File authentication

[Anonymous]

Hi, I'm a script that authenticates users against a file. Whe you register a user, the script adds the "usernameassword\n" to the file (note. password is md5 encrpted). This is an extract from the password file:

john:527bd5b5d689e2c32ae974c6229ff785
nick:e10adc3949ba59abbe56e057f20f883e

For some reason, when someone logs in, it allways sais the username/password is incorect. Heres the part of the code that authenticates the user:

function check_pass($login, $password) {
	global $password_file;
	if(!$fh = fopen($password_file, "r")) { die("<P>Could Not Open Password File"); }
	$match = 0;
	$password = md5($password);
	while(!feof($fh)) {
		$line = fgets($fh, 4096);
		$user_pass = explode(":", $line);
		if($user_pass[0] == $login) {
			if(rtrim($user_pass[1]) == $password) {
				$match = 1;
				break;
			}
		}
	} 
	if($match) {
		return 1;
	} else {
		return 0;
	}
	fclose($fh);
}

and then:

 if(isset($checkpass))
 {
   if(check_pass($login, $password)) 
   {
     print("Thank you for logging in");
     $valid = 1; 
     print("<p><a href = test.php>Whatever</a>");    
   } else
   {
     print("Username/password not correct, please try again<p>");
     $valid = 0;
     print_login_form();
   }
 }

Any ideas why it doesnt work?

 

[Anonymous]

I'm not sure, the code looks ok to me. Perhaps you are reading in a white space or some other character after the password in the file? In the example, there is a white space after the passwords, so it might be reading in that space and not matching exactly. try using the TRIM() function on both md5 passwords before your comparison.

Also, I dont' think it reads in the end of line character, but it might be something else to watch for.

***
sorry, looks like you already are trimming the password. Not sure what it is then. :]

 

[Anonymous]

Is register_globals turned off on your server. That might be the problem.