Re: Empty $_REQUEST

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Robert Paulsen wrote:
> On Tuesday 27 January 2009 12:16 pm, Daniel Brown wrote:
>> On Tue, Jan 27, 2009 at 13:12, Robert Paulsen <robert@xxxxxxxxxxxxxxxxx> 
> wrote:
>>> When I run the app I find that $_REQUEST is almost empty. it contains
>>> PHPSESSID but none of the data submitted through an html form.
>>     Bring on the code, Rob.
> 
> 
> Daniel,
> 
> It is pretty much resolved. Thanks for the advice -- it was in trying to strip 
> down my code for posting here that I figured out the following.
> 
> The immediate problem was that the code issued a "header" command to reawaken 
> my web page and that is *supposed* to wipe out all my form data. The real 
> problem to do with hashed md5 data I am keeping in the database (passwords) 
> that are not matching what gets input on the form. Looking at $_REQUEST was a 
> red herring that sent me astray.
> 
> In the code below, pg_num_rows came back with zero, saying the hashed password 
> didn't match. And I could see by doing a manual query that they indeed didn't 
> match. When I use php5 to asssign a new password, the above code correctly 
> matched the newly hashed password. In other words it appears that md5 hashing 
> doesn't agree between php4 and php5, but I am not in the mood for 
> transferring data back and forth between the two systems to prove a point now 
> that it is working for me (with no code change).
> 
> Here is the code in question, in case you spot anything wrong with it.
> ==============================================
> 
>         $passwd=htmlentities($passwd,ENT_QUOTES);



>         $query="SELECT md5('$passwd') as hashed";
>         $result=issue_query($query);
>         $row=pg_fetch_assoc($result);
>         $hashed=$row['hashed'];
> 

Move the previous code into the following code.


>         $query="SELECT * from auth
>                 WHERE userid='$userid'
>                 AND passwd='$hashed'";

Change that last line to this:

AND passwd=md5('{$passwd}')";


>         $result=issue_query($query);
>         if (pg_num_rows($result)==0) {
>                 $_SESSION['status']='bad';
>                 header("location: $PHP_SELF");
>                 exit ;
>         }
> ===========================================
> 
> Bob
> 
> 


-- 
Jim Lucas

   "Some men are born to greatness, some achieve greatness,
       and some have greatness thrust upon them."

Twelfth Night, Act II, Scene V
    by William Shakespeare

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux