 |
 |
 |
 |
|
|
Date: 11/30/00
- Next message: Krzysztof Sierota: "Re: [phplib] performance"
- Previous message: Tim Evans: "[phplib] Startup Question: Test Page doesn't Increment Counters"
- In reply to: Christopher Vrooman: "[phplib] 'Un'expected response using crclogin w/ MD5.js"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Whoops! found the problem... I just had to compare the code more carefully. I
don't know if this counts as a bug, but to receive the $response I needed, I
made the following changes to local.inc:
starting at line 212:
++ $pass_md5 = md5($pass);
+- $exspected_response = md5("$username:$pass_md5:$challenge");
## True when JS is disabled
if ($response == "") {
+- if (md5($password) != $pass_md5) {
Since the crcloginform.ihtml is creating a MD5 encrypted password via
javascript that is then MD5 encrypted again along with the username and
challenge value, the local.inc's auth_validatelogin() function also has to
duplicate the same calculation steps in order to be able to compare values
correctly.
Or am I just blowing smoke? ;-)
Christopher
(p.s. sorry about the double post yesterday)
Mensaje citado por: Christopher Vrooman <cvrooman <email protected>>:
> Hello,
> I've been using the Default_Auth without problems and now I wanted to
>
> implement the Example_Challenge_Crypt_Auth using MD5.
>
> I'm using PHPLIB-7.2c and IE5 (w/ javascript enabled).
> I'm using the standard crcloginform.ihtml and I created a class based
> on
> Example_Challenge_Crypt_Auth.
> I think I've traced the problem down to the fact that
> the '$exspected_response' never equals the '$response' so in:
>
> if ($exspected_response != $response) {
> return false;
> } else {
> $this->auth["perm"] = $perm;
> return $uid;
> }
>
> all I ever get is a false result and so it never validates.
> When I commented out the check of:
>
> if ($exspected_response != $response) { ... etc
>
> and returned the $uid, things 'worked' fine.
>
> What gets me is that when I echo the results from the db query:
>
> while($this->db->next_record()) {
> $uid = $this->db->f("user_id");
> $perm = $this->db->f("perms");
> $pass = $this->db->f("password"); ## Password is stored as a
> md5 hash
> }
> $exspected_response = md5("$username:$pass:$challenge");
>
> echo "username: $username, uid: $uid, perms: $perm, password:
> $pass,
> expected_response: $exspected_response, response:$response<br>\n";
>
> I'm getting all of the info.
>
> It's as if the MD5 is broken and returning a bogus value.
>
> Any ideas?
>
> Thanks,
> Christopher D. Vrooman
> www.politicaenlinea.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Krzysztof Sierota: "Re: [phplib] performance"
- Previous message: Tim Evans: "[phplib] Startup Question: Test Page doesn't Increment Counters"
- In reply to: Christopher Vrooman: "[phplib] 'Un'expected response using crclogin w/ MD5.js"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]