Erbacher Karl wrote: > Thanks for your input, but I've played around with it and now it's uglier > than ever. I'm very new to PHP, so I'm not sure what I'm missing here. > I've > done a few things to try to pinpoint the problem, but now I'm even more > confused. Can you please look over what I've done and let me know if you > see any mistakes or if you think there might be another problem? > > First, I created a test page where I hashed the values "password1", > "password2" and "password3" and echoed both the value and the hashed value > back.For example: > $val1 = "password1"; > $hashVal1= bin2hex(mhash(MHASH_SHA1, $val1)); > echo "$val1 <br> $hashVal1 <br>"; > The output was fine (always consistent): > password1 > e38ad214943daad1d64c102faec29de4afe9da3d > password2 > 2aa60a8ff7fcd473d321e0146afd9e26df395147 > password3 > 1119cfd37ee247357e034a08d844eea25f6fd20f > I saved the hashed values in the MySQL database so I could try to use them > to log on. Then, I modified the login form and the page that processes the > data to see if the problem was there. I included a message to see what > values were being sent back to me. > loginform.php: > if (isset($message)) > echo "<b>$message</b>"; > //create form > <input type='password' name='passUnhash'> > $fpass=bin2hex(mhash(MHASH_SHA1, $passUnhash)); > <input type='hidden' name='fpass' value='$fpass'> But you're storing, literally, '$fpass' here, *NOT* 'e38ad21...a3d' Use "View Source" in your browser to see what you've got in 'fpass' You need: <input type='hidden' name='fpass' value='<?php echo $fpass>'> TIP: ALWAYS use "View Source" when you are checking your "HIDDEN" input form values. > checklogin.php: > $logname = $_POST['fusername']; > $pass = $_POST['fpass']; > $query2 = "SELECT pass FROM table > WHERE username='$logname' AND pass='$pass'"; You can also see the problem here: echo $query, "<hr />\n"; TIP: Always echo out your queries during development, until you are sure they are 100% right all the time. Actually, leave the echo line in there, commented out. You'll need it again some day, guaranteed. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
