Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

File authentication

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

File authentication

Postby nick_k » Sat Mar 29, 2003 8:36 am

Hi, I'm a script that authenticates users against a file. Whe you register a user, the script adds the "username:password\n" to the file (note. password is md5 encrpted). This is an extract from the password file:
Code: Select all
john:527bd5b5d689e2c32ae974c6229ff785
nick:e10adc3949ba59abbe56e057f20f883e


For some reason, when someone logs in, it allways sais the username/password is incorect. Heres the part of the code that authenticates the user:
Code: Select all
function check_pass($login, $password) {
   global $password_file;
   if(!$fh = fopen($password_file, "r")) { die("<P>Could Not Open Password File"); }
   $match = 0;
   $password = md5($password);
   while(!feof($fh)) {
      $line = fgets($fh, 4096);
      $user_pass = explode(":", $line);
      if($user_pass[0] == $login) {
         if(rtrim($user_pass[1]) == $password) {
            $match = 1;
            break;
         }
      }
   }
   if($match) {
      return 1;
   } else {
      return 0;
   }
   fclose($fh);
}

and then:
Code: Select all
 if(isset($checkpass))
 {
   if(check_pass($login, $password))
   {
     print("Thank you for logging in");
     $valid = 1;
     print("<p><a href = test.php>Whatever</a>");   
   } else
   {
     print("Username/password not correct, please try again<p>");
     $valid = 0;
     print_login_form();
   }
 }

Any ideas why it doesnt work?
nick_k
New php-forum User
New php-forum User
 
Posts: 34
Joined: Wed Dec 25, 2002 6:04 am
Location: The Netherlands

Postby Skeletor » Mon Mar 31, 2003 4:55 am

I'm not sure, the code looks ok to me. Perhaps you are reading in a white space or some other character after the password in the file? In the example, there is a white space after the passwords, so it might be reading in that space and not matching exactly. try using the TRIM() function on both md5 passwords before your comparison.

Also, I dont' think it reads in the end of line character, but it might be something else to watch for.

***
sorry, looks like you already are trimming the password. Not sure what it is then. :]
Skeletor
New php-forum User
New php-forum User
 
Posts: 147
Joined: Tue Nov 19, 2002 7:47 am
Location: US, Ohio

Postby Redcircle » Mon Mar 31, 2003 11:35 pm

Is register_globals turned off on your server. That might be the problem.
User avatar
Redcircle
Moderator
Moderator
 
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA


Return to PHP coding => General

Who is online

Users browsing this forum: Google [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron