On Tuesday 27 January 2009 12:16 pm, Daniel Brown wrote:
> On Tue, Jan 27, 2009 at 13:12, Robert Paulsen <[email protected]>
wrote:
> > When I run the app I find that $_REQUEST is almost empty. it contains
> > PHPSESSID but none of the data submitted through an html form.
>
> Bring on the code, Rob.
Daniel,
It is pretty much resolved. Thanks for the advice -- it was in trying to strip
down my code for posting here that I figured out the following.
The immediate problem was that the code issued a "header" command to reawaken
my web page and that is *supposed* to wipe out all my form data. The real
problem to do with hashed md5 data I am keeping in the database (passwords)
that are not matching what gets input on the form. Looking at $_REQUEST was a
red herring that sent me astray.
In the code below, pg_num_rows came back with zero, saying the hashed password
didn't match. And I could see by doing a manual query that they indeed didn't
match. When I use php5 to asssign a new password, the above code correctly
matched the newly hashed password. In other words it appears that md5 hashing
doesn't agree between php4 and php5, but I am not in the mood for
transferring data back and forth between the two systems to prove a point now
that it is working for me (with no code change).
Here is the code in question, in case you spot anything wrong with it.
==============================================
$passwd=htmlentities($passwd,ENT_QUOTES);
$query="SELECT md5('$passwd') as hashed";
$result=issue_query($query);
$row=pg_fetch_assoc($result);
$hashed=$row['hashed'];
$query="SELECT * from auth
WHERE userid='$userid'
AND passwd='$hashed'";
$result=issue_query($query);
if (pg_num_rows($result)==0) {
$_SESSION['status']='bad';
header("location: $PHP_SELF");
exit ;
}
===========================================
Bob
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
