Chris-M Posted April 18, 2014 Share Posted April 18, 2014 I have downloaded script 8.7 from the LU web site and installed it on my web site as part of working through the book. However, every time I enter the correct information it keeps telling me the email and password do not match. I can't find any errata details for this or any listings on the Forum. Any ideas? Link to comment Share on other sites More sharing options...
Larry Posted April 18, 2014 Share Posted April 18, 2014 I don't have the book or code in front of me, but generally in this situation, you'd start by printing out the query being executed and running it directly to see the result. You can also remove each of the conditionals to see if it's the email address that's not matching or the password. Link to comment Share on other sites More sharing options...
Chris-M Posted April 19, 2014 Author Share Posted April 19, 2014 Larry, Thanks, I broke down the conditionals: from: $q = "SELECT user_id FROM users WHERE (email='$e' AND pass=SHA1('$p') )"; to $q = "SELECT user_id FROM users WHERE (email='$e')"; and/ $q = "SELECT user_id FROM users WHERE (pass=SHA1('$p') )"; in turn. The script worked if I used only the email one, but if I included the password one it didn't find a match. I added a line to print the password and coded password on the screen. For password m1 the encoded password is: fc23764ac5b792f40bb1a00c0e3284e45f3f49c0 - 40 characters, but this is nothing like the 20 character one I see in phpmyadmin: 32d332da761f44df7959 for the same password. I can't see why I get 40 characters when the max length is set to 20 - although the maxlength is set prior to coding, should it still apply after the SHA1 coding? This difference explains why the conditional fails - but I can't see how to resolve this. Link to comment Share on other sites More sharing options...
Larry Posted April 19, 2014 Share Posted April 19, 2014 Good work. SHA1() returns a string 40 characters long. It doesn't matter whether the input (the password) is 2 characters long or 20 or 200. So your database column needs to be CHAR(40). Link to comment Share on other sites More sharing options...
Chris-M Posted April 20, 2014 Author Share Posted April 20, 2014 Larry, Many thanks, all working now with CHAR(40). Although I note the encoded password returned by: echo '<p>new encoded password is: ' . SHA1('$np') .'.</p>';;on my script is different to that listed in phpmyadmin (after refreshing once script 8.7 tells me the password has been updated). Maybe that is a quirk of phpmyadmin! Link to comment Share on other sites More sharing options...
Recommended Posts