Solved

comparing security question values

Posted on 2006-07-13
7
234 Views
Last Modified: 2011-08-18
on my login page i ask the member to enter there username,password and answer a simple security question.

but each time i keep getting the error page...


$numbers = array();
      
      $numbers[1] = 'one';
      $numbers[2] = 'two';
      $numbers[3] = 'three';
      $numbers[4] = 'four';
      $numbers[5] = 'five';
      
      $first = array_rand($numbers);
      $second = array_rand($numbers);
      
<form name="loginFrm" method="post" action="'.$_SERVER['PHP_SELF'].'" >
      <input type="hidden" value="'.time().'" name="currenttime">'."\n";
      <input type="hidden" value="'.md5($first+$second+time()).'" name="sum">'."\n";
      Username:<input type="text" name="username">
      Password:<input type="password" name="password">
Security Question:What is '.$numbers[$first].' plus '.$numbers[$second].'? <input type="text" name="answer" size="2" value="">
<input type="submit" value="Login">
</form>


$s_Username .= trim($_POST['username']);
$s_Password .= trim($_POST['password']);
      
$s_Answer .= trim($_POST['answer']);
$s_CurrentTime .= trim($_POST['currenttime']);
      
$s_SumAnswer = md5($s_Answer+$s_CurrentTime);
$s_Sum .= trim($_POST['sum']);
      
if($s_Sum == $s_SumAnswer)
{      
                  //Problems with answer to security question
}
else
{
    // check username and password
    if ok
        login them in
    else
        ///problems
}
0
Comment
Question by:ellandrd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 54

Accepted Solution

by:
b0lsc0tt earned 500 total points
ID: 17104235
ellandrd,

If I understand correctly the problem is occurring when you are trying to match $s_Sum and $s_SumAnswer.  Am I correct that they are not matching?

I think the problem is the sum.  In the form a person has only 2 spaces so would put the number (e.g. 9).  However it looks like your sum would be the two numbers as words concatenated (e.g. fourfive).

Let me know if you have any question or need more information.  If I misunderstood the problem please clarify what the error is and where it occurs.

b0lsc0tt
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 17104262
It looks like a person would go to the section "//Problems with answer to security question" if $s_Sum and $s_sumAnswer are equal.  I assumed that was a typo and that they should go to that section if the variables are NOT equal.  If that is the way your code is then that may also be a problem.
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17104328
>>If I understand correctly the problem is occurring when you are trying to match $s_Sum and $s_SumAnswer.  Am I >>correct that they are not matching?

yes


>>I think the problem is the sum.  In the form a person has only 2 spaces so would put the number (e.g. 9).  However it >>looks like your sum would be the two numbers as words concatenated (e.g. fourfive).

ah ha!  let me change it...


0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 16

Author Comment

by:ellandrd
ID: 17104375
still no working...

can you help?
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 17104481
Have you tried to print each variable?  I would also print the type for each variable.  You could use this code and copy it immediately above the If statement.

echo "Sum is " . $s_Sum . "<br>\n";
echo "Type is " . gettype($s_Sum) . "<br>\n";
echo "SumAnswer is " . $s_SumAnswer . "<br>\n";
echo "Type is " . gettype($s_SumAnswer) . "<br>\n";

What are the results?  Just to clarify what is happening, if the 2 variables are equal then it goes to "//Problems" section?  What situation are you testing (i.e. correct answer to security question or incorrect answer) and which part of the If statement are they going to?  Thanks for clarifying that for me.
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 17104494
I guess that the problem is fixed since you have accepted my comment.  Thank you for the grade, the points and the fun question.  If you care to reply I am interested to hear what happened after you replied that it still was not working.

bol
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17104631
oh i had another typo in my variable...

have another here if interested...

http://www.experts-exchange.com/Web/Web_Languages/PHP/Q_21918903.html
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question