Verifying an md5 password against plain text?

#11
[eluser]jedd[/eluser]
Look - if it was very difficult to post lumps of code to the forums, then I wouldn't be sarcastic about people saying 'it doesn't work' and then not showing the lump of code that doesn't work.

Or if the problem was hugely complex and clearly involved the interactions between several dozen very long files - I could understand that too.

When it's a couple of modest (in scope) methods in one or two files, POST YOUR CODE! Teasing us with a 'doesn't appear to work' is likely to get the kind of response that most people will give you when you tease them.

#12
[eluser]clip[/eluser]
I think my last post was taken out of context... I am a big proponent of sarcasm.

Jedd as a matter of fact... I laughed out loud when I read your comment about line 27.

#13
[eluser]BrianDHall[/eluser]
[quote author="jedd" date="1257490709"]Look - if it was very difficult to post lumps of code to the forums, then I wouldn't be sarcastic about people saying 'it doesn't work' and then not showing the lump of code that doesn't work.

Or if the problem was hugely complex and clearly involved the interactions between several dozen very long files - I could understand that too.

When it's a couple of modest (in scope) methods in one or two files, POST YOUR CODE! Teasing us with a 'doesn't appear to work' is likely to get the kind of response that most people will give you when you tease them.[/quote]

Sorry, code is not very good at expression emotion accurately. I thought what you said was funny as hell - it was the specificity that really got me.

You tend to range towards the sarcastic, so I was trying to point out if you were even more sarcastic than normal then the inciter should just give it up, turn off your computer, and go spend the day outside. 'cause you obviously ain't gonna get no useful work done today, sucka.

Not sure why I have the urge to start with the street talk, but there you go.

#14
[eluser]jedd[/eluser]
The problem usually is on line 27 - that's the thing that no one believes. It's like the best song on a CD is (or was, the last time I checked my entire collection) usually track 6.

Now, fans, I quite understand that you didn't misunderstand. I was just explaining in case anyone else didn't (understand, appreciate, contextualise, etc).

I'm aware that I descend into the depths of sarcasm a touch too readily, and I'd say that I'm trying to cut down a little but for the fact that I'm a very honest person.

#15
[eluser]jedd[/eluser]
Cheese,

You can also streamline the logic a touch - and instead do something like this in your model:

Code:
SELECT
    *
FROM
    user
WHERE
    name = $name_from_form
AND
    password = md5($password_from_form)

By making the encrypted or hashed version of the password one of the criteria for selection, you never retrieve the user's details UNLESS they've entered the right credentials. It's the same performance as retrieving the row and then comparing the password field to your encrypted password - but seems to me to give less away to any ne'er-do-wells. It also reduces your code size slightly by amalgamating the 'wrong password' with 'user name not found' errors into one.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.