3

I'm currently having some trouble getting a login system to work and I believe I have found the reason why, though I have no idea why it is happening or what specifically is causing it.

I have a hashed password stored in a database. The value of the password column is:

18e2acd33fd3ec752c344b463d00238e35b6b77ed65941f69b9eb96471834f1e507d846071768548f8cf125d6c74ce614d477a576657983bb8620bbc49eed7de

Now when I go to simply select and print that field in PHP like so:

$query = "SELECT password FROM webusers WHERE username = 'Roy'";
$update = odbc_exec($connect, $query);
$row = odbc_fetch_array($update);
print $row['PASSWORD'];

It outputs:

18e2acd33fd3ec752c344b463d00238e35b6b77ed65941f69b9eb96471834f1e507d846071768548f8cf125d6c74ce614d477a576657983bb8620bbc49eed7d

Scroll to the very end of both hashes and you'll see the second hash is missing a final 'e' and so this is throwing off my entire login system. Why would this be happening? I'm not sure whether PHP or SQL is to blame.

I'm using PHP 5.4.7 and the database is a 4D SQL server connected via ODBC.

Edit: The datatype of password is Text which, according to 4D's manual, can hold up to 2GB of data so the column size is not the issue.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Roy
  • 705
  • 2
  • 11
  • 32
  • 1
    What is the data type of the `password` field in your database? When you view the password field directly in the database (through PHPMyAdmin or some other tool), do you see the last e? – MatthewMcGovern Apr 29 '13 at 15:10
  • increase the length of this field in db – Haim Evgi Apr 29 '13 at 15:12
  • @MatthewMcGovern Yes, when I view the database field in 4D I do see the final e. The field type is 'Text'. – Roy Apr 29 '13 at 15:13
  • @HaimEvgi I'm not sure if that is the issue since I can actually see the full value when I view it in 4D itself. As a 'Text' field type these is no option to increase its length in 4D. – Roy Apr 29 '13 at 15:14
  • 4
    Does the hash get truncated if it's fewer than 128 characters? For example, does 'fd3ec752c344b463d00238e35' get truncated as 'fd3ec752c344b463d00238e3'? – popthestack Apr 29 '13 at 15:16
  • 1
    @FreemanLambda It actually has 128, 0-127, the truncated string is 127, 0-126 so it would be strange if some kind of memory restriction was in place. – MatthewMcGovern Apr 29 '13 at 15:22
  • @MattewMcGovern You are right, sorry for missleading. – Freeman Lambda Apr 29 '13 at 15:26
  • @popthestack No, if I switch to using md5() it does not truncate the string. This could work, but I would be interested in knowing why the final character is getting truncated if anyone knows simply out of curiosity. I'm willing to supply whatever info may be necessary. – Roy Apr 29 '13 at 15:33
  • 1
    @Roy Can you test pulling an even larger string with a really simple query? Perhaps just set up another table, add a large chunk of text to it and try and get/echo it from PHP. I can only guess now that somehow your database has some kind of cap on the data size it can return. – MatthewMcGovern Apr 29 '13 at 15:38
  • @MatthewMcGovern copied the first hash twice and inserted that into the password field. Went to print it and got this: 18e2acd33fd3ec752c344b463d00238e35b6b77ed65941f69b9eb96471834f1e507d846071768548f8cf125d6c74ce614d477a576657983bb8620bbc49eed7d)‰C:\Windows\system32\cmd.exe8áž!)HážERER9!/÷ÎËœážpឨâžßž€Ìž´ážCOMSPEChp which is 256 – Roy Apr 29 '13 at 15:43
  • 1
    @Roy That was the result from just the hash twice? Why does it have a Windows path to cmd.exe :S? – MatthewMcGovern Apr 29 '13 at 15:48
  • @MatthewMcGovern I have no idea, I simply copied the hash twice – Roy Apr 29 '13 at 15:52
  • 1
    @Roy Out of curiosity, does it do the same thing when using odbc_fetch_row or odbc_fetch_object? – popthestack Apr 29 '13 at 15:53
  • 2
    Do you have access to your `PHP.ini` file? If so, is there a `odbc.defaultlrl` value? If so what is it? If not, try adding it as `odbc.defaultlrl=65536` – MatthewMcGovern Apr 29 '13 at 15:56
  • 1
    ah, looks like @MatthewMcGovern found it. looks like someone else in the comments on the php docs had the same issue. http://php.net/manual/en/function.odbc-longreadlen.php – popthestack Apr 29 '13 at 16:02
  • @popthestack It would seem weird to me though, to truncate down to 127 chars is a tiny amount of data, it'd make me worried how the setting got that low in the first place! – MatthewMcGovern Apr 29 '13 at 16:07
  • @MatthewMcGovern true, it's a very odd length to truncate at. – popthestack Apr 29 '13 at 16:08
  • @MatthewMcGovern Yes I do, searched and found odbc.defaultlrl = 4096 No idea why this was set so low, it was the default value which came with xampp – Roy Apr 29 '13 at 16:12
  • 1
    @Roy 4096 is still way greater than the size you are trying to return so this may not be the solution. Does increasing it to 65536 and then restarting your server help? – MatthewMcGovern Apr 29 '13 at 16:14
  • @MatthewMcGovern Well, it slightly changed what the value morphed into. Pasting the first hash twice then retrieving it now prints this: 18e2acd33fd3ec752c344b463d00238e35b6b77ed65941f69b9eb96471834f1e507d846071768548f8cf125d6c74ce614d477a576657983bb8620bbc49eed7d)‰C:\Windows\system32\cmd.exe!)Háo9!/÷ÎËœáopáo¨âoßo˜Ìo´áoCOMSPEC which is 256 – Roy Apr 29 '13 at 16:22

1 Answers1

0

To determine whether your problem is in MySQL or PHP, log into MySQL directly and determine if you are able to retrieve the full value while executing the SQL command directly. I would use the same SQL query that PHP is using so that you see the same output from the MySQL system that your application will see. If you see a truncated value while you are in MySQL (PHP is no longer part of the picture), then you know, with certainty, that you have exceeded the character limitations of the field you have defined in MySQL. Similarly, if the string displays perfectly, then PHP must be truncating the value.

If PHP is truncating the value, then it could be a limitation of the mysql_result object, or it could be a system limitation of PHP, which seems less likely. By narrowing down the location of the problem further, your answer will become clear.

I have not seen PHP truncate a string, ever. I have stored at least one megabyte of data in a single string value while making attachment headers for e-mails. I do not believe that your limitation lies in the PHP native language.

Jared Clemence
  • 1,062
  • 11
  • 26
  • It's not MySQL I am using, but 4D's implementation of SQL. The field is fine within the database itself. I have since used a different method of getting around this problem but it looked like the fault lay in the archaic ODBC driver I am using. I'd rather not be using it but unfortunately I have to build onto an existing system which is some 15 years old at this point and don't have much choice. Thanks for your response anyway! – Roy May 15 '13 at 10:37