Jump to content

Archived

This topic is now archived and is closed to further replies.

bocochoco

string comparison failing

Recommended Posts

Hey all, I'm new. I hope you don't hold that against me. I could really use some help. I have spent the last 3 hours trying to figure out what is wrong with my script. It is a simple login script, data entered by the user is compared with data pulled from a mysql database. It seems to have a problem comparing the password values. I have tried everything that I can think of, yet it has all failed. Any noticable problems?

Login.php, user entered information is posted here.
[code]<?

    require("config.php");
    require("include.php");
    import_request_variables("p", "pv_");

    $pv_pwd = md5($pv_pwd);
    
    $con = mysql_connect($mysql_server, $mysql_user, $mysql_pass);
    $sdb = mysql_select_db($mysql_db, $con);
    $query = "SELECT username, password FROM users WHERE username='" . $pv_uid . "' AND password='" . $pv_pwd . "'";
    //echo "<br><br>" . $query;
    $qu = mysql_query($query, $con);

    $row = mysql_fetch_assoc($qu);
        $uid = $row['username'];
        $pwd = $row['password'];
        
    if(stringcomp(($uid, $pv_uid, 0) == 1) && (stringcomp($pwd, $pv_pwd, 1) == 1))
        echo "Login Success.";
    else
    {
        echo "Login Failed.";
        // Next 2 lines for debugging purposes.
        echo "<br>$pv_uid == $uid<br>" . stringcomp($uid, $pv_uid) . "<br>";
        echo "<br>$pv_pwd == $pwd<br>" . stringcomp($pwd, $pv_pwd) . "<br>";
    }

    mysql_close($con);
    
?>[/code]

include.php, where the stringcomp function is located.
[code]<?php

    //Returns:  0 if both strings are not identical
    //          1 if both strings are identical.
    function stringcomp($string1, $string2, $toup)
    {
        $false = 0;
        $ct = 0;

        if($toup == 1)
        {
            $string1 = strtoupper($string1);
            $string2 = strtoupper($string2);
        }

        if(strlen($string1) <> strlen($string2))
            return 0;

        while($ct < strlen($string1))
        {
            if(ord(substr($string1, $ct, 1)) !== ord(substr($string2, $ct, 1)))
                $false++;

            $ct++;

            if($false <> 0)
                return 0;
            else
                return 1;
        }
    }
?>[/code]

Any help would be greatly appreciated. Thanks

Share this post


Link to post
Share on other sites
Try this:
[code]<?php
function stringcomp($string1, $string2, $toup) {
    $false = 0;
    $ct = 0;

    if($toup == 1) {
        $string1 = strtoupper($string1);
        $string2 = strtoupper($string2);
    }

    if(strlen($string1) <> strlen($string2))
        return 0;

    while($ct < strlen($string1)) {
        if(ord(substr($string1, $ct, 1)) !== ord(substr($string2, $ct, 1)))
            $false++;
        $ct++;
    }
    if($false <> 0)
        return 0;
    else
        return 1;
}
?>[/code]I moved the closing bracket on your while.

I don't understand why you have gone to so much trouble though, surely this would do the same thing...
[code]<?php
function stringcomp($string1, $string2, $toup) {
    if($toup == 1) {
        $string1 = strtoupper($string1);
        $string2 = strtoupper($string2);
    }

    if($string1 !== $string2)
        return 0;
    else
        return 1;
}
?>[/code]

Share this post


Link to post
Share on other sites
[code]
$query = "SELECT username, password FROM users WHERE username='" . $pv_uid . "' AND password='" . $pv_pwd . "'";
[/code]

This query will return you records where the username and password matches...here itself you are validating the login...why are you comparing them again ? (Please excuse me if i am getting you wrong)...but what i think is if you get a record in the result of this query...that means username and password are correct....you can directly say "Login Succesfull";...


I might be wrong...in that case...please ignore...

Share this post


Link to post
Share on other sites
samshel makes a valid point, I didn't bother reading the rest of your code, I just jumped to the bit you was having a problem with. But yes, what is the reasoning behind re-validating?

Share this post


Link to post
Share on other sites
Now that I think about it... I don't know why. Well that makes it easier. Though I'm still curious about why it doesn't want to tell me that the two identical md5 hashes are the same.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.