[phplib] 'Un'expected response using crclogin w/ MD5.js From: Christopher Vrooman (cvrooman <email protected>)
Date: 11/29/00

Hello,
   I've been using the Default_Auth without problems and now I wanted to
implement the Example_Challenge_Crypt_Auth using MD5.

   I'm using PHPLIB-7.2c and IE5 (w/ javascript enabled).
   I'm using the standard crcloginform.ihtml and I created a class based on
Example_Challenge_Crypt_Auth.
   I think I've traced the problem down to the fact that
the '$exspected_response' never equals the '$response' so in:

    if ($exspected_response != $response) {
      return false;
    } else {
      $this->auth["perm"] = $perm;
      return $uid;
    }

  all I ever get is a false result and so it never validates.
When I commented out the check of:

    if ($exspected_response != $response) { ... etc

  and returned the $uid, things 'worked' fine.

  What gets me is that when I echo the results from the db query:

      while($this->db->next_record()) {
        $uid = $this->db->f("user_id");
        $perm = $this->db->f("perms");
        $pass = $this->db->f("password"); ## Password is stored as a md5 hash
      }
      $exspected_response = md5("$username:$pass:$challenge");

      echo "username: $username, uid: $uid, perms: $perm, password: $pass,
expected_response: $exspected_response, response:$response<br>\n";

  I'm getting all of the info.

  It's as if the MD5 is broken and returning a bogus value.

  Any ideas?

  Thanks,
     Christopher D. Vrooman
     www.politicaenlinea.com

 

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>