Jump to content
Larry Ullman's Book Forums

Recommended Posts

I have downloaded script 8.7 from the LU web site and installed it on my web site as part of working through the book.  However, every time I enter the correct information it keeps telling me the email and password do not match.

I can't find any errata details for this or any listings on the Forum.

Any ideas?

Share this post


Link to post
Share on other sites

I don't have the book or code in front of me, but generally in this situation, you'd start by printing out the query being executed and running it directly to see the result. You can also remove each of the conditionals to see if it's the email address that's not matching or the password. 

Share this post


Link to post
Share on other sites

Larry,

 

Thanks, I broke down the conditionals:

  
from: $q = "SELECT user_id FROM users WHERE (email='$e' AND pass=SHA1('$p') )";
    
to  $q = "SELECT user_id FROM users WHERE (email='$e')";
    
and/ $q = "SELECT user_id FROM users WHERE (pass=SHA1('$p') )";

 

in turn.  The script worked if I used only the email one, but if I included the password one it didn't find a match.

 

I added a line to print the password and coded password on the screen.  For password m1 the encoded password is: fc23764ac5b792f40bb1a00c0e3284e45f3f49c0 - 40 characters, but this is nothing like the 20 character one I see in phpmyadmin: 32d332da761f44df7959 for the same password.

 

I can't see why I get 40 characters when the max length is set to 20 - although the maxlength is set prior to coding, should it still apply after the SHA1 coding?

 

This difference explains why the conditional fails - but I can't see how to resolve this.

Share this post


Link to post
Share on other sites

Good work. SHA1() returns a string 40 characters long. It doesn't matter whether the input (the password) is 2 characters long or 20 or 200.

 

So your database column needs to be CHAR(40). 

Share this post


Link to post
Share on other sites

Larry,

 

Many thanks, all working now with CHAR(40).

 

Although I note the encoded password returned by:

 

echo '<p>new encoded password is: ' . SHA1('$np') .'.</p>';;

on my script is different to that listed in phpmyadmin (after refreshing once script 8.7 tells me the password has been updated).  Maybe that is a quirk of phpmyadmin!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...