File authentication

[nick_k]

Hi, I'm a script that authenticates users against a file. Whe you register a user, the script adds the "username:password\n" to the file (note. password is md5 encrpted). This is an extract from the password file:

Code: Select all

john:527bd5b5d689e2c32ae974c6229ff785
nick:e10adc3949ba59abbe56e057f20f883e

For some reason, when someone logs in, it allways sais the username/password is incorect. Heres the part of the code that authenticates the user:

Code: Select all

function check_pass($login, $password) {
   global $password_file;
   if(!$fh = fopen($password_file, "r")) { die("<P>Could Not Open Password File"); }
   $match = 0;
   $password = md5($password);
   while(!feof($fh)) {
      $line = fgets($fh, 4096);
      $user_pass = explode(":", $line);
      if($user_pass[0] == $login) {
         if(rtrim($user_pass[1]) == $password) {
            $match = 1;
            break;
         }
      }
   } 
   if($match) {
      return 1;
   } else {
      return 0;
   }
   fclose($fh);
}

and then:

Code: Select all

 if(isset($checkpass))
 {
   if(check_pass($login, $password)) 
   {
     print("Thank you for logging in");
     $valid = 1; 
     print("<p><a href = test.php>Whatever</a>");    
   } else
   {
     print("Username/password not correct, please try again<p>");
     $valid = 0;
     print_login_form();
   }
 }

Any ideas why it doesnt work?

[Skeletor]

I'm not sure, the code looks ok to me. Perhaps you are reading in a white space or some other character after the password in the file? In the example, there is a white space after the passwords, so it might be reading in that space and not matching exactly. try using the TRIM() function on both md5 passwords before your comparison.

Also, I dont' think it reads in the end of line character, but it might be something else to watch for.

***
sorry, looks like you already are trimming the password. Not sure what it is then. :]

[Redcircle]

Is register_globals turned off on your server. That might be the problem.