post['passwd1']);
> $user->create($post['username'], $passwd, $post['email']);
>
> The user class handles the creation fine, there is a crypt'ed entry in
> the password field in the DB.
> Then, I am trying to authenticate a user on login like so:
>
> In index.php:
> $user->login($post[username], $post[password],
> $_SERVER[HTTP_USER_AGENT], 'user');
>
> In classes file for User class:
> public function login($username, $password, $user_agent, $realm) {
>     $this->username = $username;
>     $this->password = $password;
>     $sql = "select password from users where username='$this->username'
> and admin='f'";
>     $db_res = $this->db->Execute($sql);
>     if (crypt($this->password, $db_res->fields['password']) !=
> $db_res->fields['password']) {
>         $this->error = "Invalid username/password ";
>         return false;
>     } else {
>         // set session vars, redirect, etc
>     }
> }
>
> $post is the processed array of $_POST but its not being modified when
> processed, only checked for invalid input and the program will die() if
> it doesnt comply.
>
> So basically,
> crypt($post['passwd1'])
> during signup creates one value, but
>
> crypt($this->password, $db_res->fields['password'])
> during authentication returns a different, although always the same, 
> value.
>
> I have exactly same code, in index.php and in classes file and in SQL
> command in other apps, and it works without a problem.
> I am starting to get lost here, I basically copy/paste all the auth
> code, and it stops working.
> I checked if input from $_POST is being modified anywhere, and its not.
>
> If anyone wants to see the code in action, look at
> http://www.angrycollegekid.com/index.php?a=signup, signup for an 
> account
> and then try to login, or just use crap/crap for testing.
> There are debugs of what you enter, what first crypt() returns, and 
> what
> is actually stored in the DB.
>
> (sorry for spamming with the actual domain name)
>
> max
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
>

More information about the talk mailing list