Re: [PHP] md5() with rand() || Strange results, need help....

2004-05-14 Thread CF High 
It doesn't appear to be cookie settings either, nor auto-fill in.

I do not have auto-complete running; when I log in under an affected users
account, the stored md5($plain_password) does not match the submitted
md5($plain_password).

Could it be perhaps that md5() works differently with integers vs. a text
string?

God knows at this point,

--Noah

"Travis Low" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Besides checking the browser cookie settings, have one of the affected
users
> turn off the auto-fill form feature, then tell the browser to forget all
saved
> form information.  Let us know what happens.
>
> cheers,
>
> Travis
>
> CF High wrote:
> > Re: the browser track, it looks like all adversely affected users; i.e.
> > those who can no longer log in, have a browser of I.E. 6.0.
> >
> > I know that in many cases I.E. 6.0 has session and cookie vars disabled
by
> > default.
> >
> > Is it possible, a long, long shot, that rand() behaves differently in
I.E.
> > 6.0 -- I know PHP is server side, but I'm looking for any clues
> >
> > --Noah
> >
> >
> > "John W. Holmes" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> >
> >>CF High wrote:
> >>
> >>
> >>>If anyone has any clues as to what might be happening; i.e. why the
> >
> > md5'd
> >
> >>>submitted plain text password does not match the stored md5'd password,
> >>>please, please let me know.
> >>
> >>md5() results in a 32 character string. What kind of field are you
> >>storing it in?
> >>
> >>--
> >>---John Holmes...
> >>
> >>Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
> >>
> >>php|architect: The Magazine for PHP Professionals – www.phparch.com
> >
> >
>
> --
> Travis Low
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

2004-05-13 Thread Travis Low 
Besides checking the browser cookie settings, have one of the affected users 
turn off the auto-fill form feature, then tell the browser to forget all saved 
form information.  Let us know what happens.

cheers,

Travis

CF High wrote:
Re: the browser track, it looks like all adversely affected users; i.e.
those who can no longer log in, have a browser of I.E. 6.0.
I know that in many cases I.E. 6.0 has session and cookie vars disabled by
default.
Is it possible, a long, long shot, that rand() behaves differently in I.E.
6.0 -- I know PHP is server side, but I'm looking for any clues
--Noah

"John W. Holmes" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
CF High wrote:


If anyone has any clues as to what might be happening; i.e. why the
md5'd

submitted plain text password does not match the stored md5'd password,
please, please let me know.
md5() results in a 32 character string. What kind of field are you
storing it in?
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com


--
Travis Low


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

2004-05-13 Thread CF High 
Re: the browser track, it looks like all adversely affected users; i.e.
those who can no longer log in, have a browser of I.E. 6.0.

I know that in many cases I.E. 6.0 has session and cookie vars disabled by
default.

Is it possible, a long, long shot, that rand() behaves differently in I.E.
6.0 -- I know PHP is server side, but I'm looking for any clues

--Noah


"John W. Holmes" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> CF High wrote:
>
> > If anyone has any clues as to what might be happening; i.e. why the
md5'd
> > submitted plain text password does not match the stored md5'd password,
> > please, please let me know.
>
> md5() results in a 32 character string. What kind of field are you
> storing it in?
>
> --
> ---John Holmes...
>
> Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
>
> php|architect: The Magazine for PHP Professionals – www.phparch.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

2004-05-13 Thread CF High 
password field is char (32)

Strange that the usernames are all properly set to the submitted email
address, but the password is not properly updated.

Correct me if I'm wrong here, but

$plain_pass = rand(); /* plain pass should be a random # */
md5($plain_pass); /* plain pass is a random # here and not another call to
rand() */

I went ahead and created a test user account for myself -- no problem at
all.  Received the login email, and logged in fine with the generated test
user username & password.

Perhaps it's a browser issue -- I am completely clueless at this point &
these hockey fanatics are filling up my admin inbox.

--Noah


"John W. Holmes" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> CF High wrote:
>
> > If anyone has any clues as to what might be happening; i.e. why the
md5'd
> > submitted plain text password does not match the stored md5'd password,
> > please, please let me know.
>
> md5() results in a 32 character string. What kind of field are you
> storing it in?
>
> --
> ---John Holmes...
>
> Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
>
> php|architect: The Magazine for PHP Professionals – www.phparch.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

2004-05-13 Thread John W. Holmes 
CF High wrote:

If anyone has any clues as to what might be happening; i.e. why the md5'd
submitted plain text password does not match the stored md5'd password,
please, please let me know.
md5() results in a 32 character string. What kind of field are you 
storing it in?

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

2004-05-13 Thread CF High 
Their receiving the $plain_pass

$plain_pass is md5'd on login submit, so we should get md5($plain_pass ) =
db stored md5'd($plain_pass ).

Makes no sense at all.

Got a couple hundred emails in my inbox from users not able to login -- I'm
basically screwed ;--(

--Noah



"Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> * Thus wrote CF High ([EMAIL PROTECTED]):
> >
> > $username = strip_illegals($_POST['email']);
> > $plain_pass = rand();
> > $password = md5($plain_pass);
> >
> > I then insert their login info into our member's table.
> >
> > Unexpectedly, when users attempt to login no matching record is found.
>
> Are you sending them the $plain_pass or $password?
>
> > Their login submits two post fields (username & password):
> >
> > $username = trim(strtolower($_POST['username']));
> > $password = trim(strtolower($_POST['password'));
> > $password = md5($password);
> >
> > The username matches, but the password does not -- I've echoed the md5'd
> > submitted password & maddenlingly, it doesn't match.
>
> Other wise I'm reading this to say your system is evaluating
>
>   md5('foo') != md5('foo')
>
> as being true.
>
>
> Curt
> --
> "I used to think I was indecisive, but now I'm not so sure."

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] md5() with rand() || Strange results, need help....

2004-05-13 Thread Curt Zirzow 
* Thus wrote CF High ([EMAIL PROTECTED]):
> 
> $username = strip_illegals($_POST['email']);
> $plain_pass = rand();
> $password = md5($plain_pass);
> 
> I then insert their login info into our member's table.
> 
> Unexpectedly, when users attempt to login no matching record is found.

Are you sending them the $plain_pass or $password?

> Their login submits two post fields (username & password):
> 
> $username = trim(strtolower($_POST['username']));
> $password = trim(strtolower($_POST['password'));
> $password = md5($password);
> 
> The username matches, but the password does not -- I've echoed the md5'd
> submitted password & maddenlingly, it doesn't match.

Other wise I'm reading this to say your system is evaluating

  md5('foo') != md5('foo')

as being true.


Curt
-- 
"I used to think I was indecisive, but now I'm not so sure."

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php