md5 password question

[CincoPistolero]

I went into phpmyadmin and did an

update users set password=md5("12345") where userName=joe

 

when I try to do some error catching on my login page with the below.

 

// check passwords match

$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);

if ($_POST['passwd'] != $info['password']) {
	die('Incorrect password, please try again. <a href="../login/">Back to Login</a>');

 

it gives me a incorrect password. If I take the md5 out of the above, it logs me in. I'd like to keep this encryption when I create users and when I check passwords.

 

Any ideas why this fails.

[HaLo2FrEeEk]

Try this:

 

// check passwords match
$passwd = $_POST['passwd'];
$password = $info['password'];
$passwd = stripslashes($passwd);
$password = stripslashes($password);
$passwd = md5($passwd);

if ($passwd != $password) {
	die('Incorrect password, please try again. <a href="../login/">Back to Login</a>');

 

You can't set a POST variable as a normal variable, it can only be set in a form.  You need to set the post value to a normal variable then modify that variable.

[PHP_PhREEEk]

C'mon now... some of you guys have been around long enough to at least TRY to figure this stuff out for yourselves! Is this site making people lazy...??

 

Echo out the POSTed password.

Echo out the POSTed password MD5'd

Echo out the MD5'd database password

 

See if that gives you a few more clues to work with...

 

PhREEEk

[PHP_PhREEEk]

OH well.. was trying to get him to figure this out for himself...

 

Give a man a fish... feed him once.

 

PhREEEk

[HaLo2FrEeEk]

Mah, I'm bored, and some people just don't understand, I didn't when I started out.  It happens and at least Itold him what he was doing wrong so next time he knew.

[PHP_PhREEEk]

@Halo2

 

No worries mate... 

 

Just some of these guys post question after question after question, and a lot of times the answer could very easily be found. I think it's the level of question that's revealing. They just post "this doesn't work" and don't offer -anything- that they have tried so far to help themselves. It just starts to look like they're not very serious about learning, they just want the answer.

 

: shrug : I guess I'm oldskool, and consider troubleshooting part of being a coder. I could never ask a question until I had exhausted myself trying various echo's and var_dumps. One thing I know for sure, troubleshooting has taught me things that had NOTHING to do with my problem, and I eventually ran into a situation where that payed off with "oh wait! I remember seeing that somewhere..."

 

But I guess just getting the answer every time is easier, so why not...

 

PhREEEk

[HaLo2FrEeEk]

Hey, I agree, troubleshooting is the way to go.  You learn things that help you later, and you figure out the problem out on your own.  I do the same exact thing as you, I won't ask a question until I absolutely have to, until I've echoed every other line to see where my problem is and I can't find it.  I'll comb the code and see if i made a spelling error or something, and when I really need help, then I ask so I understand, but everyone starts somewhere, you can't troubleshoot if you don't know anything to try, you know.  Anyways, he got his answer.