2009/1/27 Robert Paulsen <robert@xxxxxxxxxxxxxxxxx> > On Tuesday 27 January 2009 12:16 pm, Daniel Brown wrote: > > On Tue, Jan 27, 2009 at 13:12, Robert Paulsen <robert@xxxxxxxxxxxxxxxxx> > wrote: > > > When I run the app I find that $_REQUEST is almost empty. it contains > > > PHPSESSID but none of the data submitted through an html form. > > > > Bring on the code, Rob. > > > Daniel, > > It is pretty much resolved. Thanks for the advice -- it was in trying to > strip > down my code for posting here that I figured out the following. > > The immediate problem was that the code issued a "header" command to > reawaken > my web page and that is *supposed* to wipe out all my form data. The real > problem to do with hashed md5 data I am keeping in the database (passwords) > that are not matching what gets input on the form. Looking at $_REQUEST was > a > red herring that sent me astray. > > In the code below, pg_num_rows came back with zero, saying the hashed > password > didn't match. And I could see by doing a manual query that they indeed > didn't > match. When I use php5 to asssign a new password, the above code correctly > matched the newly hashed password. In other words it appears that md5 > hashing > doesn't agree between php4 and php5, but I am not in the mood for > transferring data back and forth between the two systems to prove a point > now > that it is working for me (with no code change). > > Here is the code in question, in case you spot anything wrong with it. > ============================================== > > $passwd=htmlentities($passwd,ENT_QUOTES); > $query="SELECT md5('$passwd') as hashed"; > $result=issue_query($query); > $row=pg_fetch_assoc($result); > $hashed=$row['hashed']; > > $query="SELECT * from auth > WHERE userid='$userid' > AND passwd='$hashed'"; > $result=issue_query($query); > if (pg_num_rows($result)==0) { > $_SESSION['status']='bad'; > header("location: $PHP_SELF"); > exit ; > } > =========================================== > why don't you just use phps md5() function ? you might mess up something in that process of hashing that you use and you create another, probably useless trip to the db. > > Bob > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Alpar Torok