Hi everyone!
I have my password stored (in ecrypted form) in a textfile. The authentication goes fine and all, but when putting in the sessions to the file, the password seems to be encrypted twice and I don't get authoized when going to level 2 in the admin-pages.
I tested the sessions-part of the script seperatly and it works fine as long as the password isn't encrypted... How can I fix this? Is there a way maybe to check if the password is already encrypted (I use md5) ?
My code is this basicly (shortened):
// at the top of the file I have
session_start();
.
.
.
// further down...
$fileauth = fopen("auth.txt", "r");
$fp = fread($fileauth, 4096);
fclose($fileauth);
$auth = explode(":", $fp);
$cuname = $auth[0];
$cpword = $auth[1];
// Gets the auth-vars from a flatfile.
// $cpword = correct pass in encrypted form
.
.
.
// $pword is the password entered by the user
// if $uname or $pword is set, check for
//authorization else it prints out the login form
.
.
.
if(($uname == $cuname) && (md5($pword) == $cpword)) {
session_register("uname","pword","user");
$sid = session_id();
//admin-pages
.
.
.
} else {
//not authorized
}
// and the script continues
You see, when I log in the vars are fetched from the form... Then when I go to another level of the admin-pages or just refresh the page (setting the session-vars in action) I'm not authorized anymore... I printed out the $pword-var from the session and it seems as it is encrypted twice.
What should I do?
Thanks
Vasse
