Jump to content

If Returns False Even Though True


mrtezmo

Recommended Posts

I have been trying to solve this for hours and have ran out of ideas.

i have two variables,

db_pw holding the hashed value of password from the database and cp which holds the hashed (password plus salt) entered by the user.

 

This is the if statement

 

if ($db_pw != $cp)

set alerts:Current password is incorrect! echo vars to check, load view etc

else

carry on

 

this is the alert I get when the statement runs, i have echoed the two variables

 

Current password is incorrect!

database password value : 290662176e3fece19eba2b3c1a032ee3

form password value : 290662176e3fece19eba2b3c1a032ee3

 

what am i missing ? surely this should return false as the values are equal and hence drop to the else

 

any help would be much appreciated thanks.

Link to comment
Share on other sites

This morning I tried:

if ('290662176e3fece19eba2b3c1a032ee3' != '290662176e3fece19eba2b3c1a032ee3')

And this worked as expected. I did wonder if the problem was due to the single quotes, however removing them with the above example generates a blank page with an error, unlike when using the variables and then my own error is displayed as it should, NOT equal, when they are.

Below is the page in question:

 

if (isset($_POST['new_pass_submit']))
{
// if any blank then send alert redirect
if ($_POST['current_password'] == '' || $_POST['new_passw'] == '' || $_POST['new_passw2'] == '')
{
	if ($_POST['current_password'] = ''){$Temp->set_data('error_current_pass', 'isrequired');}
	if ($_POST['new_passw'] == ''){$Temp->set_data('error_new_passw', 'isrequired');}
	if ($_POST['new_passw2'] == ''){$Temp->set_data('error_new_passw2', 'isrequired');}

	$Temp->set_alert('Please fill in all required fields', 'app_error');

	// set data so any fields filled in are displayed, clean first!
	$Temp->set_data('log_current_pass', $_POST['current_password'], TRUE);
	$Temp->set_data('log_new_passw', $_POST['new_passw'], TRUE);
	$Temp->set_data('log_new_passw2', $_POST['new_passw2'], TRUE);

	// load view and exit
	$Temp->load('app/views/v_change_pass.php', 'Change Password');
	exit();
}
if ($_POST['current_password'] != '' || $_POST['new_passw'] != '' || $_POST['new_passw2'] != '')
// check all fields are between 8 and 20 chars, if not set alert
{
	/*// set data so any fields filled in are displayed, clean first!
	$Temp->set_data('log_current_pass', $_POST['current_password'], TRUE);
	$Temp->set_data('log_new_passw', $_POST['new_passw'], TRUE);
	$Temp->set_data('log_new_passw2', $_POST['new_passw2'], TRUE);*/

	if (strlen($_POST['current_password']) < 8 || strlen($_POST['current_password']) > 20)
	{
	$Temp->set_data('error_current_pass', 'isrequired');
	// set alert load view and exit
	$Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error');
	$Temp->load('app/views/v_change_pass.php', 'Change Password');
	exit();
	}
	if (strlen($_POST['new_passw']) < 8 || strlen($_POST['new_passw']) > 20)
	{
	$Temp->set_data('error_new_passw', 'isrequired');
	// set alert load view and exit
	$Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error');
	$Temp->load('app/views/v_change_pass.php', 'Change Password');
	exit();
	}
	if (strlen($_POST['new_passw2']) < 8 || strlen($_POST['new_passw2']) > 20)
	{
	$Temp->set_data('error_new_passw2', 'isrequired');
	// set alert load view and exit
	$Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error');
	$Temp->load('app/views/v_change_pass.php', 'Change Password');
	exit();
	}
}
//  if passwords dont match - (new and confirmed new)
if ($_POST['new_passw'] !== $_POST['new_passw2'])
{
	// set errors and  alert
	$Temp->set_data('error_new_passw', 'isrequired');
	$Temp->set_data('error_new_passw2', 'isrequired');
	$Temp->set_alert('New Password fields do not match!', 'app_error');

	// redirect back
	$Temp->load('app/views/v_change_pass.php', 'Change Password');
	exit();
}
else
{
	//  else everything ok so first check pass in db matches with current pass
	//  so only user can change pass

               // i did start with a method in the if()which was passed the md5 of post current pass and the user id ,
               /*  function check_current_passw($id, $cp)
            {
	          $dbp = $this->get_current_passw($id);
	          if ($dbp != $cp)
	          {
		     do stuff;
	          }
            }
               */ 
               // this method used $Acc->get_current_pass() to get pass from database using the id
               // this is when problem started, I originally thought that method held the problem so I removed it and added whats below

	$cp = md5($_POST['current_password'].'1may2013');      //salt added directly - change later
	$db_cp = $Acc->get_current_passw($_SESSION['the_id']);

	if ($cp != $db_cp)
	{
			// error , passes dont match
			// set alert, error class, and redirect
			$Temp->set_data('error_current_pass', 'isrequired');
			$Temp->set_alert('Current password is incorrect!<br/>'.$cp.'<br/>'.$db_cp.'', 'app_error');
			$Temp->load('app/views/v_change_pass.php', 'Change Password');
	}
	else 
		// passwords match, change password
	{
		$Temp->set_data('clean_new_pass', md5($_POST['new_passw'].'1may2013'), TRUE);
		if($Acc->enter_new_pw($Temp->get_data('clean_new_pass',FALSE), $_SESSION['the_id']))
		{
			//if value changed successfully alert redirect
			$Temp->set_alert('Password has been changed!');
			// clear values
			//$Temp->set_data('clean_new_pass') = '';
			$Temp->load('app/views/v_temp_success.php', 'Change Password');
		}
		else
		{
			$Temp->set_data('error_current_pass', 'isrequired');
			$Temp->set_alert('Could not update password! Please try later');
			$Temp->load('app/views/v_change_pass.php', 'Change Password');
		}

	}
}
}
else
{
// form not submitted load form view
$Temp->load('app/views/v_change_pass.php', 'Change Password');
}

 

This could probably be done a lot better, however I am still learning and this is for a college assignment so please excuse me.

  • Upvote 1
Link to comment
Share on other sites

For 8 Hours I was trying to solve this yesterday, been out all day with kids, got back and the first thing i tried worked ! Hoorah :D !

 

if ( md5($_POST['current_password'].$Acc->salt)!= $Acc->get_current_passw($_SESSION['the_id']))

 

The reason as to why it never worked when comparing the two vars that held exactly the same data is beyond me, but I would still like to know if anyone who reads this knows why.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...