It doesn't appear to be cookie settings either, nor auto-fill in.
I do not have auto-complete running; when I log in under an affected users
account, the stored md5($plain_password) does not match the submitted
md5($plain_password).
Could it be perhaps that md5() works differently with integers
Hey all.
I'm running an online sport report that is member protected; i.e. users need
to login to gain site access.
When a new user signs up, I set their username to their email address
generate a temporary password for them using rand() md5():
$username = strip_illegals($_POST['email']);
* Thus wrote CF High ([EMAIL PROTECTED]):
$username = strip_illegals($_POST['email']);
$plain_pass = rand();
$password = md5($plain_pass);
I then insert their login info into our member's table.
Unexpectedly, when users attempt to login no matching record is found.
Are you sending them
Their receiving the $plain_pass
$plain_pass is md5'd on login submit, so we should get md5($plain_pass ) =
db stored md5'd($plain_pass ).
Makes no sense at all.
Got a couple hundred emails in my inbox from users not able to login -- I'm
basically screwed ;--(
--Noah
Curt Zirzow [EMAIL
CF High wrote:
If anyone has any clues as to what might be happening; i.e. why the md5'd
submitted plain text password does not match the stored md5'd password,
please, please let me know.
md5() results in a 32 character string. What kind of field are you
storing it in?
--
---John Holmes...
password field is char (32)
Strange that the usernames are all properly set to the submitted email
address, but the password is not properly updated.
Correct me if I'm wrong here, but
$plain_pass = rand(); /* plain pass should be a random # */
md5($plain_pass); /* plain pass is a random # here
Re: the browser track, it looks like all adversely affected users; i.e.
those who can no longer log in, have a browser of I.E. 6.0.
I know that in many cases I.E. 6.0 has session and cookie vars disabled by
default.
Is it possible, a long, long shot, that rand() behaves differently in I.E.
6.0
Besides checking the browser cookie settings, have one of the affected users
turn off the auto-fill form feature, then tell the browser to forget all saved
form information. Let us know what happens.
cheers,
Travis
CF High wrote:
Re: the browser track, it looks like all adversely affected
8 matches
Mail list logo
