Jump to content

string comparison failing

bocochoco

By bocochoco
in PHP Coding Help

 Share

Recommended Posts

bocochoco Newbie

bocochoco

Posted
Posted
Hey all, I'm new. I hope you don't hold that against me. I could really use some help. I have spent the last 3 hours trying to figure out what is wrong with my script. It is a simple login script, data entered by the user is compared with data pulled from a mysql database. It seems to have a problem comparing the password values. I have tried everything that I can think of, yet it has all failed. Any noticable problems?

Login.php, user entered information is posted here.
[code]<?

    require("config.php");
    require("include.php");
    import_request_variables("p", "pv_");

    $pv_pwd = md5($pv_pwd);
    
    $con = mysql_connect($mysql_server, $mysql_user, $mysql_pass);
    $sdb = mysql_select_db($mysql_db, $con);
    $query = "SELECT username, password FROM users WHERE username='" . $pv_uid . "' AND password='" . $pv_pwd . "'";
    //echo "<br><br>" . $query;
    $qu = mysql_query($query, $con);

    $row = mysql_fetch_assoc($qu);
        $uid = $row['username'];
        $pwd = $row['password'];
        
    if(stringcomp(($uid, $pv_uid, 0) == 1) && (stringcomp($pwd, $pv_pwd, 1) == 1))
        echo "Login Success.";
    else
    {
        echo "Login Failed.";
        // Next 2 lines for debugging purposes.
        echo "<br>$pv_uid == $uid<br>" . stringcomp($uid, $pv_uid) . "<br>";
        echo "<br>$pv_pwd == $pwd<br>" . stringcomp($pwd, $pv_pwd) . "<br>";
    }

    mysql_close($con);
    
?>[/code]

include.php, where the stringcomp function is located.
[code]<?php

    //Returns:  0 if both strings are not identical
    //          1 if both strings are identical.
    function stringcomp($string1, $string2, $toup)
    {
        $false = 0;
        $ct = 0;

        if($toup == 1)
        {
            $string1 = strtoupper($string1);
            $string2 = strtoupper($string2);
        }

        if(strlen($string1) <> strlen($string2))
            return 0;

        while($ct < strlen($string1))
        {
            if(ord(substr($string1, $ct, 1)) !== ord(substr($string2, $ct, 1)))
                $false++;

            $ct++;

            if($false <> 0)
                return 0;
            else
                return 1;
        }
    }
?>[/code]

Any help would be greatly appreciated. Thanks
Link to comment
Share on other sites
zq29 Advanced Member

zq29

Posted
Posted
Try this:
[code]<?php
function stringcomp($string1, $string2, $toup) {
    $false = 0;
    $ct = 0;

    if($toup == 1) {
        $string1 = strtoupper($string1);
        $string2 = strtoupper($string2);
    }

    if(strlen($string1) <> strlen($string2))
        return 0;

    while($ct < strlen($string1)) {
        if(ord(substr($string1, $ct, 1)) !== ord(substr($string2, $ct, 1)))
            $false++;
        $ct++;
    }
    if($false <> 0)
        return 0;
    else
        return 1;
}
?>[/code]I moved the closing bracket on your while.

I don't understand why you have gone to so much trouble though, surely this would do the same thing...
[code]<?php
function stringcomp($string1, $string2, $toup) {
    if($toup == 1) {
        $string1 = strtoupper($string1);
        $string2 = strtoupper($string2);
    }

    if($string1 !== $string2)
        return 0;
    else
        return 1;
}
?>[/code]
Link to comment
Share on other sites
samshel Member

samshel

Posted
Posted
[code]
$query = "SELECT username, password FROM users WHERE username='" . $pv_uid . "' AND password='" . $pv_pwd . "'";
[/code]

This query will return you records where the username and password matches...here itself you are validating the login...why are you comparing them again ? (Please excuse me if i am getting you wrong)...but what i think is if you get a record in the result of this query...that means username and password are correct....you can directly say "Login Succesfull";...


I might be wrong...in that case...please ignore...
Link to comment
Share on other sites
zq29 Advanced Member

zq29

Posted
Posted
samshel makes a valid point, I didn't bother reading the rest of your code, I just jumped to the bit you was having a problem with. But yes, what is the reasoning behind re-validating?
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.