|
|
Posted by Ric on 12/13/06 12:45
Harris Kosmidhs schrieb:
> Ric wrote:
>> Harris Kosmidhs schrieb:
>>> Hello,
>>> I have installed a tracker php program called Bytemoonsoon
>>> (https://sourceforge.net/projects/bytemonsoon/). It' quite old but I
>>> started messing with it.
>>>
>>> When a user sign ups the a $secret is created which is stored in the db
>>> row of the user. An email is sent which says to go to a
>>> confirm.php/<users_id>/<md5($secret)>
>>>
>>> The confirm.php gets the md5 secret (from the URL) and checks it against
>>> the md5(<secret form the user row>) which should be identicall since the
>>> <secret> is the same. But it's not! the md5 is different.
>>>
>>> Both pages are in UTf8 and the database is utf8_general_ci. Before the
>>> select statements I do a mysql_query("set names utf8").
>>>
>>> Why do md5's are different? can somebody please help? thanks
>>
>> Well if I look in my glass bowl I can't see why:-)
>>
>> But if you add some debugging information you should be able to find out
>> your self.
>>
>> I would track the whole creation, sending and reading of the md5 to find
>> out where the md5 gets corrupted.
>>
>> for example you add an:
>>
>> error_log($mymd5);
>>
>> to your code, then visually compare the md5 here with the md5 you send
>> to the user, then compare with the one which is in db etc.
>
>
> Of course I do that. I print out everything but that's the point, they
> are different while the $secret is the same! My question is if this has
> something to do with the db being utf8.
> Just to mentioned the $secret is generated with:
> function mksecret($len = 20) {
> $ret = "";
> for ($i = 0; $i < $len; $i++)
> $ret .= chr(mt_rand(0, 255));
> return $ret;
> }
Secret the same? How do you check if the secret is the same?
The secret function will create some random output, which you can use to
create an md5 then store it in db give the md5 to the user via email and
finally check the submitted md5 against the md5 you stored in db.
encoding settings shouldn't matter at all.
You cannot use the secret to check anything, so I don't understand what
you actually do?
Post some of the code you use to generate the md5, and check against the
stored md5.
Navigation:
[Reply to this message]
|