Checking POST against database result

[Joshua4550]

Hey,

 

I'm making a simple database-stored login system, but when i'm checking username/pass' of the $_POST and the database result, it seems to not work, but if I echo them both, theyre exactly the same...

 

$realpass = $array['adminpass'];
$realuser = $array['adminuser'];
if ($_POST['user'] == $realuser && md5(md5($_POST['pass']) . "rs-ps") == $realpass) {
      $_SESSION['adminuser'] = $realuser;
      $_SESSION['adminpass'] = $realpass;
      $_SESION['adminsite'] = $site;
      echo 'worked';
} else {
      echo 'failed';
}

 

This always says failed, although if i make it print $realuser, $realpass, and $_POST['user'] and $_POST['pass'], they match as they should!

 

What's wrong?!

 

Thanks alot guys!

[sKunKbad]

did you really mean to md5 twice?

[Joshua4550]

Yes, it encrypts the encrypted again using a salt, but more to the point - do you see my error? When I echo the $_POST, and the actual database results, both user and pass are both fine.

[sKunKbad]

if you echo

md5(md5($_POST['pass']) . "rs-ps")

 

and then you echo

$realpass

 

and they are the same, then no, i dont see your problem

[Joshua4550]

Yep - they exactly the ame when I echo them

 

post user: demo
post pass: 8f22fc9446281c6652288601a9e04870
db user: demo
db pass: 8f22fc9446281c6652288601a9e04870 

[Joshua4550]

Still need this fixing! Ty.

[kenrbnsn]

It's possible that there are some non-printable characters somewhere. Try echoing out the strlen() of each string and/or comparing the contents after using trim.

 

Ken

[Joshua4550]

Thanks for replying,

 

I checked the strlen before and after trimming, both $_POST and mysql result variables have the same lengths aswell, yet even after trimming it still says invalid

[DavidAM]

Try wrapping the separate tests in parenthesis:

if ( ($_POST['user'] == $realuser) && (md5(md5($_POST['pass']) . "rs-ps") == $realpass) ) {

 

[Joshua4550]

Thanks, but again - still no :S Still says failed.

[kenrbnsn]

I took your original code and tried it. It worked fine. Somewhere your variables aren't getting the values you think they are getting. Put in print_r() functions and check everything.

 

I'm wondering where the array "$array" is initialized, since you have

<?php
$realpass = $array['adminpass'];
$realuser = $array['adminuser'];
?>

but you don't show where it's set.

 

Ken

[Joshua4550]

Yeah, sorry - I put the code into a function - the function seems to not be returning what it should though?

 

function correctPostUser() {
    if ( ($_POST['user'] == $realuser) && (md5(md5($_POST['pass']) . "rs-ps") == $realpass) ) {
      $_SESSION['adminuser'] = $realuser;
      $_SESSION['adminpass'] = $realpass;
      $_SESION['adminsite'] = $site;
      return true;
    }
    return false;
}

 

Any reason why when I do:

if (correctPostUser()) { echo 'true';} else { echo 'false';}

It always returns false.

 

I use it like this because I do that in Java, sorry if this is retarded, lol.

 

Thanks again.

[kenrbnsn]

The variables $realuser & $realpass in the function are local to the function, so they are not set and the "if" statement fails. Pass them into the function.

 

Ken

[Joshua4550]

Damn, I feel so foolish now!

 

At least now I know to pass variables through to functions

Thanks alot!