Re: [PHP] Empty $_REQUEST

Tue, 27 Jan 2009 12:14:23 -0800 

2009/1/27 Robert Paulsen <rob...@paulsenonline.net>

> On Tuesday 27 January 2009 12:16 pm, Daniel Brown wrote:
> > On Tue, Jan 27, 2009 at 13:12, Robert Paulsen <rob...@paulsenonline.net>
> wrote:
> > > When I run the app I find that $_REQUEST is almost empty. it contains
> > > PHPSESSID but none of the data submitted through an html form.
> >
> >     Bring on the code, Rob.
>
>
> Daniel,
>
> It is pretty much resolved. Thanks for the advice -- it was in trying to
> strip
> down my code for posting here that I figured out the following.
>
> The immediate problem was that the code issued a "header" command to
> reawaken
> my web page and that is *supposed* to wipe out all my form data. The real
> problem to do with hashed md5 data I am keeping in the database (passwords)
> that are not matching what gets input on the form. Looking at $_REQUEST was
> a
> red herring that sent me astray.
>
> In the code below, pg_num_rows came back with zero, saying the hashed
> password
> didn't match. And I could see by doing a manual query that they indeed
> didn't
> match. When I use php5 to asssign a new password, the above code correctly
> matched the newly hashed password. In other words it appears that md5
> hashing
> doesn't agree between php4 and php5, but I am not in the mood for
> transferring data back and forth between the two systems to prove a point
> now
> that it is working for me (with no code change).
>
> Here is the code in question, in case you spot anything wrong with it.
> ==============================================
>
>        $passwd=htmlentities($passwd,ENT_QUOTES);
>        $query="SELECT md5('$passwd') as hashed";
>        $result=issue_query($query);
>        $row=pg_fetch_assoc($result);
>        $hashed=$row['hashed'];
>
>        $query="SELECT * from auth
>                WHERE userid='$userid'
>                AND passwd='$hashed'";
>        $result=issue_query($query);
>        if (pg_num_rows($result)==0) {
>                $_SESSION['status']='bad';
>                header("location: $PHP_SELF");
>                exit ;
>        }
> ===========================================
>
why don't you just use phps md5() function ? you might mess up something in
that process of hashing that  you use and  you create another, probably
useless trip to the db.


>
> Bob
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Alpar Torok

Reply via email to