NYCPHP Meetup

[max at neuropunks.org]

Yup, thats the first password field from the form, and that code gets called after a check for passwd1 == passwd2


--- Original Message ---
From: Glenn <glenn310b at mac.com>
Sent: Sat, 17 Dec 2005 10:31:12 -0500
To: NYPHP Talk <talk at lists.nyphp.org>
Subject: Re: [nycphp-talk] crypt() issue

> Hi Max,
> 
> The first line has the $post array key for password as \'passwd1\'
> Is that what you wanted?
> 
> Glenn
> 
> On Dec 16, 2005, at 7:28 PM, Max Gribov wrote:
> 
> > Hello,
> > Strange issue, cant figure out what Im doing wrong.
> >
> > I have users sign up, and then add their password into database after
> > running
> > $passwd = crypt($post[\'passwd1\']);
> > $user->create($post[\'username\'], $passwd, $post[\'email\']);
> >
> > The user class handles the creation fine, there is a crypt\'ed entry in
> > the password field in the DB.
> > Then, I am trying to authenticate a user on login like so:
> >
> > In index.php:
> > $user->login($post[username], $post[password],
> > $_SERVER[HTTP_USER_AGENT], \'user\');
> >
> > In classes file for User class:
> > public function login($username, $password, $user_agent, $realm) {
> >     $this->username = $username;
> >     $this->password = $password;
> >     $sql = \"select password from users where username=\'$this->username\'
> > and admin=\'f\'\";
> >     $db_res = $this->db->Execute($sql);
> >     if (crypt($this->password, $db_res->fields[\'password\']) !=
> > $db_res->fields[\'password\']) {
> >         $this->error = \"Invalid username/password \";
> >         return false;
> >     } else {
> >         // set session vars, redirect, etc
> >     }
> > }
> >
> > $post is the processed array of $_POST but its not being modified when
> > processed, only checked for invalid input and the program will die() if
> > it doesnt comply.
> >
> > So basically,
> > crypt($post[\'passwd1\'])
> > during signup creates one value, but
> >
> > crypt($this->password, $db_res->fields[\'password\'])
> > during authentication returns a different, although always the same, 
> > value.
> >
> > I have exactly same code, in index.php and in classes file and in SQL
> > command in other apps, and it works without a problem.
> > I am starting to get lost here, I basically copy/paste all the auth
> > code, and it stops working.
> > I checked if input from $_POST is being modified anywhere, and its not.
> >
> > If anyone wants to see the code in action, look at
> > http://www.angrycollegekid.com/index.php?a=signup, signup for an 
> > account
> > and then try to login, or just use crap/crap for testing.
> > There are debugs of what you enter, what first crypt() returns, and 
> > what
> > is actually stored in the DB.
> >
> > (sorry for spamming with the actual domain name)
> >
> > max
> > _______________________________________________
> > New York PHP Talk Mailing List
> > AMP Technology
> > Supporting Apache, MySQL and PHP
> > http://lists.nyphp.org/mailman/listinfo/talk
> > http://www.nyphp.org
> >
> 
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
> 
>