homepage Welcome to WebmasterWorld Guest from 54.224.53.192
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Databases
Forum Library, Charter, Moderator: open

Databases Forum

    
SHA1 Valued changed to SHA1 value that equal NULL by database
SHA1,null,value changed automatically,MySQL,PHP,login,logout
eawade

5+ Year Member



 
Msg#: 4308755 posted 2:54 pm on May 6, 2011 (gmt 0)

Hello Guys,

I'm having the biggest headache over this issue. I have a system that I designed which uses a standard php login script to a MySQL database. The system has account registration etc. For the past 5 months I've tested multiple accounts and logged in with one primary account with absolutely no problem. However, about 4 days ago, something really strange started to happen. When I log in with USER A account, for example, and then I logout and then I log back in with USER B's account, at some point when I attempt to log back in with USER A's account the system is not able to verify the password. Note: I didn't nothing to change the password. So finally, after banging my head on the wall, I found that the password SHA1 value in the MySQL database was being changed to eef19c54306daa69eda49c0272623bdb5e2b341f. NOTE: This value is NULL. Sure enough, if I login using the password value NULL the system let's me in. Also, when I change the value back to the originally password, the system allows me to login with no problem - that is, until the next time it changes the value to NULL. This happens to each account if I log in and out on multiple occasions. It is strange because I am unable to determine what triggers it BUT, as I said, things were fine for the past 5 months. I have NEVER seen anything like this before and it makes NO sense to me. Please understand that this has never happened before and I am ONLY executing basic password verification queries.





Query:

$q = "SELECT user_id, dango_id FROM user WHERE (email='$e' AND password=SHA1('$p')) AND active IS NULL";
$r = mysqli_query ($dbc, $q) OR trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

$myrow = @mysqli_num_rows($r);

if($myrow == 1) {

// Register the VALUES
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);


}



`user` (
`user_id` BIGINT(12) NOT NULL AUTO_INCREMENT,
`dango_id` VARCHAR(20) NOT NULL,
`name` VARCHAR(20) NOT NULL,
`email` VARCHAR(75) NOT NULL,
`password` CHAR(40) NOT NULL,
`cate_id` INT(10) NOT NULL,
`acct_type` INT(1) NOT NULL,
`active` CHAR(32) DEFAULT NULL,
`registration_date` DATETIME NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=16 ;



Not sure WHY in the world MYSQL keeps changing the SHA1 value to NULL. This is driving me crazy. I apologize for the long explanation and would appreciate any helpful input. Thanks in advance guys.

Ethan-Anthony

 

eelixduppy

WebmasterWorld Senior Member eelixduppy us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4308755 posted 3:27 pm on May 6, 2011 (gmt 0)

I'd put money on it being a problem somewhere in your PHP scripts. Seems like somewhere you are updating that table incorrectly, or correctly just your php variable has not been initialized, therefore defaulting to the string NULL before it gets hashed and inserted into the database.

I'd start by first looking for any script that updates that specific table, especially with regard to the password column.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Databases
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved