mrtezmo Posted May 3, 2013 Report Share Posted May 3, 2013 I have been trying to solve this for hours and have ran out of ideas. i have two variables, db_pw holding the hashed value of password from the database and cp which holds the hashed (password plus salt) entered by the user. This is the if statement if ($db_pw != $cp) set alerts:Current password is incorrect! echo vars to check, load view etc else carry on this is the alert I get when the statement runs, i have echoed the two variables Current password is incorrect! database password value : 290662176e3fece19eba2b3c1a032ee3 form password value : 290662176e3fece19eba2b3c1a032ee3 what am i missing ? surely this should return false as the values are equal and hence drop to the else any help would be much appreciated thanks. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted May 4, 2013 Report Share Posted May 4, 2013 I think you'll need to post more of the code for us to be ale to help with this. Quote Link to comment Share on other sites More sharing options...
mrtezmo Posted May 4, 2013 Author Report Share Posted May 4, 2013 This morning I tried: if ('290662176e3fece19eba2b3c1a032ee3' != '290662176e3fece19eba2b3c1a032ee3') And this worked as expected. I did wonder if the problem was due to the single quotes, however removing them with the above example generates a blank page with an error, unlike when using the variables and then my own error is displayed as it should, NOT equal, when they are. Below is the page in question: if (isset($_POST['new_pass_submit'])) { // if any blank then send alert redirect if ($_POST['current_password'] == '' || $_POST['new_passw'] == '' || $_POST['new_passw2'] == '') { if ($_POST['current_password'] = ''){$Temp->set_data('error_current_pass', 'isrequired');} if ($_POST['new_passw'] == ''){$Temp->set_data('error_new_passw', 'isrequired');} if ($_POST['new_passw2'] == ''){$Temp->set_data('error_new_passw2', 'isrequired');} $Temp->set_alert('Please fill in all required fields', 'app_error'); // set data so any fields filled in are displayed, clean first! $Temp->set_data('log_current_pass', $_POST['current_password'], TRUE); $Temp->set_data('log_new_passw', $_POST['new_passw'], TRUE); $Temp->set_data('log_new_passw2', $_POST['new_passw2'], TRUE); // load view and exit $Temp->load('app/views/v_change_pass.php', 'Change Password'); exit(); } if ($_POST['current_password'] != '' || $_POST['new_passw'] != '' || $_POST['new_passw2'] != '') // check all fields are between 8 and 20 chars, if not set alert { /*// set data so any fields filled in are displayed, clean first! $Temp->set_data('log_current_pass', $_POST['current_password'], TRUE); $Temp->set_data('log_new_passw', $_POST['new_passw'], TRUE); $Temp->set_data('log_new_passw2', $_POST['new_passw2'], TRUE);*/ if (strlen($_POST['current_password']) < 8 || strlen($_POST['current_password']) > 20) { $Temp->set_data('error_current_pass', 'isrequired'); // set alert load view and exit $Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error'); $Temp->load('app/views/v_change_pass.php', 'Change Password'); exit(); } if (strlen($_POST['new_passw']) < 8 || strlen($_POST['new_passw']) > 20) { $Temp->set_data('error_new_passw', 'isrequired'); // set alert load view and exit $Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error'); $Temp->load('app/views/v_change_pass.php', 'Change Password'); exit(); } if (strlen($_POST['new_passw2']) < 8 || strlen($_POST['new_passw2']) > 20) { $Temp->set_data('error_new_passw2', 'isrequired'); // set alert load view and exit $Temp->set_alert( 'Your password must be between 8 and 20 characters long', 'app_error'); $Temp->load('app/views/v_change_pass.php', 'Change Password'); exit(); } } // if passwords dont match - (new and confirmed new) if ($_POST['new_passw'] !== $_POST['new_passw2']) { // set errors and alert $Temp->set_data('error_new_passw', 'isrequired'); $Temp->set_data('error_new_passw2', 'isrequired'); $Temp->set_alert('New Password fields do not match!', 'app_error'); // redirect back $Temp->load('app/views/v_change_pass.php', 'Change Password'); exit(); } else { // else everything ok so first check pass in db matches with current pass // so only user can change pass // i did start with a method in the if()which was passed the md5 of post current pass and the user id , /* function check_current_passw($id, $cp) { $dbp = $this->get_current_passw($id); if ($dbp != $cp) { do stuff; } } */ // this method used $Acc->get_current_pass() to get pass from database using the id // this is when problem started, I originally thought that method held the problem so I removed it and added whats below $cp = md5($_POST['current_password'].'1may2013'); //salt added directly - change later $db_cp = $Acc->get_current_passw($_SESSION['the_id']); if ($cp != $db_cp) { // error , passes dont match // set alert, error class, and redirect $Temp->set_data('error_current_pass', 'isrequired'); $Temp->set_alert('Current password is incorrect!<br/>'.$cp.'<br/>'.$db_cp.'', 'app_error'); $Temp->load('app/views/v_change_pass.php', 'Change Password'); } else // passwords match, change password { $Temp->set_data('clean_new_pass', md5($_POST['new_passw'].'1may2013'), TRUE); if($Acc->enter_new_pw($Temp->get_data('clean_new_pass',FALSE), $_SESSION['the_id'])) { //if value changed successfully alert redirect $Temp->set_alert('Password has been changed!'); // clear values //$Temp->set_data('clean_new_pass') = ''; $Temp->load('app/views/v_temp_success.php', 'Change Password'); } else { $Temp->set_data('error_current_pass', 'isrequired'); $Temp->set_alert('Could not update password! Please try later'); $Temp->load('app/views/v_change_pass.php', 'Change Password'); } } } } else { // form not submitted load form view $Temp->load('app/views/v_change_pass.php', 'Change Password'); } This could probably be done a lot better, however I am still learning and this is for a college assignment so please excuse me. 1 Quote Link to comment Share on other sites More sharing options...
mrtezmo Posted May 4, 2013 Author Report Share Posted May 4, 2013 For 8 Hours I was trying to solve this yesterday, been out all day with kids, got back and the first thing i tried worked ! Hoorah ! if ( md5($_POST['current_password'].$Acc->salt)!= $Acc->get_current_passw($_SESSION['the_id'])) The reason as to why it never worked when comparing the two vars that held exactly the same data is beyond me, but I would still like to know if anyone who reads this knows why. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.