Truncation is for the weak
Righto. So let's take a moment out from the coding and talk Quarto for a minute or two.
Good day. Productive day. The install script is totally happy. I have user authentication working properly. Sounds so simple, doesn't it? In fact, it very nearly drove me batty this afternoon. I was taking working code from another section and reworking it to fit the user authentication section, and no matter what I did, things just didn't work right.So I started testing. Authentication worked properly when I tested it on the username field, but not on the password field. Sure, ok, I must be munging something somewhere. I kept testing, and it still wouldn't work.
In more desperation, I ripped out the entire section of code and started over. From fresh code. That I knew worked. It still didn't work.
Sure, I know that mySQL's my weak point, but this was ridiculous.
I couldn't figure out what I was doing wrong, so I broke for lunch (read: lunch, kitty-petting, and picking up foodstuffs for a dinner for eight people). I came back, beat on it a while longer, and in a moment of painful, searing clarity, I had it.
Oh, God. Not an intelligent error—the kind you feel comfortable telling your friends about—but one of those wincingly-awful "oh my God I can't believe I did that" errors.
Instead of storing passwords in cleartext, I'm storing the md5() hash of them in the database. This is all well and good…as long as you remember to make your password column in your users table long enough to accommodate the 32-character length of the md5() hash.
The result: every password hash was being truncated when they were stored in the column…so of course the passwords never matched…and any attempts to authenticate based on password would fail.
I made the necessary change to the table, and regenerated a password for the account.
The code ran perfectly. I didn't know whether to cheer or to hide under my desk in embarrassment.
Tonight I added in the optional cookie support for the login. Logins are now authenticated, appropriate error messages are displayed for the appropriate situations, and cookies are created if the user requests. I'm not going to stay up all night working on this (especially since I seem to get more done if I start work early in the morning) but I'm going to set things up so that the last_login field is updated on login.
That, and picking out which variables I want to declare as session variables.
With that done, I think I can move on to creating the navigation bar tomorrow. Once the session variables are set up, this won't be terribly difficult; it's just a matter of tailoring the contents of the nav bar to the user's specific privileges.
A good day's work.
Comments