Thanks for your input, but I've played around with it and now it's uglier
than ever. I'm very new to PHP, so I'm not sure what I'm missing here. I've
done a few things to try to pinpoint the problem, but now I'm even more
confused. Can you please look over what I've done and let me know if you
see any mistakes or if you think there might be another problem?
First, I created a test page where I hashed the values "password1",
"password2" and "password3" and echoed both the value and the hashed value
back.For example:
$val1 = "password1";
$hashVal1= bin2hex(mhash(MHASH_SHA1, $val1));
echo "$val1 <br> $hashVal1 <br>";
The output was fine (always consistent):
password1
e38ad214943daad1d64c102faec29de4afe9da3d
password2
2aa60a8ff7fcd473d321e0146afd9e26df395147
password3
1119cfd37ee247357e034a08d844eea25f6fd20f
I saved the hashed values in the MySQL database so I could try to use them
to log on. Then, I modified the login form and the page that processes the
data to see if the problem was there. I included a message to see what
values were being sent back to me.
loginform.php:
if (isset($message))
echo "<b>$message</b>";
//create form
<input type='password' name='passUnhash'>
$fpass=bin2hex(mhash(MHASH_SHA1, $passUnhash));
<input type='hidden' name='fpass' value='$fpass'>
checklogin.php:
$logname = $_POST['fusername'];
$pass = $_POST['fpass'];
$query2 = "SELECT pass FROM table
WHERE username='$logname' AND pass='$pass'";
$result2 = mysql_query($query2) or die ("Sorry. Could not connect to
database.");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) //password is correct
{
(go to user page)
}
else //password is not correct
{
$message= "The Login Name '$_POST[fusername]' exists but
you have not entered the correct password. Please try again.
<br> $logname, $passUnhash, $pass <br>";
include("loginform.php");
}
When I go to log on, I get the following back (depending on what I type in):
The Login Name 'username1' exists but you have not entered the correct
password. Please try again.
username1, password1, da39a3ee5e6b4b0d3255bfef95601890afd80709 (First try)
username2, password2, e38ad214943daad1d64c102faec29de4afe9da3d (Second try)
username3, password3, 2aa60a8ff7fcd473d321e0146afd9e26df395147 (Third try)
username1, password1, 1119cfd37ee247357e034a08d844eea25f6fd20f (Fourth try)
username2, password1, e38ad214943daad1d64c102faec29de4afe9da3d (Fifth try)
As you can see, the results are not consistent. Any ideas??
Thanks so much!
Cat
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
