Jump to content


Photo

string comparison failing


  • Please log in to reply
4 replies to this topic

#1 bocochoco

bocochoco
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 24 May 2006 - 07:21 AM

Hey all, I'm new. I hope you don't hold that against me. I could really use some help. I have spent the last 3 hours trying to figure out what is wrong with my script. It is a simple login script, data entered by the user is compared with data pulled from a mysql database. It seems to have a problem comparing the password values. I have tried everything that I can think of, yet it has all failed. Any noticable problems?

Login.php, user entered information is posted here.
<?

    require("config.php");
    require("include.php");
    import_request_variables("p", "pv_");

    $pv_pwd = md5($pv_pwd);
    
    $con = mysql_connect($mysql_server, $mysql_user, $mysql_pass);
    $sdb = mysql_select_db($mysql_db, $con);
    $query = "SELECT username, password FROM users WHERE username='" . $pv_uid . "' AND password='" . $pv_pwd . "'";
    //echo "<br><br>" . $query;
    $qu = mysql_query($query, $con);

    $row = mysql_fetch_assoc($qu);
        $uid = $row['username'];
        $pwd = $row['password'];
        
    if(stringcomp(($uid, $pv_uid, 0) == 1) && (stringcomp($pwd, $pv_pwd, 1) == 1))
        echo "Login Success.";
    else
    {
        echo "Login Failed.";
        // Next 2 lines for debugging purposes.
        echo "<br>$pv_uid == $uid<br>" . stringcomp($uid, $pv_uid) . "<br>";
        echo "<br>$pv_pwd == $pwd<br>" . stringcomp($pwd, $pv_pwd) . "<br>";
    }

    mysql_close($con);
    
?>

include.php, where the stringcomp function is located.
<?php

    //Returns:  0 if both strings are not identical
    //          1 if both strings are identical.
    function stringcomp($string1, $string2, $toup)
    {
        $false = 0;
        $ct = 0;

        if($toup == 1)
        {
            $string1 = strtoupper($string1);
            $string2 = strtoupper($string2);
        }

        if(strlen($string1) <> strlen($string2))
            return 0;

        while($ct < strlen($string1))
        {
            if(ord(substr($string1, $ct, 1)) !== ord(substr($string2, $ct, 1)))
                $false++;

            $ct++;

            if($false <> 0)
                return 0;
            else
                return 1;
        }
    }
?>

Any help would be greatly appreciated. Thanks

#2 Kris

Kris
  • Staff Alumni
  • Advanced Member
  • 2,755 posts
  • LocationThe Internet

Posted 24 May 2006 - 02:12 PM

Try this:
<?php
function stringcomp($string1, $string2, $toup) {
    $false = 0;
    $ct = 0;

    if($toup == 1) {
        $string1 = strtoupper($string1);
        $string2 = strtoupper($string2);
    }

    if(strlen($string1) <> strlen($string2))
        return 0;

    while($ct < strlen($string1)) {
        if(ord(substr($string1, $ct, 1)) !== ord(substr($string2, $ct, 1)))
            $false++;
        $ct++;
    }
    if($false <> 0)
        return 0;
    else
        return 1;
}
?>
I moved the closing bracket on your while.

I don't understand why you have gone to so much trouble though, surely this would do the same thing...
<?php
function stringcomp($string1, $string2, $toup) {
    if($toup == 1) {
        $string1 = strtoupper($string1);
        $string2 = strtoupper($string2);
    }

    if($string1 !== $string2)
        return 0;
    else
        return 1;
}
?>


#3 samshel

samshel
  • Members
  • PipPipPip
  • Advanced Member
  • 837 posts

Posted 24 May 2006 - 02:24 PM

$query = "SELECT username, password FROM users WHERE username='" . $pv_uid . "' AND password='" . $pv_pwd . "'";

This query will return you records where the username and password matches...here itself you are validating the login...why are you comparing them again ? (Please excuse me if i am getting you wrong)...but what i think is if you get a record in the result of this query...that means username and password are correct....you can directly say "Login Succesfull";...


I might be wrong...in that case...please ignore...
Cheers,
SamShel
-----------------------------------------------
--: FUTURE IS LINUX :--
-----------------------------------------------

#4 Kris

Kris
  • Staff Alumni
  • Advanced Member
  • 2,755 posts
  • LocationThe Internet

Posted 24 May 2006 - 03:03 PM

samshel makes a valid point, I didn't bother reading the rest of your code, I just jumped to the bit you was having a problem with. But yes, what is the reasoning behind re-validating?

#5 bocochoco

bocochoco
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 24 May 2006 - 08:07 PM

Now that I think about it... I don't know why. Well that makes it easier. Though I'm still curious about why it doesn't want to tell me that the two identical md5 hashes are the same.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users