On Friday 25 February 2005 08:36, Erbacher Karl wrote: > Thanks for your input, but I've played around with it and now it's > uglier than ever. I'm very new to PHP, so I'm not sure what I'm > missing here. I've done a few things to try to pinpoint the problem, > but now I'm even more confused. Can you please look over what I've > done and let me know if you see any mistakes or if you think there > might be another problem? > > First, I created a test page where I hashed the values "password1", > "password2" and "password3" and echoed both the value and the hashed > value back.For example: > $val1 = "password1"; > $hashVal1= bin2hex(mhash(MHASH_SHA1, $val1)); > echo "$val1 <br> $hashVal1 <br>"; > The output was fine (always consistent): > password1 > e38ad214943daad1d64c102faec29de4afe9da3d > password2 > 2aa60a8ff7fcd473d321e0146afd9e26df395147 > password3 > 1119cfd37ee247357e034a08d844eea25f6fd20f > I saved the hashed values in the MySQL database so I could try to use > them to log on. Then, I modified the login form and the page that > processes the data to see if the problem was there. I included a > message to see what values were being sent back to me. > loginform.php: > if (isset($message)) > echo "<b>$message</b>"; > //create form > <input type='password' name='passUnhash'> > $fpass=bin2hex(mhash(MHASH_SHA1, $passUnhash)); You didn't read my reply to your original post on this same issue? When the form is first presented $passUnhash is empty, yet you're assigning it to $fpass. So first time round you're actually checking the hash for an empty password, second time round you're using the hash for password1 to check against username2, etc. [snip] > username2, password2, e38ad214943daad1d64c102faec29de4afe9da3d > (Second try) Notice that the hash looks suspiciously like 'password1'. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
