Truncation is for the weak

Righto.  So let's take a moment out from the coding and talk Quarto for a minute or two.

Good day.  Productive day.  The install script is totally happy.  I have user authentication working properly.  Sounds so simple, doesn't it?  In fact, it very nearly drove me batty this afternoon.  I was taking working code from another section and reworking it to fit the user authentication section, and no matter what I did, things just didn't work right.So I started testing.  Authentication worked properly when I tested it on the username field, but not on the password field.  Sure, ok, I must be munging something somewhere.  I kept testing, and it still wouldn't work.

In more desperation, I ripped out the entire section of code and started over.  From fresh code.  That I knew worked.  It still didn't work.

Sure, I know that mySQL's my weak point, but this was ridiculous.

I couldn't figure out what I was doing wrong, so I broke for lunch (read: lunch, kitty-petting, and picking up foodstuffs for a dinner for eight people).  I came back, beat on it a while longer, and in a moment of painful, searing clarity, I had it.

Oh, God.  Not an intelligent error—the kind you feel comfortable telling your friends about—but one of those wincingly-awful "oh my God I can't believe I did that" errors.

Instead of storing passwords in cleartext, I'm storing the md5() hash of them in the database.  This is all well and good…as long as you remember to make your password column in your users table long enough to accommodate the 32-character length of the md5() hash.

The result:  every password hash was being truncated when they were stored in the column…so of course the passwords never matched…and any attempts to authenticate based on password would fail.

I made the necessary change to the table, and regenerated a password for the account.

The code ran perfectly.  I didn't know whether to cheer or to hide under my desk in embarrassment.

Tonight I added in the optional cookie support for the login.  Logins are now authenticated, appropriate error messages are displayed for the appropriate situations, and cookies are created if the user requests.  I'm not going to stay up all night working on this (especially since I seem to get more done if I start work early in the morning) but I'm going to set things up so that the last_login field is updated on login.

That, and picking out which variables I want to declare as session variables. 

With that done, I think I can move on to creating the navigation bar tomorrow.  Once the session variables are set up, this won't be terribly difficult; it's just a matter of tailoring the contents of the nav bar to the user's specific privileges.

A good day's work.

Comments

woohoo. Done on both counts. :D

If code worked right the first time, nobody would ever have to upgrade ... so then I might be out of a job!

yeah, most programmers would be out of a job at that point.

I'd say it was all a good day ... from the small lesson learned about coding to the wonderfully yummy dinner you fixed for us all. Thanks go out to you as always, the Domestikitty with PHP-fu as a hobby. :)

Well, you know the drill. Write a CMS, dinner for eight, scritch the kitties, go to bed. Though I think Jeremy and Jeff got quite a laugh out of me coming into the living room at about 10:30, throwing handsigns, and announcing that I'd solved another problem. I am, apparently, just as silly as I've always been. Good to know that I'm consistent, at least!

I can so see you going, "North Side PHP-Fu, YO!"

Don't you just hate those errors so easy to figure out once you get it working (even though it takes you all day to figure it out)? I've made many mistakes like that this week in coding so don't feel too bad :). I envy the work you're doing on Quarto and can't wait to test it or see it working (if you'll let me ;).