FlyingIsFun1217 Posted April 17, 2008 Share Posted April 17, 2008 Hey! Needing to create a little site frontend, I figured I'd come back and try PHP again. Well, I've got my basic code done fairly well, but it doesn't work as expected. Here's the code: Index.html: <html> <head> <title>Simple PHP Gallery</title> <meta name="description" content="Simple image gallery using PHP" /> </head> <body> <center> <h1>Simple PHP Gallery</h1> </center> <form> <fieldset> <form action="loginCheck.php" method="post"/> <center> <p> <b>Password:</b> <input type="password" name="passwrd"/> </p> </center> <center> <input type="submit" value="View Gallery"/> </center> </form> </fieldset> </form> </body> </html> loginCheck.php: <?php $passwordFromLogin = $_POST['passwrd']; $passwordEncrypted = md5($passwordFromLogin); $passwordCheck = "false"; include("passWrd.php"); if ($passwordEncrypted == $currentPassword) header('anjgnwerg.php'); else header('error.html'); ?> passWrd.php: <?php $currentPassword = 'thisisthepassword'; ?> Now, after entering in a bogus password, I would expect to get my error page, but that's not the case. An example can be found here. Thanks! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
awpti Posted April 17, 2008 Share Posted April 17, 2008 You do realize md5 makes a hash of the incoming password, right? you would have to include the md5 hash, not the actual password in passWrd.php $currentPassword = 'thisisthepassword'; would be wrong. $currentPassword = 'd9ec646d4a782cfbc7f6cdbad62993d1'; would == the md5 of 'thisisthepassword'. Little vague on what's really happening though. Also, why are you using header()? Just include it. Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 17, 2008 Author Share Posted April 17, 2008 I know it creates an MD5 hash, that's why I want to use it. Eventually, I'd like to store the MD5 hash of the password, and then check it against the hash of the password entered in the passwrd box. Right now, I want to just make sure that it forwards through the pages like I want it to, so I purposely left the passwrd box as it is, instead of getting it's hash. Essentially, what I want to do is get the password from the box, check to see if it's the same value as that stored in currentPassword, and proceed if it checked in the same (or regress if it didn't). Sorry if my methods are not clear, I'm used to coding with C++, a more object-oriented approach :/ Thanks again! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
DJTim666 Posted April 17, 2008 Share Posted April 17, 2008 As awpti said, md5 creates a hash of the incoming value. You're creating a hash of the password, then checking it to see if it's the same as a conjunction of english words.. not gunna happen. Try un-hashing the password until you've checked to see if it's the same as the $currentPassword. -- DJ Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 17, 2008 Author Share Posted April 17, 2008 So comparing the hash to the current password is like comparing an int with a char in C++? I think I'm getting it. I'll use the MD5 hash you posted above, and see if it doesn't work. Thanks! FlyingIsFun1217 ----------EDIT---------- Tried using the hash, I still get the same results with a wrong password entered. Shouldn't it be going to error.html? Why isn't it, that's my biggest problem right now... :/ Thanks again! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 17, 2008 Author Share Posted April 17, 2008 Bump. Still confused on this one. Thanks again! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
jonsjava Posted April 17, 2008 Share Posted April 17, 2008 when you MD5 the password, you receive a 30 character string of data that **NOT** the same as your password. so, if you are comparing current password to the hashed password, you are essentially comparing a scooter to a yacht. There is nothing similar. Quote Link to comment Share on other sites More sharing options...
miracle_potential Posted April 17, 2008 Share Posted April 17, 2008 login.php <? $include("password.php"); $password = $_POST['password']; $encpass = md5($password); if($encpass == $real_pass){ header("Location: home.html"); } else{ header("Location:error.html"); } ?> password.php <? $passwordywordthing == "password!1"; $real_pass == md5($passwordywordthing); ?> Should work just dandy, you should md5() your real password and failing this just use Javascript Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 17, 2008 Author Share Posted April 17, 2008 Alright, I'll try that. Thanks for your time! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 18, 2008 Author Share Posted April 18, 2008 Here's my current code (still failing as before): Index.html: <html> <head> <title>Simple PHP Gallery</title> <meta name="description" content="Simple image gallery using PHP" /> </head> <body> <center> <h1>Simple PHP Gallery</h1> </center> <form> <fieldset> <form action="loginCheck.php" method="post"/> <center> <p> <b>Password:</b> <input type="password" name="passwrd"/> </p> </center> <center> <input type="submit" value="View Gallery"/> </center> </form> </fieldset> </form> </body> </html> loginCheck.php: <?php include("passWrd.php"); $passwordFromLogin = $_POST['passwrd']; $passwordEncrypted = md5($passwordFromLogin); if ($passwordEncrypted == $encryptedPass) { header("correctLogin.php"); } else { header("error.html"); } ?> passWrd.php: <?php $passwordText = "samplepassword"; $encryptedPass = md5($passwordText); ?> Maybe it's failing because of header() being in the html body? Is there another way to forward through the pages? Thanks again! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 18, 2008 Author Share Posted April 18, 2008 Anybody? I guess what I'm going for is the type of system that forums use. User logs in, a check is done (except I want to do mine against a php variable), and if it's correct, forward to another page. Thanks! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
miracle_potential Posted April 18, 2008 Share Posted April 18, 2008 header("Location: correctLogin.php"); header("Location: error.html"); Just noticed you were missing your location key Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 18, 2008 Author Share Posted April 18, 2008 Yeah, I've since put the Location tag into that. Thing is, the site still does the exact same thing. Nothing ever changes... It's starting to get really annoying! Thanks again! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
mofm Posted April 18, 2008 Share Posted April 18, 2008 Try this .it should work <?php $passwordText = "samplepassword"; $encryptedPass = md5($passwordText); $passwordFromLogin = $_POST['passwrd']; $passwordEncrypted = md5($passwordFromLogin); echo "Your pass :$encryptedPass<BR>Entered pass:$passwordEncrypted"; //Remove this line when ur done testing if ($passwordEncrypted == $encryptedPass) { header("Location: http://" . $_SERVER['HTTP_HOST'] .dirname($_SERVER['PHP_SELF'])."/correctLogin.php"); } else { header("Location: http://" . $_SERVER['HTTP_HOST'] .dirname($_SERVER['PHP_SELF'])."/error.html"); } ?> Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 19, 2008 Author Share Posted April 19, 2008 Thanks, I'll try that! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 19, 2008 Author Share Posted April 19, 2008 Still nothing. Even replaced all of my html code from the index page into php echo's, and I still got the same errors. Man, this is really irking me... what the heck could be stopping it from forwarding to a new page?!?! Thanks again! FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
FlyingIsFun1217 Posted April 19, 2008 Author Share Posted April 19, 2008 Seems all I really needed to do was check my index. I had a form directly under a form (<form><form blahblah></form></form>). I think this was the case, anyway. Either way, it's working now. Thanks for everybody who took the time to help me. Now I'm dealing with image stuff... FlyingIsFun1217 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.