strcmp, md5 seemed like not working...

[bugzy]

I got this

 

dbHash: ea21fadd7366b3f94242
enrtyHash: 5380a7ced0e3f1a2b36b600b3a7f4e09
should be: 5380a7ced0e3f1a2b36b600b3a7f4e09

 

 

What seems to be wrong there?

 

As PFMaBiSmAd said in Reply #6, that hash from the database is TOO short. An MD5 hash is 32 characters and that DB hash is only 20. So you are never going to match it.

 

Second, there is a lot of stuff going on in that Registration Processing script that is screwing with the password.

 

1) Around line 27:

			$arVals[$key] = (get_magic_quotes_gpc())  ? $val : addslashes($val);	

This could modify the Password value. Since it will add slashes to "escape" certain characters. If you insist on keeping this code here, you need to use the exact same code in your login so that the password is modified in the same way.

 

2) Around line 35:

			if ($key != "access_period" && $key != "passwd")
			$arVals[$key] = "'".$arVals[$key]."'"; 

Since the password key is spelled incorrectly in the IF statement, this line is definitely changing the password value entered by the user before you run md5 on it (around line 100).

 

 

As a side note, not directly related to this problem. The manner in which you are using get_magic_quotes and addslashes "hinky" to me. Since you are using mysql, you should really be using mysql_real_escape_string instead of addslashes, anyway.

 

 

DavidAM.

 

 

Thank you very much!

 

The problem is indeed in the registration form and you're right! The problem is this line, the misspelled "passwd"

 

[code=php:0]			if ($key != "access_period" && $key != "passwd")
			$arVals[$key] = "'".$arVals[$key]."'"; 

[/code]

 

 

Good thing you've ask me to post it here because if not, I would have spend hours detecting the problem in the login page and login processing page. This is a god way to practicie me detecting the problem indeed.

 

I have tried it now and it's working now!

 

 

Again, thanks to those who help out here!